Does WP FAQ have any unpatched vulnerabilities?

No. All known vulnerabilities in WP FAQ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP FAQ compatible with WordPress 5.0.25?

According to WordPress.org data, WP FAQ 1.1 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is WP FAQ updated?

WP FAQ was last updated on Dec 22, 2018. Frequent updates are generally a positive security signal.

What is WP FAQ's security score?

WP FAQ has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP FAQ Security & Risk Analysis

wordpress.org/plugins/wp-faqs

WP FAQ provides an easy way to add FAQ to your website.

100 active installs v1.1 PHP + WP 3.8+ Updated Dec 22, 2018

accordian-faqsfaqsimple-faqstogglewp-faq

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP FAQ Safe to Use in 2026?

Generally Safe

Score 85/100

WP FAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The 'wp-faqs' plugin version 1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, and a clean taint analysis report all indicate diligent secure coding practices. The plugin also has no recorded vulnerability history, which is a significant positive indicator. However, the lack of any nonce or capability checks, despite having a shortcode as an entry point, represents a potential area of concern. While the attack surface is small and seemingly unprotected, the absence of explicit authorization checks means that any user, regardless of their role or permissions, could potentially interact with the shortcode's functionality. This could be a weakness if the shortcode performs any action that has security implications, even if it's not immediately apparent from the provided data.

Key Concerns

Missing capability checks on shortcode
Missing nonce checks on shortcode

Vulnerabilities

None known

WP FAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP FAQ Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

WP FAQ Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wp_faq] faqs.php:134

WordPress Hooks 2

actioninitfaqs.php:23

filterenter_title_herefaqs.php:70

Maintenance & Trust

WP FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedDec 22, 2018

PHP min version

Downloads4K

Community Trust

Rating60/100

Number of ratings2

Active installs100

Alternatives

WP FAQ Alternatives

Arconix FAQ

arconix-faq

Arconix FAQ provides an easy way to add FAQ items to your website.

7K 3 CVEs

Gutena Accordion – Beautiful FAQ Accordion Block

gutena-accordion

100

Gutena Accordion is a WordPress Plugin which makes accordion dropdown creation really easy inside the block editor. Furthermore, it is very light weig …

5K No CVEs