Does Truth have any unpatched vulnerabilities?

No. All known vulnerabilities in Truth have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Truth compatible with WordPress 6.5.8?

According to WordPress.org data, Truth 2.8 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Truth compatible with PHP 7.4+?

Truth requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Truth updated?

Truth was last updated on Jun 6, 2024. Frequent updates are generally a positive security signal.

What is Truth's security score?

Truth has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Truth Security & Risk Analysis

wordpress.org/plugins/truth

Automatically links to Bible verses throughout your site.

90 active installs v2.8 PHP 7.4+ WP 3.1+ Updated Jun 6, 2024

biblescripturetruthverseversion

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Truth Safe to Use in 2026?

Generally Safe

Score 92/100

Truth has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'truth' v2.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerabilities in its history. This suggests a development team that is, at least partially, security-conscious.

However, there are notable concerns. The presence of an unprotected AJAX handler represents a significant entry point that is not secured against unauthorized access. Furthermore, a considerable portion of the plugin's output (62%) is not properly escaped, which opens the door to cross-site scripting (XSS) vulnerabilities if user-supplied data is ever incorporated into these unescaped outputs. The lack of taint analysis results might be due to the analysis tool's limitations or the plugin's structure, but it means potential data flow vulnerabilities remain unverified.

In conclusion, while the plugin has a clean vulnerability history and avoids some common pitfalls, the unprotected AJAX handler and the high rate of unescaped output are serious weaknesses. These issues introduce tangible risks that could be exploited. Addressing the unescaped output and securing the AJAX endpoint should be immediate priorities.

Key Concerns

AJAX handler without auth check
High percentage of unescaped output

Vulnerabilities

None known

Truth Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Truth Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

38% escaped16 total outputs

Attack Surface

1 unprotected

Truth Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_authorize_truthclass-truth-notice.php:27

authwp_ajax_dismiss_noticetypewheel-notice\class-typewheel-notice.php:291

Shortcodes 1

[truth] class-truth-public.php:51

WordPress Hooks 11

actionadmin_enqueue_scriptsclass-truth-admin.php:39

actionadmin_enqueue_scriptsclass-truth-admin.php:40

actionadmin_initclass-truth-admin.php:48

actionadmin_initclass-truth-admin.php:52

actionadmin_noticesclass-truth-notice.php:33

actionwp_footerclass-truth-public.php:39

actioninitclass-truth-public.php:43

filterthe_contentclass-truth-public.php:45

filtercomment_textclass-truth-public.php:46

filterwidget_textclass-truth-public.php:47

actionadmin_enqueue_scriptstypewheel-notice\class-typewheel-notice.php:10

Maintenance & Trust

Truth Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJun 6, 2024

PHP min version7.4

Downloads8K

Community Trust

Rating80/100

Number of ratings9

Active installs90

Alternatives

Truth Alternatives

Logos Reftagger

reftagger

100

Logos Reftagger turns Bible references into links to the verse on Biblia.com and adds tooltips with the text of the verse.

10K No CVEs

BibleLink Multilingual

bible-link-multilingual

This lightweight plugin makes Bible references on your website interactive and supports multiple languages.

300 No CVEs

Bible Reader

bible-reader

100

A beautiful Bible reader with a 'Verse of the Day' and a 'Hebrew date converter'.

10 No CVEs

Bible Verses References

bible-verses-references

This plugin fetches all the biblical references present in your posts and pages and adds the text of the verse in a floating window when the user hove …

10 No CVEs

BibleScriptureTagger

biblescripturetagger

BibleScriptureTagger Creates a hover for Bible references and reveals the verse text and provides a link for further study at the Bible Portal.

10 No CVEs

Developer Profile

Truth Developer Profile

uamv

3 plugins · 3K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Truth

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/truth/css/truth-admin.css/wp-content/plugins/truth/js/truth-admin.js

Script Paths

/wp-content/plugins/truth/js/truth-admin.js

Version Parameters

truth-admin.css?ver=truth-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

truth-authorizationtruth-general-settingstruth-biblesorg_highlighter-settingsdescription-engine-biblesorg_highlighterdescription-engine-youversionbible-versiontruth-settings

Data Attributes

id="authorize-truth"data-securityid="truth-engine"id="bible-version"id="truth-biblesorg_highlighter-settings"id="truth-general-settings"+3 more

JS Globals

TRUTH

FAQ

Truth Security & Risk Analysis

Is Truth Safe to Use in 2026?

Generally Safe

Key Concerns

Truth Security Vulnerabilities

Truth Code Analysis

Output Escaping

Truth Attack Surface

AJAX Handlers 2

Shortcodes 1

Truth Maintenance & Trust

Maintenance Signals

Community Trust

Truth Alternatives

Logos Reftagger

BibleLink Multilingual

Bible Reader

Bible Verses References

BibleScriptureTagger

Truth Developer Profile

How We Detect Truth

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Truth