Does WP Abstracts have any unpatched vulnerabilities?

Yes — WP Abstracts currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Abstracts compatible with WordPress 6.8.5?

According to WordPress.org data, WP Abstracts 2.7.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Abstracts updated?

WP Abstracts was last updated on Jun 3, 2025. Frequent updates are generally a positive security signal.

What is WP Abstracts's security score?

WP Abstracts has a WP-Safety security score of 66/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Abstracts: 1 Unpatched CVE — WordPress Security

Safety Verdict

Is WP Abstracts Safe to Use in 2026?

Use With Caution

Score 66/100

WP Abstracts has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

9 known CVEs 1 unpatched Last CVE: Sep 3, 2025Updated 11mo ago

Risk Assessment

The wp-abstracts-manuscripts-manager plugin exhibits several concerning security weaknesses. While it demonstrates good practices in using prepared statements for SQL queries and a moderate number of nonce checks, the presence of unprotected AJAX handlers and a significant number of unsanitized flows are major red flags. The high percentage of flows with unsanitized paths, particularly the 13 high-severity taint flows, directly indicates a risk of attackers being able to inject malicious input that is not properly handled, potentially leading to code execution or data manipulation.

The plugin's vulnerability history is also a significant concern, with 9 known CVEs, one of which remains unpatched. The prevalence of Remote File Inclusion, CSRF, and XSS vulnerabilities in its past indicates a pattern of insecure input handling and authentication deficiencies. The recent discovery of a high-severity vulnerability in late 2025 suggests that the plugin may not be actively maintained with the latest security patches.

Overall, the plugin has a mixed security posture. The strengths lie in its SQL query practices. However, the significant number of unprotected entry points, particularly AJAX handlers, the high number of unsanitized taint flows, and a history of critical vulnerability types, including an unpatched high-severity issue, suggest a high risk. Caution is advised, and immediate attention should be paid to addressing the unpatched CVE and improving input sanitization and authentication mechanisms for its entry points.

Key Concerns

8 unprotected AJAX handlers
13 high severity taint flows
23 flows with unsanitized paths
1 unpatched CVE (high severity implied by history)
2 high severity CVEs in history
7 medium severity CVEs in history
History of RFI vulnerabilities
History of CSRF vulnerabilities
History of XSS vulnerabilities
Only 2 capability checks
43% output properly escaped
Uses unseralize

Vulnerabilities

9 published

WP Abstracts Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

2 CVEs in 2024

2024

4 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

2

Medium

7

9 total CVEs

CVE-2025-48338high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Abstracts <= 2.7.4 - Unauthenticated Local File Inclusion

Sep 3, 2025 Patched in 2.7.5 (57d)

CVE-2025-32591medium · 6.1Cross-Site Request Forgery (CSRF)

WP Abstracts <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025Unpatched

CVE-2024-12386high · 8.1Cross-Site Request Forgery (CSRF)

WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion

Feb 11, 2025 Patched in 2.7.4 (1d)

CVE-2024-12385medium · 6.1Cross-Site Request Forgery (CSRF)

WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

Jan 17, 2025 Patched in 2.7.3 (1d)

CVE-2024-50411medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Abstracts <= 2.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 2.7.2 (7d)

CVE-2024-44045medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Abstracts <= 2.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 23, 2024 Patched in 2.7.0 (10d)

CVE-2023-28692medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 27, 2023 Patched in 2.6.3 (210d)

CVE-2023-36517medium · 4.3Cross-Site Request Forgery (CSRF)

WP Abstracts <= 2.6.2 - Cross-Site Request Forgery

Jun 27, 2023 Patched in 2.6.3 (210d)

CVE-2023-29385medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Abstracts <= 2.6.1 - Reflected Cross-Site Scripting

May 8, 2023 Patched in 2.6.2 (260d)

Version History

WP Abstracts Release Timeline

v2.7.5Current1 CVE

CVE-2025-32591

v2.7.42 CVEs

CVE-2025-32591 CVE-2025-48338

v2.7.33 CVEs

CVE-2025-32591 CVE-2025-48338 CVE-2024-12386

v2.7.24 CVEs

CVE-2025-32591 CVE-2024-12385 CVE-2025-48338 +1 more

v2.7.15 CVEs

CVE-2025-32591 CVE-2024-12385 CVE-2024-50411 +2 more

v2.7.05 CVEs

CVE-2025-32591 CVE-2024-12385 CVE-2024-50411 +2 more

v2.6.56 CVEs

CVE-2025-32591 CVE-2024-44045 CVE-2024-12385 +3 more

v2.6.46 CVEs

CVE-2025-32591 CVE-2024-44045 CVE-2024-12385 +3 more

v2.6.36 CVEs

CVE-2025-32591 CVE-2024-44045 CVE-2024-12385 +3 more

v2.6.28 CVEs

CVE-2025-32591 CVE-2024-44045 CVE-2024-12385 +5 more

v2.6.19 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.6.09 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.5.19 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.5.09 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.4.09 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.3.29 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.3.19 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.3.09 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.0.19 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

v2.0.09 CVEs

CVE-2025-32591 CVE-2023-29385 CVE-2024-44045 +6 more

Code Analysis

Analyzed Mar 16, 2026

WP Abstracts Code Analysis

Dangerous Functions

6

Raw SQL Queries

14

71 prepared

Unescaped Output

354

264 escaped

Nonce Checks

17

Capability Checks

2

File Operations

12

External Requests

0

Bundled Libraries

1

Dangerous Functions Found

unserialize$user_data = unserialize($user->data);inc\wpabstracts_downloads.php:214

unserialize$user_data = isset($wpa_user->data) ? unserialize($wpa_user->data) : null;users\html\users.profile.php:43

unserialize$user_data = unserialize($item->data);users\users.classes.php:45

unserialize$roles = unserialize($item->user_role);users\users.classes.php:63

unserialize$user_data = unserialize($user->data);users\users.downloads.php:44

unserialize$user_data = unserialize($user->data);users\users.settings.php:59

Bundled Libraries

DataTables

SQL Query Safety

84% prepared85 total queries

Output Escaping

43% escaped618 total outputs

Data Flows · Security

23 unsanitized

Data Flow Analysis

25 flows23 with unsanitized paths

<wpabstracts.dashboard> (dashboard\wpabstracts.dashboard.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

