Does WP Query Creator have any unpatched vulnerabilities?

Yes — WP Query Creator currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Query Creator compatible with WordPress 6.5.8?

According to WordPress.org data, WP Query Creator 1.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is WP Query Creator compatible with PHP 7.1+?

WP Query Creator requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Query Creator updated?

WP Query Creator was last updated on Mar 1, 2025. Frequent updates are generally a positive security signal.

What is WP Query Creator's security score?

WP Query Creator has a WP-Safety security score of 71/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Query Creator Security & Risk Analysis

wordpress.org/plugins/wp-query-creator

WP Query Creator provides an interface for creating WP queries as shortcodes.

80 active installs v1.0 PHP 7.1+ WP 5.0+ Updated Mar 1, 2025

looppost-queryquerywp-querywp-query-creator

B · Generally Safe

CVEs total1

Unpatched1

Last CVEJan 18, 2025

Plugin page Download

Safety Verdict

Is WP Query Creator Safe to Use in 2026?

Mostly Safe

Score 71/100

WP Query Creator is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 18, 2025Updated 1yr ago

Risk Assessment

The wp-query-creator plugin version 1.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of output escaping. It also has a relatively small attack surface with only one shortcode and no direct AJAX handlers, REST API routes, or cron events that are exposed without authentication. However, significant concerns arise from its vulnerability history, specifically one unpatched medium severity CVE related to Cross-site Scripting. Furthermore, the static analysis reveals that 100% of the analyzed taint flows have unsanitized paths, which, although not categorized as critical or high severity in this specific analysis, points to a potential weakness in input sanitization that could be exploited in conjunction with other vulnerabilities or future code changes.

Key Concerns

Unpatched medium CVE
Taint flows with unsanitized paths (2/2)
Missing nonce checks
Missing capability checks

Vulnerabilities

WP Query Creator Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-22264medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Query Creator <= 1.0 - Reflected Cross-Site Scripting

Jan 18, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Query Creator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

314 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped355 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wpqc_page (includes\admin.php:33)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Query Creator Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wp-query] includes\shortcode.php:6

WordPress Hooks 3

actionadmin_menuincludes\admin.php:6

actionadmin_initincludes\admin.php:9

actionadmin_footerincludes\css_js.php:6

Maintenance & Trust

WP Query Creator Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMar 1, 2025

PHP min version7.1

Downloads3K

Community Trust

Rating60/100

Number of ratings1

Active installs80

Alternatives

WP Query Creator Alternatives

Advanced Query Loop

advanced-query-loop

100

Transform your Query Loop blocks into powerful, flexible content engines! 🚀

5K No CVEs

Loops & Logic

tangible-loops-and-logic

Loops & Logic is a template system with content loops and conditions.

2K 1 CVE

Query Wrangler

query-wrangler

Query Wrangler provides an intuitive interface for creating complex WP queries as shortcodes and widgets. UI based on Drupal Views.

700 2 CVEs

Query Loop Load More

query-loop-load-more

100

This WordPress plugin adds a load more option to the Query Loop Pagination block in Gutenberg, allowing users to load more posts without refreshing th …

500 No CVEs

Query Loop Post Selector

query-loop-post-selector

100

A native query loop extension that adds a new option in the filter that allows user to specifically pick certain posts to display

500 No CVEs

Developer Profile

WP Query Creator Developer Profile

Patel

2 plugins · 380 total installs

trust score

Avg Security Score

71/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect WP Query Creator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-query-creator/includes/css_js.php

HTML / DOM Fingerprints

CSS Classes

boximagecontenttitledateexcerptreadmore

Shortcode Output

<div class="box"><img class="image" src="%feature_img|thumbnail%"><div class="content"><h2 class="title">%title%</h2>

FAQ