Does WP Plugin Installer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Plugin Installer compatible with WordPress 2.8.6?

According to WordPress.org data, WP Plugin Installer 0.1 has been tested up to WordPress 2.8.6. Check the plugin's changelog for the latest compatibility information.

How often is WP Plugin Installer updated?

WP Plugin Installer was last updated on Dec 1, 2009. Frequent updates are generally a positive security signal.

What is WP Plugin Installer's security score?

WP Plugin Installer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Plugin Installer Security & Risk Analysis

wordpress.org/plugins/wp-plugin-installer

Allows the user to install the development version of a plugin for testing purposes.

10 active installs v0.1 PHP + WP 2.8+ Updated Dec 1, 2009

installplugins

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Plugin Installer Safe to Use in 2026?

Generally Safe

Score 85/100

WP Plugin Installer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The wp-plugin-installer v0.1 plugin exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and a lack of critical or high-severity taint flows are positive indicators. Furthermore, the plugin demonstrates an awareness of security best practices by utilizing prepared statements for all SQL queries and incorporating capability checks for at least one entry point. The limited attack surface also contributes to a lower risk profile. However, a significant concern is the complete lack of output escaping for the single identified output. This means any data processed or displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks if not properly sanitized before reaching the user. While the plugin has no recorded vulnerability history, this could also be due to its limited scope or recent release, rather than a proven track record of robust security.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

WP Plugin Installer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Plugin Installer Release Timeline

v0.1Current

Code Analysis

Analyzed Apr 16, 2026

WP Plugin Installer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

install_plugin_information (wp-plugin-installer.php:60)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Plugin Installer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filterplugins_api_resultwp-plugin-installer.php:84

actioninstall_plugins_pre_plugin-informationwp-plugin-installer.php:85

Maintenance & Trust

WP Plugin Installer Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.6

Last updatedDec 1, 2009

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Plugin Installer Alternatives

WPCore Plugin Manager

wpcore

100

Create plugin collections and install them in one click on any WordPress site.

10K No CVEs

Upload Larger Plugins

upload-larger-plugins

100

Install plugins of any size (i.e. work around web hosting limits)

7K No CVEs

Wp Favs – Plugin Manager

wpfavs

Wpfavs is a plugin manager tool that let's you import your plugins lists from https://wpfavs.com

3K No CVEs

Plugins List

plugins-list

100

Allows you to insert a list of the Wordpress plugins you are using into any post/page.

800 1 CVE

WP Install Profiles

install-profiles

Download custom collections of plugins automatically from the WordPress plugin directory.

400 No CVEs

Developer Profile

WP Plugin Installer Developer Profile

Pete Mall

3 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Plugin Installer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

action-button

Shortcode Output

<div align="center"><p class="action-button" style="width:200;"><a href="" target="_parent">Install Development Version</a></p></div><br/>

<div align="center"><p class="action-button" style="width:400;">Development Version of this plugin is not available</p></div><br/>

<div align="center"><p class="action-button" style="width:500;">Please uninstall the plugin if you would like to install the development version.</p></div><br/>

FAQ