Does wp-greet have any unpatched vulnerabilities?

No. All known vulnerabilities in wp-greet have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is wp-greet compatible with WordPress 6.9.4?

According to WordPress.org data, wp-greet 6.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is wp-greet updated?

wp-greet was last updated on Dec 6, 2025. Frequent updates are generally a positive security signal.

What is wp-greet's security score?

wp-greet has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wp-greet Security & Risk Analysis

wordpress.org/plugins/wp-greet

wp-greet sends greeting cards from your WordPress blog. It works with WordPress-, NextGen- or NextCellentGallery.

50 active installs v6.3 PHP + WP 4.1+ Updated Dec 6, 2025

cardemailgreetcardgreetingsend

A · Safe

CVEs total1

Unpatched0

Last CVEJan 20, 2025

Plugin page Download

Safety Verdict

Is wp-greet Safe to Use in 2026?

Generally Safe

Score 99/100

wp-greet has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 20, 2025Updated 3mo ago

Risk Assessment

The "wp-greet" v6.3 plugin demonstrates a generally good security posture, with a low attack surface and a strong reliance on prepared statements for SQL queries. The majority of output appears to be properly escaped, and robust nonce and capability checks are in place across various code signals. This indicates a developer who is aware of common WordPress security best practices.

However, the presence of a "dangerous function" (unserialize) and a significant number of "flows with unsanitized paths" (6 out of 8 analyzed) are notable concerns. While no "critical" or "high" severity taint flows were identified in this analysis, the potential for issues arising from unserialized, unsanitized data remains. The plugin's vulnerability history, while showing no currently unpatched CVEs, does include a past medium severity Cross-Site Request Forgery (CSRF) vulnerability. This suggests that while the developer is responsive to patching, certain types of vulnerabilities have occurred in the past.

In conclusion, "wp-greet" v6.3 is a relatively secure plugin due to its limited attack surface and good implementation of core WordPress security features. The primary areas for caution are the use of `unserialize` and the identified unsanitized paths, which warrant careful monitoring and potential further investigation, especially if new vulnerabilities arise. The historical CSRF vulnerability should also be a reminder for users to ensure the plugin is always kept up-to-date.

Key Concerns

Dangerous function unserialize present
High number of unsanitized paths
Past medium severity CVE

Vulnerabilities

wp-greet Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-13444medium · 6.1Cross-Site Request Forgery (CSRF)

wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Jan 20, 2025 Patched in 6.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

wp-greet Code Analysis

Dangerous Functions

Raw SQL Queries

43 prepared

Unescaped Output

196 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$options['wp-greet-galarr'] = unserialize( get_option( 'wp-greet-galarr' ) );wpg-func.php:151

Bundled Libraries

TinyMCE

SQL Query Safety

98% prepared44 total queries

Output Escaping

71% escaped275 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

<wpg-stamped> (wpg-stamped.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

wp-greet Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wp-greet] wp-greet.php:78

WordPress Hooks 21

filterpre_get_postswp-greet.php:81

filterngg_create_gallery_linkwp-greet.php:85

filterngg_get_thumbcodewp-greet.php:87

filterpost_gallerywp-greet.php:92

filterrender_blockwp-greet.php:94

actionwpgreet_sendcard_linkwp-greet.php:100

actionwpgreet_sendcard_mailwp-greet.php:101

actionwp_print_scriptswp-greet.php:134

actionwp_print_styleswp-greet.php:135

actionadmin_noticeswp-greet.php:294

actionadmin_menuwp-greet.php:296

actioninitwp-greet.php:299

actionwp_enqueue_scriptswp-greet.php:300

actionadmin_enqueue_scriptswp-greet.php:301

filtermce_external_pluginswpg-form.php:873

filterwp_get_attachment_linkwpg-func.php:859

filterpost_gallerywpg-func.php:957

filterattachment_fields_to_editwpg-func.php:1090

filterattachment_fields_to_savewpg-func.php:1107

filterwp-greet-offerstampwpg-offerstamp.php:146

filterwp-greet-buddypress-group-selectorwpg-offerstamp.php:212

Scheduled Events 4

wpgreet_sendcard_link

wpgreet_sendcard_mail

wpgreet_sendcard_link

wpgreet_sendcard_mail

Maintenance & Trust

wp-greet Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 6, 2025

PHP min version

Downloads35K

Community Trust

Rating98/100

Number of ratings10

Active installs50

Alternatives

wp-greet Alternatives

RsCards Maker

rscards-maker

RsCards Maker is a versatile tool designed to create and customize greeting Christmas cards.

10 No CVEs

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs

Email Log

email-log

Log and view all outgoing emails from WordPress. Very useful if you have to debug email related problems or have to store sent emails for auditing.

80K 4 CVEs

Change Mail Sender

cb-change-mail-sender

Easily change the default WordPress from email name and from email address.

20K No CVEs

Developer Profile

wp-greet Developer Profile

tuxlog

6 plugins · 6K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

660 days

View full developer profile

Detection Fingerprints

How We Detect wp-greet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-greet/wp-greet.css/wp-content/plugins/wp-greet/smilies_tinymce.js/wp-content/plugins/wp-greet/smilies.js/wp-content/plugins/wp-greet/flatpickr/flatpickr.min.js/wp-content/plugins/wp-greet/flatpickr/flatpickr.min.css/wp-content/plugins/wp-greet/flatpickr/l10n//wp-content/plugins/wp-greet/howler/howler.min.js/wp-content/plugins/wp-greet/wpg_admin.js

Script Paths

wp-greet/smilies_tinymce.jswp-greet/smilies.jswp-greet/flatpickr/flatpickr.min.jswp-greet/flatpickr/flatpickr.min.csswp-greet/flatpickr/l10n/wp-greet/howler/howler.min.js+1 more

Version Parameters

wp-greet.css?ver=smilies_tinymce.js?ver=smilies.js?ver=flatpickr.min.js?ver=flatpickr.min.css?ver=l10n/howler.min.js?ver=wpg_admin.js?ver=

HTML / DOM Fingerprints

JS Globals

wpg_options

Shortcode Output

[wp-greet]

FAQ

wp-greet Security & Risk Analysis

Is wp-greet Safe to Use in 2026?

Generally Safe

Key Concerns

wp-greet Security Vulnerabilities

CVEs by Year

Severity Breakdown

wp-greet Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

wp-greet Attack Surface

Shortcodes 1

Scheduled Events 4

wp-greet Maintenance & Trust

Maintenance Signals

Community Trust

wp-greet Alternatives

RsCards Maker

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

Brevo – Email, SMS, Web Push, Chat, and more.

Email Log

Change Mail Sender

wp-greet Developer Profile

How We Detect wp-greet

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about wp-greet