Does Vibes have any unpatched vulnerabilities?

No. All known vulnerabilities in Vibes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Vibes compatible with WordPress 6.9.4?

According to WordPress.org data, Vibes 2.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Vibes compatible with PHP 8.1+?

Vibes requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Vibes updated?

Vibes was last updated on Nov 14, 2025. Frequent updates are generally a positive security signal.

What is Vibes's security score?

Vibes has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vibes Security & Risk Analysis

wordpress.org/plugins/vibes

Truthful user experience and browsing performances monitoring.

400 active installs v2.3.0 PHP 8.1+ WP 6.2+ Updated Nov 14, 2025

real-user-monitoringrumuxweb-performanceweb-vitals

A · Safe

CVEs total1

Unpatched0

Last CVEAug 25, 2025

Plugin page Download

Safety Verdict

Is Vibes Safe to Use in 2026?

Generally Safe

Score 98/100

Vibes has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 25, 2025Updated 4mo ago

Risk Assessment

The 'vibes' plugin v2.3.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling with 85% prepared statements and excellent output escaping at 92%. The absence of critical or high-severity taint flows, dangerous functions, and bundled libraries are also strengths. However, there are significant areas of concern. The attack surface includes 3 AJAX handlers, with 2 of them lacking authentication checks, presenting a direct risk for unauthorized execution of actions. Furthermore, the plugin has a documented history of a high-severity 'SQL Injection' vulnerability, even though it is currently patched. This historical pattern suggests a potential recurring weakness in how user-supplied data is handled in SQL queries, which requires ongoing vigilance.

Key Concerns

Unprotected AJAX handlers
High severity SQL Injection vulnerability history

Vulnerabilities

Vibes Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-9172high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter

Aug 25, 2025 Patched in 2.2.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Vibes Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

