Does wp-security-txt have any unpatched vulnerabilities?

No. All known vulnerabilities in wp-security-txt have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is wp-security-txt compatible with WordPress 4.9.29?

According to WordPress.org data, wp-security-txt 1.0.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is wp-security-txt compatible with PHP 7.0+?

wp-security-txt requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is wp-security-txt updated?

wp-security-txt was last updated on Nov 22, 2017. Frequent updates are generally a positive security signal.

What is wp-security-txt's security score?

wp-security-txt has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wp-security-txt Security & Risk Analysis

wordpress.org/plugins/wp-security-txt

A plugin for serving 'security.txt' in WordPress 4.9+, based on configuration settings.

60 active installs v1.0.0 PHP 7.0+ WP 4.9+ Updated Nov 22, 2017

infosecnetsecresponsible-disclosuresecuritysecurity-txt

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is wp-security-txt Safe to Use in 2026?

Generally Safe

Score 85/100

wp-security-txt has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The wp-security-txt plugin v1.0.0 exhibits an excellent security posture based on the provided static analysis and vulnerability history. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events means the plugin has a minimal attack surface, with no apparent entry points that could be exploited. The code also demonstrates strong security practices, with all SQL queries using prepared statements and a very low number of file operations and external HTTP requests, which are generally well-handled. The lack of known CVEs and a clean vulnerability history further bolster its security profile, suggesting diligent development and adherence to security best practices.

Key Concerns

Output escaping is not fully implemented
No capability checks implemented
No nonce checks implemented

Vulnerabilities

None known

wp-security-txt Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

wp-security-txt Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

66 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped99 total outputs

Attack Surface

wp-security-txt Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionplugins_loadedincludes\class-wordpress-security-txt.php:158

actionadmin_enqueue_scriptsincludes\class-wordpress-security-txt.php:173

actionadmin_enqueue_scriptsincludes\class-wordpress-security-txt.php:174

actionadmin_menuincludes\class-wordpress-security-txt.php:177

actionadmin_initincludes\class-wordpress-security-txt.php:178

actionadmin_initincludes\class-wordpress-security-txt.php:179

actionadmin_initincludes\class-wordpress-security-txt.php:180

actionplugin_row_metaincludes\class-wordpress-security-txt.php:183

actionwp_before_admin_bar_renderincludes\class-wordpress-security-txt.php:184

actionplugins_loadedincludes\class-wordpress-security-txt.php:221

Maintenance & Trust

wp-security-txt Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 22, 2017

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

wp-security-txt Alternatives

security-txt

A plugin for serving 'security.txt' in WordPress 6.1.1+.

10 No CVEs

Security.txt Manager

security-txt-manager

100

Create and manage your security.txt from within WordPress. The easiest way to manage security policy.

500 No CVEs

Generate Security.txt

generate-security-txt

100

With a security.txt file, ethical hackers can easily send you a notification when they have found a vulnerability on your website.

400 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Developer Profile

wp-security-txt Developer Profile

securitytext.org

1 plugin · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect wp-security-txt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-security-txt/admin/css/wp-security-txt-admin.css/wp-content/plugins/wp-security-txt/admin/js/wp-security-txt-repeater.min.js/wp-content/plugins/wp-security-txt/admin/js/wp-security-txt-validator.js/wp-content/plugins/wp-security-txt/admin/js/wp-security-txt-admin.js

Script Paths

/wp-content/plugins/wp-security-txt/admin/js/wp-security-txt-repeater.min.js/wp-content/plugins/wp-security-txt/admin/js/wp-security-txt-validator.js/wp-content/plugins/wp-security-txt/admin/js/wp-security-txt-admin.js

Version Parameters

wp-security-txt-admin.css?ver=wp-security-txt-repeater.min.js?ver=wp-security-txt-validator.js?ver=wp-security-txt-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

FAQ