Does Top Cat have any unpatched vulnerabilities?

No. All known vulnerabilities in Top Cat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is Top Cat updated?

Top Cat was last updated on May 27, 2005. Frequent updates are generally a positive security signal.

What is Top Cat's security score?

Top Cat has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Top Cat Security & Risk Analysis

wordpress.org/plugins/topcat

Top Cat allows you to specify a main category for your posts. Even though WordPress posts can have more than one category, you may want to specify whi …

10 active installs v1.0.2 PHP + WP + Updated May 27, 2005

categorymainprimarysingle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Top Cat Safe to Use in 2026?

Generally Safe

Score 85/100

Top Cat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20yr ago

Risk Assessment

The "topcat" v1.0.2 plugin exhibits significant security concerns primarily stemming from its static analysis results. While it has no reported vulnerability history, which is a positive indicator of past stability, the code itself presents notable risks. The absence of any security checks, such as nonce checks, capability checks, or proper output escaping, coupled with a high percentage of SQL queries not using prepared statements, creates a dangerous environment for potential exploits. The taint analysis revealing flows with unsanitized paths, even without critical or high severity, points to potential avenues for attackers to inject malicious data or commands. The lack of authentication checks on any potential entry points, though none were identified in this analysis, would be a critical flaw if any were present. Therefore, despite its clean vulnerability history, the code's current state necessitates caution and remediation.

Key Concerns

SQL queries not using prepared statements
Output not properly escaped
Taint flows with unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

Top Cat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Top Cat Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

0% escaped3 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

tguy_tc_save_main_category (topcat.php:199)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Top Cat Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

filteradmin_footertopcat.php:95

actionsimple_edit_formtopcat.php:98

actionedit_form_advancedtopcat.php:99

actionsave_posttopcat.php:102

actionedit_posttopcat.php:103

Maintenance & Trust

Top Cat Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedMay 27, 2005

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Top Cat Alternatives

Easy Primary Category

easy-primary-category

100

Allows you to choose primary category for posts and custom post types.

1K No CVEs

Simple Primary Category

simple-primary-category

A light-weight WordPress plugin to assign primary category to posts and custom post types.

200 No CVEs

Multisite Multidomain Single Sign On

multisite-multidomain-single-sign-on

100

Avoid having to separately sign in to separate-domain sites of the same multisite installation!

80 No CVEs

WP Select Primary Category

wp-select-primary-category

WP Select Primary Category plugin allows you to select a primary category for different posts and custom post types.

50 No CVEs

Select Primary Category

deniz-primary-category

100

Adds the ability to designate a primary category for posts and custom post types.

0 No CVEs

Developer Profile

Top Cat Developer Profile

bennettmcelwee

6 plugins · 22K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

1413 days

View full developer profile

Detection Fingerprints

How We Detect Top Cat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

JS Globals

createNamedElementaddRadiocatBoxestopCatElement

FAQ