WP-Safety

Ultra Companion – Companion plugin for WPoperation Themes Security & Risk Analysis

wordpress.org/plugins/ultra-companion

This is the companion plugin for WPoperation themes. This plugin will add extra features to the theme theme by adding social share, shortcodes, post v …

1K active installs v1.2.0 PHP 7.4+ WP 5.6+ Updated Apr 12, 2024
blogscompanionmagazineultra-sevenwoocommerce
92
A · Safe
CVEs total1
Unpatched0
Last CVEJan 31, 2024
Download
Safety Verdict

Is Ultra Companion – Companion plugin for WPoperation Themes Safe to Use in 2026?

Generally Safe

Score 92/100

Ultra Companion – Companion plugin for WPoperation Themes has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 31, 2024Updated 1yr ago
Risk Assessment

The "ultra-companion" plugin version 1.2.0 presents a mixed security posture. On the positive side, the code exhibits good practices with 100% of SQL queries using prepared statements and a high rate of output escaping (92%). It also demonstrates a reasonable number of nonce and capability checks, with no critical or high-severity taint flows identified. However, a significant concern arises from the attack surface, which includes two AJAX handlers, with one entirely lacking authentication checks. This single unprotected entry point is a critical vulnerability that could be exploited to execute unauthorized actions.

The plugin's vulnerability history, while currently showing no unpatched vulnerabilities, does reveal a past medium-severity Cross-Site Scripting (XSS) issue, last recorded in early 2024. This indicates a historical propensity for input sanitization weaknesses, even though the current static analysis didn't flag direct XSS issues. The absence of unpatched CVEs is a strong positive, but the presence of an unprotected AJAX handler combined with the past XSS vulnerability suggests that careful review and hardening of all entry points are crucial.

In conclusion, while the plugin has strengths in its handling of SQL and output escaping, the unprotected AJAX handler represents a direct and exploitable security risk. The historical XSS vulnerability, though patched, warrants continued vigilance regarding input validation. A balanced assessment suggests that the plugin is moderately secure but requires immediate attention to its unprotected entry point to mitigate potential exploitation.

Key Concerns

  • Unprotected AJAX handler
  • Past medium severity CVE (XSS)
Vulnerabilities
1

Ultra Companion – Companion plugin for WPoperation Themes Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-24803medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Companion <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 31, 2024 Patched in 1.2.0 (77d)
Code Analysis
Analyzed Mar 16, 2026

Ultra Companion – Companion plugin for WPoperation Themes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
7
83 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

92% escaped90 total outputs
Attack Surface
1 unprotected

Ultra Companion – Companion plugin for WPoperation Themes Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_delete_sidebarinc\dynamic-sidebar\sidebar.php:66
authwp_ajax_wpop_nag_ignoreultra-companion.php:35
WordPress Hooks 35
actionload-widgets.phpinc\dynamic-sidebar\sidebar.php:57
actionload-widgets.phpinc\dynamic-sidebar\sidebar.php:60
actionwidgets_initinc\dynamic-sidebar\sidebar.php:63
actionadmin_enqueue_scriptsinc\dynamic-sidebar\sidebar.php:73
actionadmin_print_scriptsinc\dynamic-sidebar\sidebar.php:76
actionadd_meta_boxesinc\meta\ultra-post-meta.php:10
actionsave_postinc\meta\ultra-post-meta.php:140
actioninitinc\metabox\butterbean\butterbean.php:19
actionload-post.phpinc\metabox\butterbean\class-butterbean.php:203
actionload-post-new.phpinc\metabox\butterbean\class-butterbean.php:204
actionbutterbean_registerinc\metabox\butterbean\class-butterbean.php:207
actionbutterbean_registerinc\metabox\butterbean\class-butterbean.php:208
actionbutterbean_registerinc\metabox\butterbean\class-butterbean.php:209
actionbutterbean_registerinc\metabox\butterbean\class-butterbean.php:210
actionadd_meta_boxesinc\metabox\butterbean\class-butterbean.php:252
actionsave_postinc\metabox\butterbean\class-butterbean.php:255
actionadmin_enqueue_scriptsinc\metabox\butterbean\class-butterbean.php:258
actionbutterbean_enqueue_scriptsinc\metabox\butterbean\class-butterbean.php:259
actionadmin_footerinc\metabox\butterbean\class-butterbean.php:262
actionadmin_footerinc\metabox\butterbean\class-butterbean.php:263
actionadmin_print_footer_scriptsinc\metabox\butterbean\class-butterbean.php:266
filterbutterbean_pre_control_templateinc\metabox\metabox.php:54
filterbutterbean_control_templateinc\metabox\metabox.php:57
actionbutterbean_registerinc\metabox\metabox.php:60
actionadmin_enqueue_scriptsinc\metabox\metabox.php:63
actionbutterbean_registerinc\metabox\metabox.php:65
filteruser_contactmethodsinc\theme-functions.php:9
filteruser_contactmethodsinc\theme-functions.php:10
filtergutenberg_use_widgets_block_editorinc\theme-functions.php:181
filteruse_widgets_block_editorinc\theme-functions.php:182
actioninitultra-companion.php:29
actioninitultra-companion.php:32
actionadmin_noticesultra-companion.php:34
actionwp_enqueue_scriptsultra-companion.php:38
actionadmin_enqueue_scriptsultra-companion.php:40
Maintenance & Trust

Ultra Companion – Companion plugin for WPoperation Themes Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 12, 2024
PHP min version7.4
Downloads99K

Community Trust

Rating0/100
Number of ratings0
Active installs1K
Alternatives

Ultra Companion – Companion plugin for WPoperation Themes Alternatives

Publishers

Publishers

publishers

A
100

Companion plugin for the Publishers theme: https://wordpress.org/themes/publishers/.

10 No CVEs
Shapely Companion

Shapely Companion

shapely-companion

A
100

Shapely Companion is a companion plugin for Shapely WordPress theme by Colorlib.com.

10K 1 CVE
Blesk Companion

Blesk Companion

blesk-companion

A
85

Blesk Companion is a companion plugin for Blesk WordPress theme by Colorlib.com.

10 No CVEs
Mosh Companion

Mosh Companion

mosh-companion

A
85

Mosh Companion is a companion plugin for Companion WordPress theme by Colorlib.com.

10 No CVEs
Fashe Companion

Fashe Companion

fashe-companion

A
85

Fashe Companion is a companion plugin for Fashe WordPress theme by Colorlib.com.

0 No CVEs
Developer Profile

Ultra Companion – Companion plugin for WPoperation Themes Developer Profile

wpoperations

9 plugins · 17K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect Ultra Companion – Companion plugin for WPoperation Themes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultra-companion/assets/slick/slick.css/wp-content/plugins/ultra-companion/assets/slick/slick-theme.css/wp-content/plugins/ultra-companion/assets/js/media-uploader.js/wp-content/plugins/ultra-companion/assets/js/admin.js/wp-content/plugins/ultra-companion/assets/css/admin.css
Script Paths
/wp-content/plugins/ultra-companion/assets/slick/slick.js
Version Parameters
ultra-companion/assets/slick/slick.js?ver=1.2.0

HTML / DOM Fingerprints

CSS Classes
wpop_admin_noticewpop_notice_imgwpop_notice_right_contentwpop_notice_contentwpop_no_thankswpop_notice_after_contentwpop_notice_content_wrapwpop_button
Data Attributes
data-user
JS Globals
ULC_VERSIONULC_TDULC_PATHULC_URLUIMAGE_PATH
FAQ

Frequently Asked Questions about Ultra Companion – Companion plugin for WPoperation Themes