Does WP-GraphViz have any unpatched vulnerabilities?

Yes — WP-GraphViz currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP-GraphViz compatible with WordPress 6.2.9?

According to WordPress.org data, WP-GraphViz 1.5.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is WP-GraphViz updated?

WP-GraphViz was last updated on Jul 23, 2023. Frequent updates are generally a positive security signal.

What is WP-GraphViz's security score?

WP-GraphViz has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-GraphViz Security & Risk Analysis

wordpress.org/plugins/wp-graphviz

A plugin to provide GraphViz functionality for WordPress sites.

50 active installs v1.5.1 PHP + WP 5.0+ Updated Jul 23, 2023

diagramdotgraphgraphviznetwork

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is WP-GraphViz Safe to Use in 2026?

Use With Caution

Score 63/100

WP-GraphViz has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 2yr ago

Risk Assessment

The wp-graphviz plugin v1.5.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface with no direct entry points identified in AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The presence of at least one capability check suggests some attempt at access control. However, the concerning aspect is the moderate output escaping rate of 43%, indicating that a significant portion of dynamic output may not be adequately sanitized, posing a potential risk for Cross-Site Scripting (XSS) vulnerabilities. The absence of taint analysis data is also a gap, leaving potential data flow issues unexamined.

The vulnerability history for this plugin is a significant concern. It shows a total of one known CVE, which is currently unpatched, categorized as medium severity. This past vulnerability was specifically an Improper Neutralization of Input During Web Page Generation (XSS) issue. The fact that this vulnerability is still outstanding and was relatively recent (according to the 'Last vulnerability' date) strongly suggests a lack of consistent security maintenance and patching practices by the plugin developers. This history, combined with the moderate output escaping, points to a recurring weakness in handling user-supplied data safely.

In conclusion, while the plugin has a small attack surface and good practices in areas like SQL query handling, the unpatched medium severity XSS vulnerability and the suboptimal output escaping rate present a tangible risk. The plugin's history indicates a potential for recurring XSS issues. Users should be cautious, especially given the unpatched vulnerability. The lack of taint analysis further adds to the uncertainty regarding other potential data handling flaws. The plugin's strengths are overshadowed by its unaddressed security flaw and questionable output sanitization.

Key Concerns

Unpatched medium severity CVE
Moderate output escaping (43%)

Vulnerabilities

WP-GraphViz Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58870medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-GraphViz <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP-GraphViz Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

43% escaped14 total outputs

Attack Surface

WP-GraphViz Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actioninitclasses\class-wp-graphviz-plugin.php:80

actiondmp_addpanelclasses\class-wp-graphviz-plugin.php:81

actionadmin_menuclasses\class-wp-graphviz-plugin.php:84

actionadmin_initclasses\class-wp-graphviz-plugin.php:85

actionadmin_enqueue_scriptsclasses\class-wp-graphviz-plugin.php:88

actionadmin_enqueue_scriptsclasses\class-wp-graphviz-plugin.php:89

actionwp_enqueue_scriptsclasses\class-wp-graphviz-plugin.php:92

actionwp_enqueue_scriptsclasses\class-wp-graphviz-plugin.php:93

actionadmin_initclasses\class-wp-graphviz-shortcodes.php:29

filteradd_wp_graphviz_menu_itemsclasses\class-wp-graphviz-shortcodes.php:42

filterno_texturize_shortcodesclasses\class-wp-graphviz-shortcodes.php:45

actioninitclasses\class-wp-graphviz-shortcodes.php:355

Maintenance & Trust

WP-GraphViz Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJul 23, 2023

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings3

Active installs50

Alternatives

WP-GraphViz Alternatives

TFO Graphviz

tfo-graphviz

Generates Graphviz graphics using shortcodes. Supports almost all Graphviz features (depending on the generation method in use.)

40 1 CVE

Data Diagrams: Visual Chart Editor for WordPress

data-diagrams

100

Visual Editor for 33+ free responsive SVG data charts - as easy as adding an image. No technical skills needed. Live data. No external API calls.

10 No CVEs

Graph Commons

graph-commons

Insert Node Cards and Graphs from Graph Commons to your posts.

10 No CVEs

Post Popularity Chart Widget

post-popularity-chart-widget-lite

Post Popularity Chart Widget, by which you display a graph with statistics of visits of any article on your site.

10 No CVEs

Markdeep Block

markdeep-block

100

Markdeep Block is a WordPress plugin for adding Gutenberg blocks supporting Markdeep syntax.

0 No CVEs

Developer Profile

WP-GraphViz Developer Profile

DeBAAT

7 plugins · 6K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect WP-GraphViz

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-graphviz/css/admin.css/wp-content/plugins/wp-graphviz/js/viz-public.js/wp-content/plugins/wp-graphviz/js/viz-lite.js

Script Paths

/wp-content/plugins/wp-graphviz/js/viz-public.js/wp-content/plugins/wp-graphviz/js/viz-lite.js

Version Parameters

wp-graphviz/css/admin.css?ver=wp-graphviz/js/viz-public.js?ver=wp-graphviz/js/viz-lite.js?ver=

HTML / DOM Fingerprints

HTML Comments

+1 more

Data Attributes

data-graphviz-iddata-graphviz-graphdata-graphviz-typedata-graphviz-enginedata-graphviz-widthdata-graphviz-height

JS Globals

WP_GraphViz_Object

Shortcode Output

[graphviz][/graphviz]

FAQ

WP-GraphViz Security & Risk Analysis

Is WP-GraphViz Safe to Use in 2026?

Use With Caution

Key Concerns

WP-GraphViz Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP-GraphViz Code Analysis

Output Escaping

WP-GraphViz Attack Surface

WP-GraphViz Maintenance & Trust

Maintenance Signals

Community Trust

WP-GraphViz Alternatives

TFO Graphviz

Data Diagrams: Visual Chart Editor for WordPress

Graph Commons

Post Popularity Chart Widget

Markdeep Block

WP-GraphViz Developer Profile

How We Detect WP-GraphViz

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP-GraphViz