Does Wikipedia Preview have any unpatched vulnerabilities?

No. All known vulnerabilities in Wikipedia Preview have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wikipedia Preview compatible with WordPress 6.9.4?

According to WordPress.org data, Wikipedia Preview 1.17.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Wikipedia Preview compatible with PHP 5.6.39+?

Wikipedia Preview requires PHP 5.6.39 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wikipedia Preview updated?

Wikipedia Preview was last updated on Dec 8, 2025. Frequent updates are generally a positive security signal.

What is Wikipedia Preview's security score?

Wikipedia Preview has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wikipedia Preview Security & Risk Analysis

wordpress.org/plugins/wikipedia-preview

Wikipedia Preview lets you show a popup card with a short summary from Wikipedia when a reader clicks or hovers over a link.

1K active installs v1.17.0 PHP 5.6.39+ WP 6.1+ Updated Dec 8, 2025

cardfactspopupwikiwikipedia

A · Safe

CVEs total1

Unpatched0

Last CVEAug 3, 2025

Plugin page Download

Safety Verdict

Is Wikipedia Preview Safe to Use in 2026?

Generally Safe

Score 99/100

Wikipedia Preview has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 3, 2025Updated 3mo ago

Risk Assessment

The "wikipedia-preview" v1.17.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests is commendable. Furthermore, the strict adherence to prepared statements for all SQL queries and proper output escaping for all detected outputs significantly mitigates common web application vulnerabilities. The plugin also demonstrates good security practices with the presence of nonce and capability checks for its entry points.

Despite the positive static analysis, one historical medium-severity vulnerability, specifically "Missing Authorization," was identified, although it is currently marked as patched. The fact that this vulnerability existed and was of medium severity suggests a past weakness in access control that, while addressed, warrants attention for future development. The absence of any taint analysis findings is a positive sign, indicating no identifiable unsanitized data flows within the analyzed code.

In conclusion, the plugin's current version shows robust security development practices, particularly in data handling and input sanitization. The past vulnerability, while patched, serves as a reminder to maintain vigilance. Overall, the plugin is in a good security state, with the historical vulnerability being the primary point of concern, albeit a resolved one.

Key Concerns

Past medium vulnerability (Missing Authorization)

Vulnerabilities

Wikipedia Preview Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-52738medium · 5.3Missing Authorization

Wikipedia Preview <= 1.15.0 - Missing Authorization

Aug 3, 2025 Patched in 1.16.0 (94d)

Code Analysis

Analyzed Mar 16, 2026

Wikipedia Preview Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped8 total outputs

Attack Surface

Wikipedia Preview Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 1

authwp_ajax_dismiss_review_bannerbanner.php:120

REST API Routes 3

POST/wp-json/wikipediapreview/v1/count/tooltip.php:52

POST/wp-json/wikipediapreview/v1/duration/tooltip.php:63

POST/wp-json/wikipediapreview/v1/reset/tooltip.php:74

WordPress Hooks 12

actionadmin_noticesbanner.php:118

actionadmin_footerbanner.php:119

actionadmin_initintro.php:4

actionadmin_menuintro.php:24

actionadmin_enqueue_scriptsintro.php:41

actionenqueue_block_editor_assetstooltip.php:110

actionrest_api_inittooltip.php:111

filterplugin_row_metawikipediapreview.php:162

actionwp_enqueue_scriptswikipediapreview.php:164

actionenqueue_block_editor_assetswikipediapreview.php:165

actioninitwikipediapreview.php:166

actioninitwikipediapreview.php:167

Maintenance & Trust

Wikipedia Preview Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 8, 2025

PHP min version5.6.39

Downloads18K

Community Trust

Rating96/100

Number of ratings38

Active installs1K

Alternatives

Wikipedia Preview Alternatives

Blog Link Hover Preview

blog-link-hover-preview

100

Adds Wikipedia-style hover previews on internal post links as a pop-up card, showing the post title, excerpt, and a read more link.

0 No CVEs

WP Wiki Tooltip

wp-wiki-tooltip

Adds explaining tooltips querying their content from a MediaWiki installation, e.g. Wikipedia.org.

200 1 CVE

InfoLink

infolinks

Quickly add Links to Wikipedia, IMDB Sites or search for site/blog or news with Google. And New with 1.3 also your bookmarked Links.

60 No CVEs

Embed Wikimedia

embed-wikimedia

The Embed Wikimedia plugin adds support for embedding photos from Wikimedia projects such as Wikipedia.

50 No CVEs

Phototools: geo2wikipedia

geo2wikipedia

Add wikipedia extracts to your page as a widgid, above or under your content or using shortcode's wherever you like.

10 No CVEs

Developer Profile

Wikipedia Preview Developer Profile

Wikimedia Foundation

1 plugin · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

94 days

View full developer profile

Detection Fingerprints

How We Detect Wikipedia Preview

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wikipedia-preview/build/init.js/wp-content/plugins/wikipedia-preview/build/index.js/wp-content/plugins/wikipedia-preview/build/style-index.css/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview.js/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview-link.css/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview.css

Script Paths

/wp-content/plugins/wikipedia-preview/build/init.js/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview.js/wp-content/plugins/wikipedia-preview/build/index.js/wp-content/plugins/wikipedia-preview/build/style-index.css/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview-link.css/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview.css

Version Parameters

/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview.js?ver=/wp-content/plugins/wikipedia-preview/build/init.js?ver=/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview-link.css?ver=/wp-content/plugins/wikipedia-preview/build/index.js?ver=/wp-content/plugins/wikipedia-preview/libs/wikipedia-preview.css?ver=/wp-content/plugins/wikipedia-preview/build/style-index.css?ver=

HTML / DOM Fingerprints

CSS Classes

wikipediapreview-intro-wordmarkwikipediapreview-intro-illustrationwikipediapreview-intro-step

Data Attributes

wikipediapreview_detectlinks

JS Globals

wikipediapreview_init_options

FAQ