WP-Safety

Update Press – Keep your users informed about changes and updates Security & Risk Analysis

wordpress.org/plugins/updatepress

Share information, News, and updates with your users through an interactive floating widget on the front end.

0 active installs v1.0.5 PHP 7.4+ WP 5.6+ Updated Mar 7, 2026
changelognewsnotificationupdateswordpress-updates
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Update Press – Keep your users informed about changes and updates Safe to Use in 2026?

Generally Safe

Score 100/100

Update Press – Keep your users informed about changes and updates has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 28d ago
Risk Assessment

The "updatepress" v1.0.5 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output. The absence of known CVEs and bundled libraries is also a strength. However, there are notable areas of concern. The plugin has a significant attack surface with 9 entry points, and 2 of these, specifically REST API routes, lack permission callbacks, making them potentially exploitable without proper authentication. The taint analysis reveals 3 high-severity flows with unsanitized paths, indicating potential risks related to how data is processed. While there's no historical vulnerability data, the presence of these taint flows suggests that ongoing code reviews and security testing are crucial. Overall, the plugin has a solid foundation in many security areas but requires attention to its unprotected REST API routes and the identified unsanitized data flows to improve its security.

Key Concerns

  • Unprotected REST API routes
  • High severity unsanitized paths in taint flows
Vulnerabilities
None known

Update Press – Keep your users informed about changes and updates Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Update Press – Keep your users informed about changes and updates Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
14 prepared
Unescaped Output
10
103 escaped
Nonce Checks
12
Capability Checks
4
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

78% prepared18 total queries

Output Escaping

91% escaped113 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
handle_admin_actions (includes\class-admin.php:1447)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Update Press – Keep your users informed about changes and updates Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 6

authwp_ajax_updatepress_search_pagesincludes\class-admin.php:20
authwp_ajax_updatepress_mark_readincludes\class-analytics.php:22
noprivwp_ajax_updatepress_mark_readincludes\class-analytics.php:23
authwp_ajax_updatepress_submit_feedbackincludes\class-analytics.php:24
noprivwp_ajax_updatepress_submit_feedbackincludes\class-analytics.php:25
authwp_ajax_updatepress_get_analyticsincludes\class-analytics.php:26

REST API Routes 2

GET/wp-json/updatepress/v1/updatesincludes\class-rest-api.php:132
GET/wp-json/updatepress/v1/updates/(?P<id>\d+)includes\class-rest-api.php:139

Shortcodes 1

[updatepress] includes\class-frontend.php:8
WordPress Hooks 31
actionadmin_menuincludes\class-admin.php:14
actionadmin_initincludes\class-admin.php:15
actionadmin_enqueue_scriptsincludes\class-admin.php:16
actionwp_enqueue_scriptsincludes\class-admin.php:17
actionadmin_initincludes\class-admin.php:18
actionadmin_noticesincludes\class-admin.php:19
filtermanage_updatepress_posts_columnsincludes\class-admin.php:23
actionmanage_updatepress_posts_custom_columnincludes\class-admin.php:24
filtermanage_edit-updatepress_sortable_columnsincludes\class-admin.php:25
actioninitincludes\class-analytics.php:21
filterrewrite_rules_arrayincludes\class-cpt.php:122
actioninitincludes\class-cpt.php:135
actionadmin_enqueue_scriptsincludes\class-cpt.php:136
actiontemplate_redirectincludes\class-cpt.php:139
actionwp_headincludes\class-cpt.php:140
actioninitincludes\class-cpt.php:141
actionwp_enqueue_scriptsincludes\class-frontend.php:9
actioninitincludes\class-rest-api.php:8
actioninitincludes\class-rest-api.php:9
actionupdatepress_tag_add_form_fieldsincludes\class-rest-api.php:10
actionupdatepress_tag_edit_form_fieldsincludes\class-rest-api.php:11
actioncreated_updatepress_tagincludes\class-rest-api.php:12
actionedited_updatepress_tagincludes\class-rest-api.php:13
actionrest_api_initincludes\class-rest-api.php:14
actionwp_enqueue_scriptsincludes\class-rest-api.php:15
actionwidgets_initincludes\class-widget.php:96
actionwp_enqueue_scriptsincludes\class-widget.php:99
actionwp_enqueue_scriptstemplates\archive-updatepress.php:37
actionwp_enqueue_scriptstemplates\single-updatepress.php:36
actionwp_enqueue_scriptsupdatepress.php:171
actionadmin_enqueue_scriptsupdatepress.php:196
Maintenance & Trust

Update Press – Keep your users informed about changes and updates Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads727

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Update Press – Keep your users informed about changes and updates Alternatives

Beamer – newsfeed and push notifications

Beamer – newsfeed and push notifications

beamer

A
85

Beamer is a smart and easy-to-use notification center and changelog that will help you announce important news, latest products, special offers and mo &hellip;

200 No CVEs
Sky Changelog Notifier

Sky Changelog Notifier

sky-changelog-notifier

A
100

Adds changelogs to WordPress automatic update notification emails for plugins and themes.

10 No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Hide Admin Notices

Hide Admin Notices

hide-admin-notices

A
85

Hide – or show – WordPress Dashboard Notices, Messages, Update Nags etc. ... for everything!

20K No CVEs
Developer Profile

Update Press – Keep your users informed about changes and updates Developer Profile

Seventh Sky

5 plugins · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Update Press – Keep your users informed about changes and updates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/updatepress/assets/css/updatepress-floating-widget.css/wp-content/plugins/updatepress/assets/js/updatepress-floating-widget.js/wp-content/plugins/updatepress/assets/css/admin-style.css/wp-content/plugins/updatepress/assets/js/admin-script.js
Script Paths
/wp-content/plugins/updatepress/assets/js/updatepress-floating-widget.js/wp-content/plugins/updatepress/assets/js/admin-script.js
Version Parameters
updatepress/assets/css/updatepress-floating-widget.css?ver=updatepress/assets/js/updatepress-floating-widget.js?ver=updatepress/assets/css/admin-style.css?ver=updatepress/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

JS Globals
updatePressSettings
REST Endpoints
/wp-json/updatepress
FAQ

Frequently Asked Questions about Update Press – Keep your users informed about changes and updates