WP Abstracts Attack Surface

Entry Points15

Unprotected8

AJAX Handlers 11

noprivwp_ajax_wpa_logininc\wpabstracts_functions.php:725

noprivwp_ajax_wpa_lostpasswordinc\wpabstracts_functions.php:771

noprivwp_ajax_wpa_resetpasswordinc\wpabstracts_functions.php:823

authwp_ajax_wpabs_save_regforminc\wpabstracts_functions.php:869

noprivwp_ajax_wpabs_get_regforminc\wpabstracts_functions.php:885

authwp_ajax_loadreviewerswpabstracts.php:881

authwp_ajax_loadstatuswpabstracts.php:888

authwp_ajax_loadtopicswpabstracts.php:903

authwp_ajax_reorder_topicswpabstracts.php:932

authwp_ajax_reorder_admin_columnswpabstracts.php:963

authwp_ajax_wpamaillogwpabstracts.php:1026

Shortcodes 4

[wpabstracts] wpabstracts.php:66

[wpabstracts_register] wpabstracts.php:85

[wpabstracts_login] wpabstracts.php:96

[wpabstracts_accepted] wpabstracts.php:105

WordPress Hooks 24

filterwp_mail_content_typeinc\wpabstracts_emailer.php:191

actionadmin_noticesinc\wpabstracts_functions.php:576

filterwp_mail_content_typeinc\wpabstracts_functions.php:809

actiondelete_userinc\wpabstracts_functions.php:894

actionlogin_forminc\wpabstracts_functions.php:912

actionregister_forminc\wpabstracts_functions.php:913

filterwp_authenticate_userinc\wpabstracts_functions.php:938

filterregistration_errorsinc\wpabstracts_functions.php:951

filterwp_mail_content_typeusers\html\users.register.php:113

filterwp_mail_content_typeusers\html\users.register.php:131

actionadmin_headwpabstracts.php:23

actionadmin_headwpabstracts.php:24

actionadmin_headwpabstracts.php:25

actionadmin_initwpabstracts.php:26

actiontiny_mce_before_initwpabstracts.php:27

actioninitwpabstracts.php:34

actionadmin_menuwpabstracts.php:42

actiontiny_mce_before_initwpabstracts.php:71

filteredit_post_linkwpabstracts.php:72

actionadmin_initwpabstracts.php:117

filtershow_admin_barwpabstracts.php:128

filterplugin_row_metawpabstracts.php:137

actionadmin_initwpabstracts.php:774

filterwp_enqueue_scriptswpabstracts.php:825

Maintenance & Trust

WP Abstracts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 3, 2025

PHP min version

Downloads22K

Community Trust

Rating96/100

Number of ratings36

Active installs300

Alternatives

WP Abstracts Alternatives

WP Conference

wp-conference

A

85

Here we present a New Plugin which basically helps to arrange Seminar/Conference in an organized manner. We provide a system that can handle the foll …

10 No CVEs

Developer Profile

WP Abstracts Developer Profile

Kevon Adonis

2 plugins · 310 total installs

62

trust score

Avg Security Score

76/100

Avg Patch Time

95 days

View full developer profile

Detection Fingerprints

How We Detect WP Abstracts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/css/frontend.css/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/css/admin.css/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/js/admin.js/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/js/frontend.js/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/js/common.js

Script Paths

/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/js/admin.js/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/js/frontend.js/wp-content/plugins/wp-abstracts-manuscripts-manager/assets/js/common.js

Version Parameters

wp-abstracts-manuscripts-manager/assets/css/frontend.css?ver=wp-abstracts-manuscripts-manager/assets/css/admin.css?ver=wp-abstracts-manuscripts-manager/assets/js/admin.js?ver=wpabstracts/assets/js/frontend.js?ver=wpabstracts/assets/js/common.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpabstracts-dashboardwpabstracts-sectionwpabstracts-formwpabstracts-tablewpabstracts-editor

HTML Comments

Data Attributes

data-wpabstracts-event-iddata-wpabstracts-action

JS Globals

wpabstracts_admin_ajax_urlwpabstracts_frontend_ajax_urlwpabstracts_nonce

REST Endpoints

/wp-json/wpabstracts/v1/events/wp-json/wpabstracts/v1/abstracts/wp-json/wpabstracts/v1/reviews

Shortcode Output

<div class="wpabstracts-dashboard"><form class="wpabstracts-register-form"><table class="wpabstracts-accepted-list">

FAQ

WP Abstracts Security & Risk Analysis

Is WP Abstracts Safe to Use in 2026?

Use With Caution

Key Concerns

WP Abstracts Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Abstracts Release Timeline

WP Abstracts Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Abstracts Attack Surface

AJAX Handlers 11

Shortcodes 4

WP Abstracts Maintenance & Trust

Maintenance Signals

Community Trust

WP Abstracts Alternatives

WP Conference

WP Abstracts Developer Profile

How We Detect WP Abstracts

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Abstracts