Does Virus Finder have any unpatched vulnerabilities?

No. All known vulnerabilities in Virus Finder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Virus Finder compatible with WordPress 7.0?

According to WordPress.org data, Virus Finder 1.0.36 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

How often is Virus Finder updated?

Virus Finder was last updated on Jan 16, 2026. Frequent updates are generally a positive security signal.

What is Virus Finder's security score?

Virus Finder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Virus Finder Security & Risk Analysis

wordpress.org/plugins/virus-finder

Find viruses in your WordPress easily. Virus scan, malware finder.

100 active installs v1.0.36 PHP + WP 2.8+ Updated Jan 16, 2026

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Virus Finder Safe to Use in 2026?

Generally Safe

Score 100/100

Virus Finder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "virus-finder" plugin, v1.0.36, exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs) and demonstrates good practices by using prepared statements for all its SQL queries. It also has a minimal attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events identified.

However, significant concerns arise from the static analysis. The plugin shows a complete lack of output escaping, meaning user-controlled data displayed on the frontend could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential for insecure data handling. The plugin also performs a high volume of file operations (54) with only one nonce check and zero capability checks, raising questions about the security of these file interactions, especially if they involve user-supplied data.

Given the absence of historical vulnerabilities, the plugin has not been a target or has been diligently maintained. Nonetheless, the static analysis findings, particularly the unescaped output and unsanitized paths, represent immediate risks that require attention. The plugin's strengths in SQL handling and limited attack surface are overshadowed by these critical weaknesses in data sanitization and output handling.

Key Concerns

0% output escaping
2 flows with unsanitized paths
0 capability checks
High number of file operations (54)

Vulnerabilities

None known

Virus Finder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Virus Finder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped5 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

virus_finder_mappakolvas (virus-finder.php:291)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Virus Finder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menuvirus-finder.php:20

actionadmin_initvirus-finder.php:21

Maintenance & Trust

Virus Finder Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedJan 16, 2026

PHP min version

Downloads12K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Virus Finder Alternatives

SX User Name Security

user-name-security

100

SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di …

1K No CVEs