Does WP-Stack have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-Stack have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-Stack compatible with WordPress 6.4.8?

According to WordPress.org data, WP-Stack 1.0.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is WP-Stack compatible with PHP 5.4+?

WP-Stack requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP-Stack updated?

WP-Stack was last updated on Apr 29, 2024. Frequent updates are generally a positive security signal.

What is WP-Stack's security score?

WP-Stack has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Stack Security & Risk Analysis

wordpress.org/plugins/wp-stack-connect

Wp-stack makes your lives easy by automating the most boring tasks you do on your websites and saves you hours of work and hundreds of dollars every m …

10 active installs v1.0.1 PHP 5.4+ WP 4.0+ Updated Apr 29, 2024

maintenancemanage-multiple-sitesperformancesite-audituptime-monitoring

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-Stack Safe to Use in 2026?

Generally Safe

Score 92/100

WP-Stack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "wp-stack-connect" v1.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output, significantly reducing the risk of common injection and XSS vulnerabilities. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting it has been relatively stable and secure in the past.

However, significant concerns arise from the attack surface. The plugin exposes 5 AJAX handlers, all of which lack authentication checks. This represents a critical weakness, allowing any unauthenticated user to trigger these handlers, potentially leading to unauthorized actions or information disclosure depending on the handler's functionality. Furthermore, the presence of the `unserialize` function, while not immediately flagged as a vulnerability by the taint analysis, is a known dangerous function that can be exploited if used with untrusted input, especially when paired with other vulnerabilities. The taint analysis, though limited, did find unsanitized paths, which is concerning even if not categorized as critical or high.

In conclusion, while the plugin has strengths in its handling of SQL and output, the lack of authentication on all AJAX endpoints is a severe oversight that drastically increases its risk profile. The potential for exploitation via `unserialize` and unsanitized paths, even if not currently exploited, warrants careful attention. A secure implementation would mandate proper authorization checks for all entry points, particularly AJAX handlers.

Key Concerns

5 AJAX handlers without auth checks
Dangerous function 'unserialize' present
Taint analysis found unsanitized paths

Vulnerabilities

None known

WP-Stack Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP-Stack Code Analysis

Dangerous Functions

Raw SQL Queries

94 prepared

Unescaped Output

170 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$addarr = unserialize( $add );includes\functions\auto-link-function.php:77

unserialize$addarr = unserialize( $add );includes\functions\auto-link-function.php:431

Bundled Libraries

Guzzle

SQL Query Safety

98% prepared96 total queries

Output Escaping

96% escaped177 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

activate (includes\core\class-wp-stack-connect-debug-log-core.php:14)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

WP-Stack Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_disconnectedincludes\configuration\class-wp-stack-connect-configuration.php:20

authwp_ajax_auto_connectincludes\configuration\class-wp-stack-connect-configuration.php:21

authwp_ajax_update_message_statusincludes\configuration\class-wp-stack-connect-configuration.php:22

authwp_ajax_puc_v5_debug_check_nowincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\DebugBar\Extension.php:25

authwp_ajax_puc_v5_debug_request_infoincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\DebugBar\PluginExtension.php:14

WordPress Hooks 108

filterpre_site_transient_update_coreincludes\callback\module\smart_update.php:178

filterpre_site_transient_update_pluginsincludes\callback\module\smart_update.php:179

filterpre_site_transient_update_themesincludes\callback\module\smart_update.php:180

actionadmin_initincludes\configuration\class-wp-stack-connect-configuration.php:16

actionadmin_footerincludes\configuration\class-wp-stack-connect-configuration.php:17

actionadmin_footerincludes\configuration\class-wp-stack-connect-configuration.php:18

filterplugin_row_metaincludes\configuration\class-wp-stack-connect-configuration.php:19

actionadmin_initincludes\configuration\class-wp-stack-connect-configuration.php:23

actionadmin_noticesincludes\configuration\class-wp-stack-connect-configuration.php:134

actionautomatic_updates_completeincludes\functions\activity-log-function.php:2253

