Does W3P SEO have any unpatched vulnerabilities?

No. All known vulnerabilities in W3P SEO have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is W3P SEO compatible with WordPress 6.9.4?

According to WordPress.org data, W3P SEO 2.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is W3P SEO compatible with PHP 7.1+?

W3P SEO requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is W3P SEO updated?

W3P SEO was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is W3P SEO's security score?

W3P SEO has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

W3P SEO Security & Risk Analysis

wordpress.org/plugins/wp-perfect-plugin

W3P SEO provides the minimum SEO/SEM/local/marketing options for any site owner.

90 active installs v2.1.3 PHP 7.1+ WP 5.7+ Updated Feb 24, 2026

googlelocalseositemapwebmaster

A · Safe

CVEs total1

Unpatched0

Last CVENov 1, 2024

Plugin page Download

Safety Verdict

Is W3P SEO Safe to Use in 2026?

Generally Safe

Score 99/100

W3P SEO has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 1, 2024Updated 1mo ago

Risk Assessment

The wp-perfect-plugin v2.1.3 demonstrates strong adherence to many WordPress security best practices, particularly in its code execution. The plugin boasts a clean attack surface with no unprotected entry points, extensive use of prepared statements for SQL queries, and a high percentage of properly escaped output. The presence of numerous nonce and capability checks further bolsters its defense against unauthorized actions. However, the static analysis did reveal two flows with unsanitized paths, which, while not flagged as critical or high severity in the taint analysis, represent a potential area of concern for privilege escalation or information disclosure if exploited. The plugin's vulnerability history, while showing only one medium severity CVE, is notable. The fact that this CVE was a Cross-Site Request Forgery (CSRF) and was recently discovered and patched, suggests a pattern of vulnerabilities that, while not critical, require ongoing vigilance. Overall, the plugin is generally well-secured with robust input validation and output sanitization, but the presence of unsanitized paths and the historical pattern of CSRF vulnerabilities warrant careful monitoring and prompt updates.

Key Concerns

Flows with unsanitized paths detected
Past medium severity CVE (CSRF)

Vulnerabilities

W3P SEO Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-51684medium · 6.1Cross-Site Request Forgery (CSRF)

W3P SEO <= 1.8.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 1, 2024 Patched in 1.8.6 (6d)

Code Analysis

Analyzed Mar 16, 2026

W3P SEO Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

280 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

87% prepared30 total queries

Output Escaping

98% escaped287 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

w3p_add_canonical_link (includes\functions.php:341)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

W3P SEO Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[subpages] modules\w3p-list-subpages.php:64

WordPress Hooks 22

actionadd_attachmentincludes\functions.php:24

filterwp_handle_upload_prefilterincludes\functions.php:56

filterwp_sitemaps_enabledincludes\functions.php:62

filterwp_sitemaps_post_typesincludes\functions.php:64

filterwp_sitemaps_taxonomiesincludes\functions.php:65

filterwp_sitemaps_add_providerincludes\functions.php:68

filterwp_sitemaps_posts_entryincludes\functions.php:71

filterwp_sitemaps_max_urlsincludes\functions.php:83

filterwp_sitemaps_posts_query_argsincludes\functions.php:94

actionafter_setup_themeincludes\functions.php:243

filterpre_get_document_titleincludes\functions.php:299

actionwp_headincludes\functions.php:332

filterexcerpt_moreincludes\functions.php:422

filterthe_contentincludes\functions.php:735

filterwp_robotsincludes\functions.php:822

actionadd_meta_boxesincludes\meta.php:12

actionsave_postincludes\meta.php:117

actionwp_headincludes\schema-breadcrumbs.php:149

filterlanguage_attributesmodules\w3p-search-console.php:130

actionwp_footermodules\w3p-search-console.php:258

actionadmin_menuwp-perfect-plugin.php:48

actionadmin_enqueue_scriptswp-perfect-plugin.php:75

Maintenance & Trust

W3P SEO Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version7.1

Downloads17K

Community Trust

Rating80/100

Number of ratings1

Active installs90

Alternatives

W3P SEO Alternatives

Simple Google Sitemap XML

simple-google-sitemap-xml

Simple Google Sitemap XML generates a valid Google XML sitemap.

3K No CVEs

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

SEOPress – On-site SEO & Analytics

wp-seopress

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs

The SEO Framework – Fast, Automated, Effortless.

autodescription

100

The fastest feature-complete SEO plugin for professional WordPress websites. Secure, fast, unbranded, and automated SEO. Do less; get better results.

200K No CVEs

Developer Profile

W3P SEO Developer Profile

Ciprian Popescu

8 plugins · 4K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

47 days

View full developer profile

Detection Fingerprints

How We Detect W3P SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-perfect-plugin/assets/css/datatable.min.css/wp-content/plugins/wp-perfect-plugin/assets/css/ui.css/wp-content/plugins/wp-perfect-plugin/assets/js/datatable.min.js

Script Paths

/wp-content/plugins/wp-perfect-plugin/assets/js/datatable.min.js

Version Parameters

wp-perfect-plugin/assets/css/datatable.min.css?ver=wp-perfect-plugin/assets/css/ui.css?ver=wp-perfect-plugin/assets/js/datatable.min.js?ver=

HTML / DOM Fingerprints

FAQ