151 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared27 total queries

Output Escaping

92% escaped164 total outputs

Attack Surface

2 unprotected

Vibes Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 3

authwp_ajax_hide_vibes_nagincludes\plugin\class-core.php:116

authwp_ajax_vibes_get_statsincludes\plugin\class-core.php:117

authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 4

[vibes-wpcli] includes\features\class-wpcli.php:651

[vibes-changelog] includes\plugin\class-core.php:85

[vibes-libraries] includes\plugin\class-core.php:86

[vibes-statistics] includes\plugin\class-core.php:87

WordPress Hooks 39

filterinit_perfopsone_admin_menusadmin\class-vibes-admin.php:217

filterscript_loader_tagincludes\features\class-capture.php:69

actionshutdownincludes\features\class-memory.php:75

actionshutdownincludes\features\class-memory.php:76

actionshutdownincludes\features\class-schema.php:95

filterperfopsone_plugin_infoincludes\plugin\class-core.php:81

actioninitincludes\plugin\class-core.php:82

actioninitincludes\plugin\class-core.php:83

actionwp_headincludes\plugin\class-core.php:84

actionrest_api_initincludes\plugin\class-core.php:90

actionrest_api_initincludes\plugin\class-core.php:92

actioninitincludes\plugin\class-core.php:105

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:106

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:107

actionadmin_menuincludes\plugin\class-core.php:108

actionadmin_menuincludes\plugin\class-core.php:109

actionadmin_menuincludes\plugin\class-core.php:110

actionadmin_initincludes\plugin\class-core.php:111

actionadmin_print_scriptsincludes\plugin\class-core.php:112

filterplugin_row_metaincludes\plugin\class-core.php:114

actionadmin_noticesincludes\plugin\class-core.php:115

actionwp_dashboard_setupincludes\plugin\class-core.php:118

actionwp_network_dashboard_setupincludes\plugin\class-core.php:119

actionwp_headincludes\plugin\class-core.php:131

actionwp_enqueue_scriptsincludes\plugin\class-core.php:132

actionwp_enqueue_scriptsincludes\plugin\class-core.php:133

filterplugins_apiincludes\plugin\class-updater.php:67

filtersite_transient_update_pluginsincludes\plugin\class-updater.php:68

actionupgrader_process_completeincludes\plugin\class-updater.php:69

filterclean_urlincludes\plugin\class-updater.php:70

filterperfopsone_apcu_infoincludes\system\class-apcu.php:51

filtersite_status_testsincludes\system\class-sitehealth.php:77

filtersite_status_testsincludes\system\class-sitehealth.php:78

filtersite_status_testsincludes\system\class-sitehealth.php:79

filtersite_status_testsincludes\system\class-sitehealth.php:81

filterdebug_informationincludes\system\class-sitehealth.php:91

filterdebug_informationincludes\system\class-sitehealth.php:109

filtersafe_style_cssinit.php:68

actionadmin_bar_menuperfopsone\class-adminbar.php:54

Maintenance & Trust

Vibes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 14, 2025

PHP min version8.1

Downloads17K

Community Trust

Rating100/100

Number of ratings2

Active installs400

Alternatives

Vibes Alternatives

Real User Monitoring by RapidSpike

rapidspike-real-user-monitoring

Live performance data via Real User Monitoring. Track real user experience - traffic volume and page load speed - by country, browser and device.

0 No CVEs

Site24x7 Real User Monitoring

site24x7-rum

Real User Monitoring (RUM) by Site24x7 provides deep and accurate insight into real users’experience on your WordPress setup.

100 No CVEs

SpeedVitals RUM

speedvitals-rum

100

Integrates SpeedVitals RUM Script in your WordPress Website

40 No CVEs

Core Web Vitals – Real User Monitoring (RUM)

core-web-vitals-real-user-monitoring-rum

100

Track Core Web Vitals (LCP, INP, CLS, FCP, TTFB) from real users with comprehensive analytics, GA4 integration, and performance insights.

0 No CVEs

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

The simplest and fastest WP Cache system

1.0M 35 CVEs

Developer Profile

Vibes Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Vibes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vibes/assets/css/vibes.css/wp-content/plugins/vibes/assets/js/vibes.js/wp-content/plugins/vibes/assets/css/vibes-admin.css/wp-content/plugins/vibes/assets/js/vibes-admin.js/wp-content/plugins/vibes/assets/css/vibes-admin-settings.css/wp-content/plugins/vibes/assets/js/vibes-admin-settings.js/wp-content/plugins/vibes/assets/css/vibes-admin-view.css/wp-content/plugins/vibes/assets/js/vibes-admin-view.js+10 more

Script Paths

/wp-content/plugins/vibes/assets/js/vibes.js/wp-content/plugins/vibes/assets/js/vibes-admin.js/wp-content/plugins/vibes/assets/js/vibes-admin-settings.js/wp-content/plugins/vibes/assets/js/vibes-admin-view.js/wp-content/plugins/vibes/assets/js/vibes-frontend.js/wp-content/plugins/vibes/includes/libraries/daterangepicker/moment.min.js+4 more

Version Parameters

vibes/assets/css/vibes.css?ver=vibes/assets/js/vibes.js?ver=vibes/assets/css/vibes-admin.css?ver=vibes/assets/js/vibes-admin.js?ver=vibes/assets/css/vibes-admin-settings.css?ver=vibes/assets/js/vibes-admin-settings.js?ver=vibes/assets/css/vibes-admin-view.css?ver=vibes/assets/js/vibes-admin-view.js?ver=vibes/assets/css/vibes-frontend.css?ver=vibes/assets/js/vibes-frontend.js?ver=vibes-moment-with-localevibes-daterangepickervibes-chartistvibes-chartist-tooltip

HTML / DOM Fingerprints

CSS Classes

vibes-dashboardvibes-rowvibes-colvibes-cardvibes-card-headervibes-card-bodyvibes-tablevibes-table-responsive+5 more

HTML Comments

Provide a admin-facing view for the pluginThis file is used to markup the admin-facing aspects of the plugin.

Data Attributes

data-featherlight-opendata-featherlight-closedata-featherlight-close-text

JS Globals

VIBES_ASSETS_IDVIBES_PRODUCT_NAMEVIBES_VERSIONPERFOO_ALLOWED_HTML_FOR_DASHBOARDPERFOO_ALLOWED_PROTOCOLS_FOR_DASHBOARDvibes_object+5 more

REST Endpoints

/wp-json/vibes/v1/analytics

Shortcode Output

[vibes-libraries][vibes-changelog][vibes-wpcli]

FAQ