actionpre_post_updateincludes\functions\activity-log-function.php:2254

actionsave_postincludes\functions\activity-log-function.php:2255

actiondelete_postincludes\functions\activity-log-function.php:2256

actionset_object_termsincludes\functions\activity-log-function.php:2257

actionpost_stuckincludes\functions\activity-log-function.php:2258

actionpost_unstuckincludes\functions\activity-log-function.php:2259

actioncreate_post_tagincludes\functions\activity-log-function.php:2261

actioncreate_categoryincludes\functions\activity-log-function.php:2262

filterwp_update_term_dataincludes\functions\activity-log-function.php:2263

actionpre_delete_termincludes\functions\activity-log-function.php:2264

actionwp_create_nav_menuincludes\functions\activity-log-function.php:2266

actionload-nav-menus.phpincludes\functions\activity-log-function.php:2267

actiondelete_nav_menuincludes\functions\activity-log-function.php:2268

actionsidebar_admin_setupincludes\functions\activity-log-function.php:2269

filterwidget_update_callbackincludes\functions\activity-log-function.php:2270

actiondelete_widgetincludes\functions\activity-log-function.php:2271

actionuser_registerincludes\functions\activity-log-function.php:2273

actiondelete_userincludes\functions\activity-log-function.php:2274

actionwpmu_delete_userincludes\functions\activity-log-function.php:2275

actionset_user_roleincludes\functions\activity-log-function.php:2276

actionprofile_updateincludes\functions\activity-log-function.php:2277

actionwp_loginincludes\functions\activity-log-function.php:2278

actionwp_login_failedincludes\functions\activity-log-function.php:2279

actionclear_auth_cookieincludes\functions\activity-log-function.php:2280

actionadd_user_to_blogincludes\functions\activity-log-function.php:2281

actionremove_user_from_blogincludes\functions\activity-log-function.php:2282

actionupdated_user_metaincludes\functions\activity-log-function.php:2283

actionretrieve_passwordincludes\functions\activity-log-function.php:2284

actionlostpassword_postincludes\functions\activity-log-function.php:2286

action_core_updated_successfullyincludes\functions\activity-log-function.php:2288

actionupdated_optionincludes\functions\activity-log-function.php:2289

actionactivated_pluginincludes\functions\activity-log-function.php:2291

actiondeactivated_pluginincludes\functions\activity-log-function.php:2292

actionupgrader_process_completeincludes\functions\activity-log-function.php:2293

actiondeleted_pluginincludes\functions\activity-log-function.php:2294

actionupgrader_process_completeincludes\functions\activity-log-function.php:2295

actionswitch_themeincludes\functions\activity-log-function.php:2296

actiondeleted_themeincludes\functions\activity-log-function.php:2298

actionadmin_initincludes\functions\activity-log-function.php:2299

actiondbdelta_queriesincludes\functions\activity-log-function.php:2301

filterqueryincludes\functions\activity-log-function.php:2302

actionadd_attachmentincludes\functions\activity-log-function.php:2304

actionedit_attachmentincludes\functions\activity-log-function.php:2305

actiondelete_attachmentincludes\functions\activity-log-function.php:2306

actiontransition_comment_statusincludes\functions\activity-log-function.php:2308

actioncomment_postincludes\functions\activity-log-function.php:2309

actionspammed_commentincludes\functions\activity-log-function.php:2310

actionuntrashed_commentincludes\functions\activity-log-function.php:2311

actionedit_commentincludes\functions\activity-log-function.php:2312

actionunspammed_commentincludes\functions\activity-log-function.php:2313

actiontrashed_commentincludes\functions\activity-log-function.php:2314

actiondeleted_commentincludes\functions\activity-log-function.php:2315

filtercron_schedulesincludes\functions\auto-link-function.php:23

filtercron_schedulesincludes\functions\auto-link-function.php:531

filterwp_insert_post_dataincludes\functions\auto-link-function.php:630

actionwpstack_cron_added_linksincludes\functions\auto-link-function.php:631

actionwpstack_cron_delete_linksincludes\functions\auto-link-function.php:632

actionwp_headincludes\functions\code-inserter-function.php:43

actionwp_footerincludes\functions\code-inserter-function.php:44

actionwp_body_openincludes\functions\code-inserter-function.php:46

filtercron_schedulesincludes\functions\custom-function.php:251

actionwpstack_cron_send_sys_infoincludes\functions\custom-function.php:252

filterschedule_eventincludes\functions\custom-function.php:253

actioninitincludes\functions\users-function.php:129

actioninitincludes\functions\users-function.php:130

actionclear_auth_cookieincludes\functions\users-function.php:131

actioninitincludes\functions\users-function.php:132

filterdebug_bar_panelsincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\DebugBar\Extension.php:23

