Does VisualFeedback have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is VisualFeedback compatible with WordPress 3.4.2?

According to WordPress.org data, VisualFeedback 1.0.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is VisualFeedback updated?

VisualFeedback was last updated on Nov 20, 2017. Frequent updates are generally a positive security signal.

What is VisualFeedback's security score?

VisualFeedback has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VisualFeedback Security & Risk Analysis

wordpress.org/plugins/visualfeedback

Easily install the VisualFeedback code snippet on your website and start receiving valuable customer feedback.

0 active installs v1.0.0 PHP + WP 3.0.1+ Updated Nov 20, 2017

feedbacknet-promoter-scoresurveysusabilityvoice-of-customer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is VisualFeedback Safe to Use in 2026?

Generally Safe

Score 85/100

VisualFeedback has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "visualfeedback" plugin v1.0.0 exhibits a strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events indicates a minimal attack surface. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries and not performing file operations or external HTTP requests. The lack of dangerous functions and taint flows further reinforces this positive assessment.

However, a significant concern arises from the complete lack of output escaping, with 0% of the 2 identified outputs being properly escaped. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks, as user-supplied data or data processed by the plugin could be injected and executed in the browser of other users. Additionally, the complete absence of nonce checks and capability checks, while not directly linked to specific entry points in this version, suggests a potential oversight in securing future functionalities or interactions.

The plugin's vulnerability history is also clean, with no recorded CVEs. This suggests a history of secure development or a lack of prior in-depth security audits. While this is a strength, it doesn't negate the current security concerns identified in the static analysis. The plugin's current strengths lie in its limited attack surface and secure data handling for SQL, but its weaknesses in output escaping and general security checks require immediate attention.

Key Concerns

Unescaped output found
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

VisualFeedback Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

VisualFeedback Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

VisualFeedback Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

VisualFeedback Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionplugins_loadedincludes\class-visualfeedback.php:142

actionadmin_enqueue_scriptsincludes\class-visualfeedback.php:156

actionadmin_menuincludes\class-visualfeedback.php:158

actionadmin_initincludes\class-visualfeedback.php:159

actionadmin_initincludes\class-visualfeedback.php:160

actionwp_footerincludes\class-visualfeedback.php:176

Maintenance & Trust

VisualFeedback Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedNov 20, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

VisualFeedback Alternatives

FeedFocal

feedfocal

100

Collect user feedback with our easy to use survey tools! Create surveys in seconds.

2K 1 CVE

zenloop for WooCommerce – Net Promoter Score (NPS) platform

zenloop-woocommerce-nps-platform

zenloop for WooCommerce is the official zenloop.com plugin. It connects zenloop’s Net Promoter Score (NPS) platform with your WooCommerce shop.

10 No CVEs

Online Buyer Survey by Bizrate Insights

bizrate-insights-for-woocommerce

100

Bizrate Insights Online Buyer Survey for WooCommerce helps you collect feedback from verified buyers to enhance your customer experience.

0 No CVEs

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds

userfeedback-lite

Ultimate user feedback plugin to ask questions, surveys, polls, from your website in seconds

200K 9 CVEs

Userback

userback

Userback is a powerful visual feedback tool that makes it easy to collect website feedback, report bugs, and collaborate with your team—all from your …

2K 1 unpatched

Developer Profile

VisualFeedback Developer Profile

Nick Hoddinott

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VisualFeedback

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/visualfeedback/admin/css/visualfeedback-admin.css

Version Parameters

visualfeedback-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

visualfeedback-admin-settings

Data Attributes

name="visualfeedback_site_uid"id="visualfeedback_site_uid"

FAQ