Does Word Replacer have any unpatched vulnerabilities?

No. All known vulnerabilities in Word Replacer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Word Replacer compatible with WordPress 3.9.40?

According to WordPress.org data, Word Replacer 0.4 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Word Replacer updated?

Word Replacer was last updated on Aug 10, 2014. Frequent updates are generally a positive security signal.

What is Word Replacer's security score?

Word Replacer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Word Replacer Security & Risk Analysis

wordpress.org/plugins/word-replacer

Replace word by another word in post, page, or comment. And... bbPress

1K active installs v0.4 PHP + WP 3.1+ Updated Aug 10, 2014

commentpagepostreplacereplacer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Word Replacer Safe to Use in 2026?

Generally Safe

Score 85/100

Word Replacer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'word-replacer' plugin v0.4 exhibits a generally good security posture with no recorded vulnerabilities in its history and a limited attack surface. The static analysis reveals no critical code signals like dangerous functions, file operations, or external HTTP requests, and importantly, no unsanitized taint flows. The absence of known CVEs also contributes positively to its security. However, there are areas for improvement. The plugin utilizes prepared statements for only 40% of its SQL queries, indicating a potential risk of SQL injection if not handled with extreme care in the remaining queries. Furthermore, only 15% of output is properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of a single nonce check is a positive sign, but the complete lack of capability checks for its entry points, although currently zero, means any future additions without proper authorization checks would be immediately exploitable.

Key Concerns

Low percentage of properly escaped output
SQL queries not consistently using prepared statements
No capability checks on entry points

Vulnerabilities

None known

Word Replacer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Word Replacer Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

40% prepared5 total queries

Output Escaping

15% escaped20 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

word_replacer_post (word-replacer.php:182)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Word Replacer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

filtercomment_textword-replacer.php:46

filterthe_contentword-replacer.php:47

filterbbp_get_reply_contentword-replacer.php:48

filterthe_titleword-replacer.php:49

filterwp_titleword-replacer.php:50

actionadmin_headword-replacer.php:51

actionadmin_menuword-replacer.php:52

filtercontextual_helpword-replacer.php:53

Maintenance & Trust

Word Replacer Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedAug 10, 2014

PHP min version

Downloads42K

Community Trust

Rating80/100

Number of ratings4

Active installs1K

Alternatives

Word Replacer Alternatives

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

Search and Replace

search-replace

100

Search and replace content into pages and posts

10K No CVEs

Remove noreferrer

remove-noreferrer

"Remove noreferrer" automatically removes rel="noreferrer" attribute from links on your website on-the-fly.

5K No CVEs

Disable Feeds and Comments

disable-rss-feeds-and-comments

This WordPress plugin, "Disable RSS Feeds and Comments," gives you the ability to turn off both the RSS feeds and comments on pages and/or p …

400 No CVEs

WP Find And Replace

wp-find-and-replace

Find and replace content into pages and posts

200 No CVEs

Developer Profile

Word Replacer Developer Profile

takien

6 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Word Replacer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/word-replacer/word-replacer.php

HTML / DOM Fingerprints

CSS Classes

strip_backslashreplacer_expandable

Data Attributes

name='delete[]'name='id[]'name='count'name='original[]'name='replacement[]'name='in_posts[]'+8 more

JS Globals

jQuery

FAQ