Does ValidateCertify Free have any unpatched vulnerabilities?

Yes — ValidateCertify Free currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is ValidateCertify Free compatible with WordPress 6.9.4?

According to WordPress.org data, ValidateCertify Free 1.6.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ValidateCertify Free compatible with PHP 7.3+?

ValidateCertify Free requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ValidateCertify Free updated?

ValidateCertify Free was last updated on Mar 15, 2026. Frequent updates are generally a positive security signal.

What is ValidateCertify Free's security score?

ValidateCertify Free has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ValidateCertify Free Security & Risk Analysis

wordpress.org/plugins/validar-certificados-de-cursos

ValidateCertify is the ultimate plugin for ensuring the authenticity and integrity of issued certificates.

1K active installs v1.6.5 PHP 7.3+ WP 6.0+ Updated Mar 15, 2026

certificatecertificateseducationonline-coursesell-courses

B · Generally Safe

CVEs total2

Unpatched1

Last CVEMay 16, 2025

Plugin page Download

Safety Verdict

Is ValidateCertify Free Safe to Use in 2026?

Mostly Safe

Score 77/100

ValidateCertify Free is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: May 16, 2025Updated 19d ago

Risk Assessment

The plugin 'validar-certificados-de-cursos' v1.6.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for a majority of its SQL queries and implementing nonce and capability checks for its limited entry points. The absence of file operations and external HTTP requests further reduces its attack surface. However, concerns arise from the taint analysis, which identified three high-severity flows with unsanitized paths. While the total attack surface is small, these unsanitized paths represent potential risks that could be exploited if an attacker can control the input leading to these flows.

The vulnerability history reveals a concerning pattern. The plugin has two known CVEs, with one remaining unpatched. Both past vulnerabilities were of medium severity, indicating a recurring tendency for security weaknesses to emerge. The recent CVE in 2025 suggests ongoing issues. The history of medium-severity vulnerabilities, combined with the high-severity taint flows, suggests that while the plugin developers are making some efforts towards security, there are critical areas that require immediate attention to prevent exploitation. The lack of critical and high severity vulnerabilities in the past is encouraging, but the presence of unpatched issues and concerning taint flows necessitates caution.

Key Concerns

Unpatched CVE found
High severity unsanitized taint flows
Medium severity unpatched CVEs (cumulative)
Output escaping is not fully proper (77%)

Vulnerabilities

ValidateCertify Free Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-48115medium · 4.3Cross-Site Request Forgery (CSRF)

ValidateCertify <= 1.6.2 - Cross-Site Request Forgery

May 16, 2025Unpatched

CVE-2025-30811medium · 4.3Cross-Site Request Forgery (CSRF)

ValidateCertify <= 1.6.1 - Cross-Site Request Forgery

Mar 27, 2025 Patched in 1.6.2 (7d)

Code Analysis

Analyzed Mar 16, 2026

ValidateCertify Free Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

82 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared16 total queries

Output Escaping

77% escaped107 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

stvc_certificado_nuevo (includes\class-stvc-menu.php:171)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ValidateCertify Free Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ValidateCertify] admin\partials\class-stvc-shortcode.php:85

WordPress Hooks 14

actionwp_dashboard_setupadmin\partials\class-stvc-admin-dashboard.php:9

actionadmin_enqueue_scriptsadmin\partials\class-stvc-admin-dashboard.php:10

filteradmin_footer_textadmin\partials\class-stvc-admin-display.php:72

filterupdate_footeradmin\partials\class-stvc-admin-display.php:88

actionadmin_menuincludes\class-stvc-menu.php:56

actionadmin_noticesincludes\class-stvc-notification.php:34

actionadmin_footerincludes\class-stvc-notification.php:65

actionwp_enqueue_scriptsValidateCertify-Free.php:83

actionadmin_enqueue_scriptsValidateCertify-Free.php:84

actionadmin_noticesValidateCertify-Free.php:90

filterplugin_row_metaValidateCertify-Free.php:96

filterplugin_action_linksValidateCertify-Free.php:98

actionplugins_loadedValidateCertify-Free.php:110

filterall_pluginsValidateCertify-Free.php:120

Maintenance & Trust

ValidateCertify Free Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version7.3

Downloads10K

Community Trust

Rating74/100

Number of ratings3

Active installs1K

Alternatives

ValidateCertify Free Alternatives

Accredible Certificates & Open Badges

accredible-certificates

Certificates, open badges and blockchain credentials. Create, update and manage them on your Wordpress site.

90 2 CVEs

PW WooCommerce Gift Cards

pw-woocommerce-gift-cards

100

Sell gift cards to your WooCommerce store, in just a few minutes!

20K No CVEs

Ultimate Gift Cards for WooCommerce

woo-gift-cards-lite

Create, sell and manage WooCommerce gift cards to attract more sales and multiply your revenue at your online store.

7K 3 CVEs

Gift Up Gift Cards for WordPress and WooCommerce

gift-up

The simplest way to sell gift cards online. Sell your own gift cards, gift certificates and gift vouchers from inside your WordPress website easily wi …

5K 3 CVEs

Sensei LMS Certificates

sensei-certificates

100

Award your students with a certificate of completion and a sense of accomplishment after finishing a course.

5K No CVEs

Developer Profile

ValidateCertify Free Developer Profile

Javier Revilla

1 plugin · 1K total installs

trust score

Avg Security Score

77/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect ValidateCertify Free

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/validar-certificados-de-cursos/assets/css/validatecertify-styles.css

Version Parameters

validar-certificados-de-cursos/assets/css/validatecertify-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

custom-dashboard-widget-stvc

HTML Comments

<!-- ValidateCertify Free Admin Dashboard ValidateCertify Free ShortCode

Shortcode Output

<h>Access your tools</h><p>Add a certificate.</p><a href="" class="button button-primary">Add Certificate</a>

FAQ