Does WP Figlet have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Figlet have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Figlet compatible with WordPress 4.2.39?

According to WordPress.org data, WP Figlet 0.2.1 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is WP Figlet updated?

WP Figlet was last updated on Dec 22, 2014. Frequent updates are generally a positive security signal.

What is WP Figlet's security score?

WP Figlet has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Figlet Security & Risk Analysis

wordpress.org/plugins/wp-figlet

WP Figlet allows you to draw ASCII art in your posts and page source.

10 active installs v0.2.1 PHP + WP 2.3+ Updated Dec 22, 2014

adminasciifigletpostposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Figlet Safe to Use in 2026?

Generally Safe

Score 85/100

WP Figlet has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The wp-figlet plugin version 0.2.1 exhibits a generally positive security posture in several key areas. The static analysis reveals no dangerous function calls, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests. Furthermore, the plugin has no recorded vulnerability history (CVEs), suggesting a history of secure development or diligent patching by its maintainers.

However, a significant concern arises from the complete lack of output escaping. With 14 identified output points and 0% properly escaped, this plugin is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. An attacker could potentially inject malicious scripts through the shortcode functionality, which represents the plugin's sole entry point. While there are no explicit taint analysis findings or known vulnerabilities, the absence of output escaping creates a substantial risk that could be exploited.

In conclusion, while the plugin benefits from secure coding practices in database interaction and avoiding risky functions, the severe lack of output escaping is a critical weakness that overshadows these strengths. The absence of nonce or capability checks on its single entry point (the shortcode) further exacerbates this risk. Users of this plugin should be aware of the high probability of XSS vulnerabilities.

Key Concerns

100% of outputs are not properly escaped
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

WP Figlet Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Figlet Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped14 total outputs

Attack Surface

WP Figlet Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ascii] wp-figlet.php:58

WordPress Hooks 2

actionadmin_menuwp-figlet.php:52

actionwp_headwp-figlet.php:55

Maintenance & Trust

WP Figlet Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedDec 22, 2014

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Figlet Alternatives

WP Admin UI Customize

wp-admin-ui-customize

Customize the management screen UI.

30K 2 CVEs

LH Archived Post Status

lh-archived-post-status

Allows posts and pages to be archived so you can remove content from the main loop and feed without having to trash it.

4K No CVEs

HiFi (Head Injection, Foot Injection)

hifi

HiFi is a head and foot injection plugin. It allows you to inject code into the head and foot areas of your posts and pages on a per-page basis.

2K No CVEs

Sortable Word Count Reloaded

sortable-word-count-reloaded

100

Adds a sortable column to the posts and pages admin list with the word count of each page/post.

2K No CVEs

Post Category Filter (WP Admin)

admin-category-filter

100

Quickly search and filter categories and taxonomies inside the WordPress admin.

1K No CVEs

Developer Profile

WP Figlet Developer Profile

Vladimir Prelovac

20 plugins · 1.0M total installs

trust score

Avg Security Score

87/100

Avg Patch Time

2577 days

View full developer profile

Detection Fingerprints

How We Detect WP Figlet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-figlet/phpfiglet_class.php/wp-content/plugins/wp-figlet/wp-figlet-options.php

HTML / DOM Fingerprints

HTML Comments

<!--

-->

Shortcode Output

<pre>

FAQ