VersionIt Security & Risk Analysis

wordpress.org/plugins/versionit

Removes default version query strings from CSS/JS resources, appends the modified time to the filename, and creates the necessary .

10 active installs v1.0 PHP + WP 3.3+ Updated Jan 18, 2014
cssjsresources
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is VersionIt Safe to Use in 2026?

Generally Safe

Score 85/100

VersionIt has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The 'versionit' v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of dangerous SQL queries, external HTTP requests, file operations, and a notable 100% usage of prepared statements and output escaping. The attack surface is also zero, meaning there are no exposed AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces the potential for external exploitation. The plugin also demonstrates awareness of WordPress security practices by including a capability check.

However, a primary concern is the presence of the `create_function` dangerous function, which can be a vector for remote code execution if not handled with extreme care, although its specific usage and context are not detailed here. The lack of any recorded vulnerability history is a positive sign, suggesting good coding practices and a lack of known exploitable flaws. This, combined with the minimal attack surface and robust data handling (prepared statements, escaping), paints a picture of a plugin that, at first glance, is quite secure. Despite the single dangerous function, the overall lack of other common vulnerabilities and the zero attack surface make this plugin appear to be a low-risk option.

Key Concerns

  • Dangerous function create_function used
Vulnerabilities
None known

VersionIt Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

VersionIt Release Timeline

v1.0Current
v0.1
Code Analysis
Analyzed Apr 16, 2026

VersionIt Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('admin_notices', create_function('', "echo '<div class=\"error\"><p>" . sprintf(__('Pleasincludes/helper-functions.php:15
Attack Surface

VersionIt Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_noticesincludes/helper-functions.php:15
actionadmin_initincludes/helper-functions.php:19
actiongenerate_rewrite_rulesincludes/helper-functions.php:35
Maintenance & Trust

VersionIt Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedJan 18, 2014
PHP min version
Downloads2K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Developer Profile

VersionIt Developer Profile

Zach Schnackel

4 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VersionIt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/versionit/
Version Parameters
ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about VersionIt