Does Validated have any unpatched vulnerabilities?

No. All known vulnerabilities in Validated have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Validated compatible with WordPress 5.3.21?

According to WordPress.org data, Validated 2.1.2 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is Validated updated?

Validated was last updated on Dec 4, 2019. Frequent updates are generally a positive security signal.

What is Validated's security score?

Validated has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Validated Security & Risk Analysis

wordpress.org/plugins/validated

This plugin will allow you to check your pages/posts HTML against the W3C Validator.

700 active installs v2.1.2 PHP + WP 3.7+ Updated Dec 4, 2019

codehtmlvalidationw3cxhtml

A · Safe

CVEs total1

Unpatched0

Last CVEMay 28, 2014

Plugin page Download

Safety Verdict

Is Validated Safe to Use in 2026?

Generally Safe

Score 85/100

Validated has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 28, 2014Updated 6yr ago

Risk Assessment

The static analysis of 'validated' v2.1.2 reveals a strong adherence to secure coding practices. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, indicating a minimal attack surface. Furthermore, the code demonstrates excellent security by avoiding dangerous functions, ensuring all SQL queries use prepared statements, and properly escaping all output. File operations and external HTTP requests are also absent, which further reduces potential vulnerabilities.

Despite these strong internal code practices, the plugin has a history of vulnerabilities, including one documented CVE. The presence of a past medium severity Cross-Site Scripting (XSS) vulnerability, although last seen in 2014 and currently unpatched, raises a flag. The absence of nonce checks and capability checks, while not directly exploited in the current static analysis due to the lack of entry points, represents potential weaknesses if the attack surface were to expand or if the plugin's functionality changed in future versions.

In conclusion, 'validated' v2.1.2 exhibits a very secure internal code structure with best practices in place for SQL, output, and avoiding dangerous functions. However, the past vulnerability history, specifically an XSS issue, and the lack of certain security checks like nonces and capability checks on what is currently a zero-attack-surface, suggest a need for ongoing vigilance and a potential risk if the plugin's design evolves.

Key Concerns

Past medium vulnerability (XSS)
0 Nonce checks
0 Capability checks

Vulnerabilities

Validated Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2014-4564medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Validated <= 1.0.2 - Cross-Site Scripting

May 28, 2014 Patched in 2.0.0 (3527d)

Code Analysis

Analyzed Mar 16, 2026

Validated Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped12 total outputs

Attack Surface

Validated Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionplugins_loadedvalidated.php:30

Maintenance & Trust

Validated Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedDec 4, 2019

PHP min version

Downloads25K

Community Trust

Rating80/100

Number of ratings5

Active installs700

Alternatives

Validated Alternatives

(x)html easy validator

xhtml-easy-validator

100

Check the doctype validity using W3c validator (html , xhtml , ... ) when creating or updating page / post / custom post type and show the result in …

20 No CVEs

Batch Validator

batch-validator

This plugin performs a batch markup validation check over your entire WordPress website.

10 No CVEs

WP-Validate

wp-validator

WP-Validate collects all the pages on your site and runs them through the W3C's HTML Validator.

10 No CVEs

HTML Validation

html-validation

100

The HTML Validation Plugin runs in the background, identifies and reports HTML validation errors on your website. Once activated, the HTML Validation …

400 No CVEs

Gallery Shortcode Style to Head

gallery-shortcode-style-to-head

Moves the gallery shortcode styles to the head so it doesn't break XHTML validation; allows disabling or modifying the default gallery styles.

100 No CVEs

Developer Profile

Validated Developer Profile

Allan Collins

4 plugins · 830 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

3527 days

View full developer profile

Detection Fingerprints

How We Detect Validated

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/validated/css/validated.css/wp-content/plugins/validated/js/validated.js

Script Paths

/wp-content/plugins/validated/js/validated.js

Version Parameters

validated/css/validated.css?ver=validated/js/validated.js?ver=

HTML / DOM Fingerprints

CSS Classes

validated-form

FAQ