Does WoPo Paint have any unpatched vulnerabilities?

No. All known vulnerabilities in WoPo Paint have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WoPo Paint compatible with WordPress 6.8.5?

According to WordPress.org data, WoPo Paint 1.2.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WoPo Paint compatible with PHP 7.1+?

WoPo Paint requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WoPo Paint updated?

WoPo Paint was last updated on Aug 29, 2025. Frequent updates are generally a positive security signal.

What is WoPo Paint's security score?

WoPo Paint has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WoPo Paint Security & Risk Analysis

wordpress.org/plugins/wopo-paint

A nice web-based MS Paint remake and more...

80 active installs v1.2.3 PHP 7.1+ WP 5.2+ Updated Aug 29, 2025

image-editorpaintpaintingphoto-editorwopo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WoPo Paint Safe to Use in 2026?

Generally Safe

Score 100/100

WoPo Paint has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The "wopo-paint" v1.2.3 plugin exhibits a generally good security posture based on the provided static analysis. There are no detected dangerous functions, SQL injection vulnerabilities, file operations, or external HTTP requests. The plugin also correctly utilizes prepared statements for all its SQL queries. However, the static analysis does reveal a concern regarding output escaping, with only 40% of outputs being properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if unsanitized user-provided data is displayed directly in the frontend.

The vulnerability history shows a clean record with zero known CVEs, which is a positive indicator. This suggests that the developers have historically maintained a focus on security or that the plugin's functionality has not attracted significant security scrutiny. The lack of taint analysis results is also noteworthy, implying no critical or high-severity flows were detected through the limited analysis performed. Despite the lack of known historical vulnerabilities, the identified weakness in output escaping warrants attention and mitigation.

Key Concerns

Poor output escaping (60% unsanitized)

Vulnerabilities

None known

WoPo Paint Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WoPo Paint Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery3.4.1

Output Escaping

40% escaped5 total outputs

Attack Surface

WoPo Paint Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wopo-paint] wopo-paint.php:103

WordPress Hooks 4

actionadmin_initwopo-paint.php:43

actionwp_enqueue_scriptswopo-paint.php:72

actionadmin_enqueue_scriptswopo-paint.php:73

actionprint_media_templateswopo-paint.php:124

Maintenance & Trust

WoPo Paint Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 29, 2025

PHP min version7.1

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs80

Alternatives

WoPo Paint Alternatives

WP Paint – WordPress Image Editor

wp-paint

WP Paint - WordPress Image Editor is a browser based Image Editor for WordPress media images.

6K No CVEs

Image Editor by Pixo

image-editor-by-pixo

Replaces the default image editor in wp-admin with more powerful one - Pixo. It can also be used in the front-end.

800 1 unpatched

PixMagix – WordPress Image Editor

pixmagix

Advanced image editor plugin for WordPress media images. Add filters, adjust brightness and contrast, crop and resize images, add text, and much more.

200 No CVEs

Buooy Aviary Editor

buooy-aviary-editor

100

Buooy Aviary Editor allows you to utilize the powerful Aviary Photo Editor to make changes right from the WordPress Admin.

40 No CVEs

Painterro

painterro

100

Paste screenshots and edit images directly in your wordpress admin area. Use Painterro button in visual editor for images editing.

10 No CVEs

Developer Profile

WoPo Paint Developer Profile

WoPo Web

10 plugins · 280 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WoPo Paint

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wopo-paint/assets/css/XP.css/wp-content/plugins/wopo-paint/assets/css/main.css/wp-content/plugins/wopo-paint/assets/js/main.js

Script Paths

/wp-content/plugins/wopo-paint/assets/js/main.js

Version Parameters

wopo-paint/assets/css/XP.css?ver=wopo-paint/assets/css/main.css?ver=wopo-paint/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

wopo_painter_windowtitle-bartitle-bar-texttitle-bar-controlsbtn-minimizebtn-maximizebtn-closewindow-body

Data Attributes

id="wopo_painter"id="wopo_painter_window"

JS Globals

wopoPaint

Shortcode Output

<div id="wopo_painter_window" class="window"><div class="title-bar"><div class="title-bar-text">WoPo Paint - Drawing online for Wordpress</div><div class="title-bar-controls">

FAQ