Does WP Math have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Math compatible with WordPress 3.0.5?

According to WordPress.org data, WP Math 0.4.5 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Math updated?

WP Math was last updated on Feb 11, 2011. Frequent updates are generally a positive security signal.

What is WP Math's security score?

WP Math has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Math Security & Risk Analysis

wordpress.org/plugins/wp-math

This is just Beta version of this Plugin with some Bugs, but I need to report them (http://wpmath.g6.cz/).

10 active installs v0.4.5 PHP + WP 2.7+ Updated Feb 11, 2011

calculationcountingmathmath-publishermath-publishing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Math Safe to Use in 2026?

Generally Safe

Score 85/100

WP Math has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The wp-math v0.4.5 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by exclusively using prepared statements for all SQL queries and having no known vulnerabilities or CVEs. The static analysis also shows no critical or high-severity taint flows, and the total entry points are minimal with none appearing immediately unprotected. However, there are significant concerns regarding output escaping, with 0% of detected outputs being properly escaped. This suggests a strong possibility of Cross-Site Scripting (XSS) vulnerabilities, especially considering the presence of two shortcodes which are common vectors for user-controlled input. The absence of nonce checks and capability checks, combined with the file operations, further raises red flags, as these could be exploited in conjunction with unescaped output or other potential weaknesses. While the plugin's vulnerability history is clean, the code signals point to a critical oversight in output sanitization which needs immediate attention.

Key Concerns

0% output escaping
No nonce checks
No capability checks
Flows with unsanitized paths
File operations present

Vulnerabilities

None known

WP Math Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Math Release Timeline

v0.2.1

v0.2.0

v0.1.6

v0.1.3

v0.1.2

Code Analysis

Analyzed Apr 16, 2026

WP Math Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<admin_menu> (admin_menu.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Math Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[form] wp_math.php:32

[static] wp_math.php:33

WordPress Hooks 3

actionadmin_menuwp_math.php:30

filterthe_contentwp_math.php:35

filtercontent_save_prewp_math.php:36

Maintenance & Trust

WP Math Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedFeb 11, 2011

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Math Alternatives

$DS CF7 Math Captcha$

DS CF7 Math Captcha

ds-cf7-math-captcha

"DS CF7 Math Captcha" is a math captcha with refresh captcha functionality to prevent unwanted spam for your contact form 7 plugin.

30K 1 CVE

Website LLMs.txt

website-llms-txt

Automatically generate and manage LLMS.txt files for LLM/AI content understanding, with full Yoast SEO, Rank Math, SEOPress, and AIOSEO integration.

30K 3 CVEs

$MathJax-LaTeX$

MathJax-LaTeX

mathjax-latex

This plugin enables MathJax (http://www.mathjax.org) functionality for WordPress (http://www.wordpress.org).

10K 1 CVE

$WP All Import – Import SEO Settings for Rank Math SEO$

WP All Import – Import SEO Settings for Rank Math SEO

import-xml-csv-settings-to-rank-math-seo

100

Drag & drop to import from any CSV, Excel, XML, or Google Sheets file into Rank Math SEO's titles, meta descriptions, focus keywords, schema …

7K No CVEs

ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support

erp

Manage your business with a complete ERP system featuring powerful HR management, CRM tools, accounting, and seamless WooCommerce CRM integration.

6K 21 CVEs

Developer Profile

WP Math Developer Profile

Mikoviny

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Math

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-math/css/style.css/wp-content/plugins/wp-math/js/script.js

Script Paths

/wp-content/plugins/wp-math/js/script.js

Version Parameters

wp-math/css/style.css?ver=wp-math/js/script.js?ver=

HTML / DOM Fingerprints

Data Attributes

id="wp_math_settings"id="wp_math_bugs"id="wp_math_help"id="wp_math_news"

JS Globals

var polevisible_wp_math_settingsvar polevisible_wp_math_bugsvar polevisible_wp_math_helpvar polevisible_wp_math_news

Shortcode Output

echo wp_math("<br /><br /><m>beta=10/3=</m>")echo wp_math("<br /><br />mail@mail.com")

FAQ