actiondebug_bar_enqueue_scriptsincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\DebugBar\Extension.php:24

filterupgrader_post_installincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\Package.php:32

actiondelete_site_transient_update_pluginsincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\Package.php:33

actionadmin_initincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\Ui.php:20

filterplugin_row_metaincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\Ui.php:26

filterplugin_row_metaincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\Ui.php:27

actionall_admin_noticesincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\Ui.php:28

filterplugins_apiincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Plugin\UpdateChecker.php:91

filtercron_schedulesincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Scheduler.php:47

actionadmin_initincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Scheduler.php:67

actionload-update-core.phpincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Scheduler.php:70

actionupgrader_process_completeincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Scheduler.php:78

actioninitincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpdateChecker.php:88

filterupgrader_source_selectionincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpdateChecker.php:119

filterhttp_request_host_is_externalincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpdateChecker.php:122

actionplugins_loadedincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpdateChecker.php:127

actionpuc_api_errorincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpdateChecker.php:221

filterupgrader_pre_installincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpgraderStatus.php:22

filterupgrader_package_optionsincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpgraderStatus.php:23

filterupgrader_post_installincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpgraderStatus.php:24

actionupgrader_process_completeincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\UpgraderStatus.php:25

filterupgrader_pre_downloadincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Vcs\GitHubApi.php:281

filterhttp_request_argsincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Vcs\GitHubApi.php:324

actionrequests-requests.before_redirectincludes\vendor_prefixed\yahnis-elsts\plugin-update-checker\Puc\v5p1\Vcs\GitHubApi.php:325

actionplugins_loadedinit.php:44

actioninitinit.php:126

actioninitinit.php:127

actioninitinit.php:128

actionadmin_footer-edit.phpinit.php:129

filterdisplay_post_stateswp-stack-connect-install.php:109

Scheduled Events 3

wpstack_cron_added_links

wpstack_cron_delete_links

wpstack_cron_send_sys_info

Maintenance & Trust

WP-Stack Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedApr 29, 2024

PHP min version5.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP-Stack Alternatives

Sites Monitor

sites-monitor

Effortlessly monitor your websites from your own WordPress installation. Keep an eye on updates, site health, WP versions, and more.

100 No CVEs

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 1 CVE

Weborado Helper

weborado-helper

100

Essential tools for WordPress site administrators to monitor versions, enhance security, and improve performance.

100 No CVEs

Revision Strike

revision-strike

Periodically purge old post revisions via WP Cron.

70 No CVEs

AdminEase

adminease

100

Boosts your WordPress admin with tools for updates, security, performance, and user management - no coding required.

30 No CVEs

Developer Profile

WP-Stack Developer Profile

wpstackco

1 plugin · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Stack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-stack-connect/assets/js/wp-stack-connect-configuration.min.js

Script Paths

/wp-content/plugins/wp-stack-connect/assets/js/wp-stack-connect-configuration.min.js

Version Parameters

wp-stack-connect-configuration

HTML / DOM Fingerprints

Data Attributes

data-wpstack-object

JS Globals

wpstack_object

FAQ

WP-Stack Security & Risk Analysis

Is WP-Stack Safe to Use in 2026?

Generally Safe

Key Concerns

WP-Stack Security Vulnerabilities

WP-Stack Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WP-Stack Attack Surface

AJAX Handlers 5

Scheduled Events 3

WP-Stack Maintenance & Trust

Maintenance Signals

Community Trust

WP-Stack Alternatives

Sites Monitor

ManageWP Worker

Weborado Helper

Revision Strike

AdminEase

WP-Stack Developer Profile

How We Detect WP-Stack

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP-Stack