Does Native PHP Sessions have any unpatched vulnerabilities?

No. All known vulnerabilities in Native PHP Sessions have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Native PHP Sessions compatible with WordPress 6.9.4?

According to WordPress.org data, Native PHP Sessions 1.4.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Native PHP Sessions compatible with PHP 7.4+?

Native PHP Sessions requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Native PHP Sessions updated?

Native PHP Sessions was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is Native PHP Sessions's security score?

Native PHP Sessions has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Native PHP Sessions Security & Risk Analysis

wordpress.org/plugins/wp-native-php-sessions

Use native PHP sessions and stay horizontally scalable. Better living through superior technology.

10K active installs v1.4.5 PHP 7.4+ WP 5.3+ Updated Dec 4, 2025

commentssessions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Native PHP Sessions Safe to Use in 2026?

Generally Safe

Score 100/100

Native PHP Sessions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'wp-native-php-sessions' plugin, version 1.4.5, exhibits a generally good security posture with few inherent risks. The code demonstrates strong adherence to secure coding practices, notably in its heavy reliance on prepared statements for SQL queries and proper output escaping, with negligible file operations or external HTTP requests. The absence of known vulnerabilities in its history is a significant strength, suggesting a well-maintained and tested codebase.

However, there are specific areas of concern that warrant attention. The presence of one unprotected AJAX handler expands the attack surface, creating a potential entry point for malicious actors. Furthermore, the taint analysis reveals two flows with unsanitized paths, both classified as high severity. While not yet exploited or resulting in critical vulnerabilities, these unsanitized paths represent a latent risk that could be leveraged if combined with specific user inputs.

In conclusion, the plugin is commendably secure in its core functionalities and history. The primary weaknesses lie in the unprotected AJAX handler and the high-severity unsanitized taint flows. Addressing these specific areas would significantly bolster the plugin's overall security and mitigate potential future risks.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows (2)

Vulnerabilities

None known

Native PHP Sessions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Native PHP Sessions Code Analysis

Dangerous Functions

Raw SQL Queries

35 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

90% prepared39 total queries

Output Escaping

83% escaped18 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

handle_clear_session (inc\class-admin.php:102)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Native PHP Sessions Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_pantheon_clear_sessioninc\class-admin.php:48

authwp_ajax_dismiss_noticepantheon-sessions.php:80

WordPress Hooks 8

actionadmin_menuinc\class-admin.php:47

actionadmin_footerinc\class-admin.php:96

actionset_logged_in_cookiepantheon-sessions.php:75

actionclear_auth_cookiepantheon-sessions.php:76

actionadmin_enqueue_scriptspantheon-sessions.php:79

actionshutdownpantheon-sessions.php:220

actionactivated_pluginpantheon-sessions.php:764

actionadmin_noticespantheon-sessions.php:765

Maintenance & Trust

Native PHP Sessions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version7.4

Downloads1.3M

Community Trust

Rating98/100

Number of ratings16

Active installs10K

Alternatives

Native PHP Sessions Alternatives

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs

Captcha Code

captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs

Developer Profile

Native PHP Sessions Developer Profile

Pantheon Systems

8 plugins · 39K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Native PHP Sessions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-native-php-sessions/assets/js/notices.js

Script Paths