Trusty Whistleblowing Solution Security & Risk Analysis

wordpress.org/plugins/trusty-whistleblowing-solution

Trusty is an instantly available, customizable and secure web-based whistleblowing solution developed by compliance experts.

500 active installs v2.0.1 PHP 7.1+ WP 5.6+ Updated Mar 26, 2026
hinweisgeberlosunghinweisgebersystemwhistleblowerwhistleblowingwhistleblowing-solution
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 23, 2025
Safety Verdict

Is Trusty Whistleblowing Solution Safe to Use in 2026?

Generally Safe

Score 99/100

Trusty Whistleblowing Solution has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 23, 2025Updated 3mo ago
Risk Assessment

The trusty-whistleblowing-solution plugin exhibits a concerning security posture primarily due to its substantial attack surface lacking proper authorization checks. All four identified AJAX entry points are unprotected, representing a significant risk. While the plugin demonstrates good practices in SQL query handling with 100% prepared statements and a high rate of output escaping (83%), the absence of nonce and capability checks on its AJAX handlers is a critical oversight. The taint analysis reveals two flows with unsanitized paths, though no critical or high severity issues were identified in this specific analysis, suggesting potential for vulnerabilities if these paths are exploitable.

The vulnerability history, particularly the single medium-severity CVE marked as currently unpatched and a pattern of "Missing Authorization" vulnerabilities, strongly indicates a recurring weakness in how the plugin handles user permissions and access control. This history, combined with the static analysis findings, suggests a fundamental issue with securing entry points. While the plugin has strengths in its database interactions and output handling, the critical lack of authorization on its primary interaction points and a history of similar vulnerabilities paint a picture of a plugin that requires immediate attention to mitigate potential exploits.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks
  • Missing capability checks
  • Unpatched CVE (medium severity)
  • Flows with unsanitized paths
Vulnerabilities
1 published

Trusty Whistleblowing Solution Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-52818medium · 5.3Missing Authorization

Trusty Whistleblowing <= 2.0.1 - Missing Authorization

Jun 23, 2025 Patched in 2.0.2 (323d)
Version History

Trusty Whistleblowing Solution Release Timeline

v2.0.1Current1 CVE
v2.0.01 CVE
v1.5.41 CVE
v1.5.31 CVE
v1.5.21 CVE
v1.5.11 CVE
v1.5.01 CVE
v1.4.41 CVE
v1.4.31 CVE
v1.4.21 CVE
v1.4.11 CVE
v1.4.01 CVE
v1.3.01 CVE
v1.2.01 CVE
v1.1.01 CVE
v1.0.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Trusty Whistleblowing Solution Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
20 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
3
Bundled Libraries
0

Output Escaping

83% escaped24 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
post_form_info (includes\class-tr-free-whistleblowing-solution.php:246)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Trusty Whistleblowing Solution Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

noprivwp_ajax_post_form_infoincludes\class-tr-free-whistleblowing-solution.php:141
noprivwp_ajax_status_checkincludes\class-tr-free-whistleblowing-solution.php:142
authwp_ajax_post_form_infoincludes\class-tr-free-whistleblowing-solution.php:143
authwp_ajax_status_checkincludes\class-tr-free-whistleblowing-solution.php:144
WordPress Hooks 4
actionadmin_enqueue_scriptsincludes\class-tr-free-whistleblowing-solution.php:128
actionadmin_enqueue_scriptsincludes\class-tr-free-whistleblowing-solution.php:129
actionadmin_menuincludes\class-tr-free-whistleblowing-solution.php:134
actionadmin_initincludes\class-tr-free-whistleblowing-solution.php:135
Maintenance & Trust

Trusty Whistleblowing Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 26, 2026
PHP min version7.1
Downloads8K

Community Trust

Rating100/100
Number of ratings15
Active installs500
Developer Profile

Trusty Whistleblowing Solution Developer Profile

Dejan Jasnic

1 plugin · 500 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
323 days
View full developer profile
Detection Fingerprints

How We Detect Trusty Whistleblowing Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tr-free-whistleblowing-solution/public/css/tr-free-whistleblowing-solution-public.css/wp-content/plugins/tr-free-whistleblowing-solution/public/js/tr-free-whistleblowing-solution-public.js
Script Paths
/wp-content/plugins/tr-free-whistleblowing-solution/public/js/tr-free-whistleblowing-solution-public.js
Version Parameters
tr-free-whistleblowing-solution-public.css?ver=tr-free-whistleblowing-solution-public.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Trusty Whistleblowing Solution