Does WP-Clippy have any unpatched vulnerabilities?

Yes — WP-Clippy currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP-Clippy compatible with WordPress 3.5.2?

According to WordPress.org data, WP-Clippy 1.0.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is WP-Clippy updated?

WP-Clippy was last updated on Jan 1, 2013. Frequent updates are generally a positive security signal.

What is WP-Clippy's security score?

WP-Clippy has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Clippy Security & Risk Analysis

wordpress.org/plugins/wp-clippy

Adds a flash button that copies the value of an element or string to the clipboard when clicked.

10 active installs v1.0.0 PHP + WP 2.8+ Updated Jan 1, 2013

buttonclipboardcopyflashshortcode

C · Use Caution

CVEs total1

Unpatched1

Last CVEMay 4, 2026

Plugin page Download

Safety Verdict

Is WP-Clippy Safe to Use in 2026?

Use With Caution

Score 63/100

WP-Clippy has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 4, 2026Updated 13yr ago

Risk Assessment

The wp-clippy v1.0.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for SQL queries, and proper output escaping are commendable practices. The plugin also correctly handles file operations and external HTTP requests, further bolstering its security.

The analysis shows a very small attack surface, with only one shortcode identified and no unprotected entry points. The lack of any reported vulnerabilities in its history is also a positive indicator, suggesting a history of secure development or limited exposure. The absence of taint flows with unsanitized paths or critical/high severity issues further reinforces this positive assessment.

However, the plugin has no recorded capability checks or nonce checks for its entry points. While the attack surface is currently minimal, this could represent a potential risk if the plugin's functionality were to expand or if new vulnerabilities were introduced in future updates without implementing these essential security measures. Overall, wp-clippy v1.0.0 appears to be a secure plugin, but the absence of explicit authorization checks presents a minor area for improvement.

Key Concerns

Missing capability checks on entry points
Missing nonce checks on entry points

Vulnerabilities

1 published

WP-Clippy Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-5505medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

May 4, 2026Unpatched

Version History

WP-Clippy Release Timeline

v1.0.0Current1 CVE

CVE-2026-5505

Code Analysis

Analyzed Mar 17, 2026

WP-Clippy Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

WP-Clippy Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[clippy] wp-clippy.php:78

Maintenance & Trust

WP-Clippy Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJan 1, 2013

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

WP-Clippy Alternatives

Copy URL Button with Tooltip

copy-url-button-with-tooltip

100

A simple plugin that adds a shortcode to copy the current page URL with a tooltip message. Just use [copy_url_button].

20 No CVEs

MD Click Copyboard

md-click-copyboard

100

Create elegant click-to-copy input boxes for API keys, passwords, code snippets, and more. Perfect for documentation sites and client portals.

0 No CVEs

Quantum Universal Copy

quantum-universal-copy

100

Add a Copy to Clipboard button for text, promo codes, and code snippets in WordPress and Elementor with shortcode and widget support.

0 No CVEs

Copy Anything to Clipboard for WordPress – Copy Button, Copy Text & Copy Code

copy-the-code

Copy Anything to Clipboard is the #1 WordPress copy-to-clipboard plugin trusted by 10,000+ active websites with 342,151+ downloads 🚀.

10K 2 CVEs

Click To Copy – Copy Text or Code to Clipboard Instantly

click-to-copy

100

The Click To Copy Block plugin offers a seamless Gutenberg block for one-click content copying.

700 No CVEs

Developer Profile

WP-Clippy Developer Profile

Luke Mlsna

12 plugins · 12K total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Clippy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-clippy/wp-clippy.swf

HTML / DOM Fingerprints

CSS Classes

wp-clippy-embed

HTML Comments

Plugin: WP-Clippy
Plugin URI: http://shinraholdings.com/plugins/wp-clippy
WordPress plugin for copying input values or strings to the clipboard.

Data Attributes

id="wp-clippy-embed"id="wp-clippy"

Shortcode Output

<p id="wp-clippy-embed"<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="68" height="25" id="wp-clippy"<object type="application/x-shockwave-flash" data="

FAQ