Does WeBWorK Q&A have any unpatched vulnerabilities?

No. All known vulnerabilities in WeBWorK Q&A have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WeBWorK Q&A compatible with WordPress 6.2.9?

According to WordPress.org data, WeBWorK Q&A 1.0.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is WeBWorK Q&A compatible with PHP 7.0+?

WeBWorK Q&A requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WeBWorK Q&A updated?

WeBWorK Q&A was last updated on Mar 27, 2023. Frequent updates are generally a positive security signal.

What is WeBWorK Q&A's security score?

WeBWorK Q&A has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WeBWorK Q&A Security & Risk Analysis

wordpress.org/plugins/webworkqa

WeBWorK Q&A creates a community forum where users can ask and answer questions about WeBWorK problems.

0 active installs v1.0.0 PHP 7.0+ WP 5.0+ Updated Mar 27, 2023

homeworkmathqawebwork

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WeBWorK Q&A Safe to Use in 2026?

Generally Safe

Score 85/100

WeBWorK Q&A has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The webworkqa plugin v1.0.0 exhibits a strong security posture based on the static analysis. The absence of dangerous functions, file operations, external HTTP requests, and a complete reliance on prepared statements for all SQL queries are significant strengths. Furthermore, the high percentage of properly escaped output suggests a good understanding of secure coding practices. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, is also a positive indicator.

While the code analysis reveals no critical or high-severity issues such as taint flows or unescaped output, the lack of any nonce checks across its entry points is a notable concern. The presence of capability checks indicates an attempt at authorization, but without nonce validation, these entry points could potentially be abused if an attacker can craft specific requests. The plugin's vulnerability history is clean, with no recorded CVEs, which is reassuring. However, this could also be attributed to its age or limited adoption, rather than an inherent invulnerability. Overall, the plugin is built on a solid foundation of secure coding principles, but the missing nonce checks present a specific area for improvement to further harden its security.

Key Concerns

Missing nonce checks

Vulnerabilities

None known

WeBWorK Q&A Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WeBWorK Q&A Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

88% escaped26 total outputs

Attack Surface

WeBWorK Q&A Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[webwork] classes\Client.php:14

WordPress Hooks 19

filterquery_varsclasses\Client\Rewrites.php:9

filterlogin_messageclasses\Client.php:16

filterplupload_default_settingsclasses\Client.php:28

filtersafe_style_cssclasses\Server\Util\ProblemFormatter.php:153

actionadmin_noticesclasses\Server.php:18

actionwp_enqueue_scriptsclasses\Server.php:29

actionlogin_enqueue_scriptsclasses\Server.php:30

actionrest_api_initclasses\Server.php:33

actionrest_api_initclasses\Server.php:36

actionrest_api_initclasses\Server.php:39

actionrest_api_initclasses\Server.php:42

actionrest_api_initclasses\Server.php:45

actionrest_api_initclasses\Server.php:48

actiontemplate_redirectclasses\Server.php:50

filtermap_meta_capclasses\Server.php:53

filterajax_query_attachments_argsclasses\Server.php:54

actionadmin_noticeswebwork.php:26

actionadmin_noticeswebwork.php:35

actioninitwebwork.php:47

Maintenance & Trust

WeBWorK Q&A Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMar 27, 2023

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WeBWorK Q&A Alternatives

$DS CF7 Math Captcha$

DS CF7 Math Captcha

ds-cf7-math-captcha

"DS CF7 Math Captcha" is a math captcha with refresh captcha functionality to prevent unwanted spam for your contact form 7 plugin.

30K 1 CVE

Website LLMs.txt

website-llms-txt

100

Automatically generate and manage LLMS.txt files for LLM/AI content understanding, with full Yoast SEO, Rank Math, SEOPress, and AIOSEO integration.

30K No CVEs

$MathJax-LaTeX$

MathJax-LaTeX

mathjax-latex

This plugin enables MathJax (http://www.mathjax.org) functionality for WordPress (http://www.wordpress.org).

10K 1 CVE

$WP All Import – Import SEO Settings for Rank Math SEO$

WP All Import – Import SEO Settings for Rank Math SEO

import-xml-csv-settings-to-rank-math-seo

100

Drag & drop to import from any CSV, Excel, XML, or Google Sheets file into Rank Math SEO's titles, meta descriptions, focus keywords, schema …

7K No CVEs

$Turn Rank Math FAQ Block to Accordion$

Turn Rank Math FAQ Block to Accordion

turn-rank-math-faq-block-to-accordion

This plugin turns Rank Math FAQ blocks into accordion easily and make them accessibility ready.

5K No CVEs

Developer Profile

WeBWorK Q&A Developer Profile

Boone Gorges

27 plugins · 12K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

1864 days

View full developer profile

Detection Fingerprints

How We Detect WeBWorK Q&A

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webworkqa/lib/font-awesome/css/font-awesome.min.css/wp-content/plugins/webworkqa/assets/css/app.css/wp-content/plugins/webworkqa/assets/css/select.css/wp-content/plugins/webworkqa/assets/js/webwork-scaffold.js/wp-content/plugins/webworkqa/build/index.js/wp-content/plugins/webworkqa/assets/js/webwork-mathjax-loader.js/wp-content/plugins/webworkqa/lib/MathJax/MathJax.js?config=TeX-MML-AM_HTMLorMML-full

Script Paths

/wp-content/plugins/webworkqa/assets/js/webwork-scaffold.js/wp-content/plugins/webworkqa/build/index.js/wp-content/plugins/webworkqa/assets/js/webwork-mathjax-loader.js

Version Parameters

webworkqa/lib/font-awesome/css/font-awesome.min.css?ver=webworkqa/assets/css/app.css?ver=webworkqa/assets/css/select.css?ver=webworkqa/assets/js/webwork-scaffold.js?ver=webworkqa/build/index.js?ver=webworkqa/assets/js/webwork-mathjax-loader.js?ver=webworkqa/lib/MathJax/MathJax.js?config=TeX-MML-AM_HTMLorMML-full&ver=

HTML / DOM Fingerprints

CSS Classes

webwork-appwebwork-react-select

Data Attributes

data-ww-page-basedata-ww-problem-iddata-ww-rest-api-endpointdata-ww-route-base

JS Globals

WWData

REST Endpoints

/wp-json/webwork/v1/

Shortcode Output

[webwork]

FAQ