WP-Safety

WP Petfinder Security & Risk Analysis

wordpress.org/plugins/wp-petfinder

WP Petfinder plugin was designed to integrate Petfinder.com database with your Wordpress site via Petfinder API v2. It will be useful for pet shelters …

30 active installs v0.8 PHP 5.6+ WP 4.0+ Updated Jan 29, 2022
petfinder
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Petfinder Safe to Use in 2026?

Generally Safe

Score 85/100

WP Petfinder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The wp-petfinder plugin version 0.8 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and a decent number of capability checks, several concerning areas require attention. The presence of an unprotected AJAX handler significantly increases the attack surface, as it's a direct entry point without any authentication or authorization mechanisms. Furthermore, the taint analysis revealing flows with unsanitized paths, specifically two of high severity, indicates potential vulnerabilities where user-supplied data could be improperly handled, leading to unintended consequences. The plugin's clean vulnerability history is a positive sign, suggesting a lack of known exploitable flaws. However, this should not be a cause for complacency, especially given the identified code signals and taint analysis results. The use of dangerous functions like 'unserialize' and 'create_function' also presents inherent risks if not handled with extreme care and robust validation. Overall, while the plugin is not currently known to be compromised, the identified code and taint analysis issues warrant remediation to improve its security.

Key Concerns

  • Unprotected AJAX handler
  • High severity taint flows (2)
  • Dangerous function: unserialize
  • Dangerous function: create_function
  • Unsanitized paths in taint flows (5)
Vulnerabilities
None known

WP Petfinder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Petfinder Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
6 prepared
Unescaped Output
169
350 escaped
Nonce Checks
4
Capability Checks
9
File Operations
7
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize($row['contents']);inc\class-wp-petfinder.php:448
create_functionadd_filter( 'wp_default_editor', create_function('', 'return "tinymce";') );inc\vafpress-framework\bootstrap.php:227

Bundled Libraries

Select2

SQL Query Safety

86% prepared7 total queries

Output Escaping

67% escaped519 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
animal_gender_options (inc\class-wp-petfinder.php:1244)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Petfinder Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 1

authwp_ajax_vp_ajax_wrapperinc\vafpress-framework\bootstrap.php:103

Shortcodes 4

[pf_search_form] inc\class-wp-petfinder.php:44
[pf_search_results] inc\class-wp-petfinder.php:45
[pf_details] inc\class-wp-petfinder.php:46
[pf_animal] inc\class-wp-petfinder.php:47
WordPress Hooks 41
actioninitinc\class-wp-petfinder.php:48
actionplugins_loadedinc\class-wp-petfinder.php:49
actionadmin_menuinc\class-wp-petfinder.php:50
actionwidgets_initinc\class-wp-petfinder.php:51
actionwp_enqueue_scriptsinc\class-wp-petfinder.php:52
actionwppf_before_search_resultsinc\class-wp-petfinder.php:53
actionwppf_after_search_resultsinc\class-wp-petfinder.php:54
actionwppf_animal_galleryinc\class-wp-petfinder.php:55
filterthe_contentinc\class-wp-petfinder.php:56
filterdocument_title_partsinc\class-wp-petfinder.php:57
filterthe_titleinc\class-wp-petfinder.php:58
actionadmin_noticesinc\class-wp-petfinder.php:59
actionwp_headinc\class-wp-petfinder.php:60
actionafter_setup_themeinc\vafpress-framework\bootstrap.php:73
actiontgmpa_registerinc\vafpress-framework\bootstrap.php:79
actioninitinc\vafpress-framework\bootstrap.php:144
actioncurrent_screeninc\vafpress-framework\bootstrap.php:145
actionadmin_enqueue_scriptsinc\vafpress-framework\bootstrap.php:146
actioncurrent_screeninc\vafpress-framework\bootstrap.php:147
filterclean_urlinc\vafpress-framework\bootstrap.php:148
actionadmin_footerinc\vafpress-framework\bootstrap.php:193
filterwp_default_editorinc\vafpress-framework\bootstrap.php:227
actioninitinc\vafpress-framework\classes\metabox.php:43
actionvp_option_first_activationinc\vafpress-framework\classes\option.php:81
actionadmin_menuinc\vafpress-framework\classes\option.php:100
actionadmin_noticesinc\vafpress-framework\classes\option.php:162
actioncurrent_screeninc\vafpress-framework\classes\shortcodegenerator.php:47
actionadmin_footerinc\vafpress-framework\classes\shortcodegenerator.php:58
filtermce_external_pluginsinc\vafpress-framework\classes\shortcodegenerator.php:288
filtermce_buttonsinc\vafpress-framework\classes\shortcodegenerator.php:289
filterwp_fullscreen_buttonsinc\vafpress-framework\classes\shortcodegenerator.php:290
filteradmin_print_stylesinc\vafpress-framework\classes\shortcodegenerator.php:291
actionadmin_enqueue_scriptsinc\vafpress-framework\classes\wp\enqueuer.php:27
actionadmin_headinc\vafpress-framework\includes\wpalchemy\MetaBox.php:21
actionadmin_footerinc\vafpress-framework\includes\wpalchemy\MetaBox.php:22
actionadmin_initinc\vafpress-framework\includes\wpalchemy\MetaBox.php:475
actionimport_post_metainc\vafpress-framework\includes\wpalchemy\MetaBox.php:477
filteroutputinc\vafpress-framework\includes\wpalchemy\MetaBox.php:537
actionsave_postinc\vafpress-framework\includes\wpalchemy\MetaBox.php:547
actionadmin_headinc\vafpress-framework\includes\wpalchemy\MetaBox.php:587
actionadmin_footerinc\vafpress-framework\includes\wpalchemy\MetaBox.php:589
Maintenance & Trust

WP Petfinder Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJan 29, 2022
PHP min version5.6
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

WP Petfinder Alternatives

List Petfinder Pets

List Petfinder Pets

petfinder-listings

A
92

The List Petfinder Pets plugin takes advantage of the Petfinder API to list your available pets on your website.

400 1 CVE
PF404 for PetFinder

PF404 for PetFinder

pf404-for-petfinder

A
85

Overrides your 404 page template and shows dogs, cats, and other animals in need of new homes and available for adoption.

0 No CVEs
Developer Profile

WP Petfinder Developer Profile

Alex Raven

2 plugins · 50 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Petfinder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-petfinder/assets/css/frontend.css/wp-content/plugins/wp-petfinder/assets/js/frontend.js
Script Paths
/wp-content/plugins/wp-petfinder/assets/js/frontend.js
Version Parameters
wp-petfinder/assets/css/frontend.css?ver=wp-petfinder/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wppf-buttonwppf-button-adopt
Data Attributes
data-animal-id
JS Globals
wppf_params
Shortcode Output
[pf_search_form][pf_search_results][pf_details][pf_animal]
FAQ

Frequently Asked Questions about WP Petfinder