WP-Safety

WPMagPlus Companion Security & Risk Analysis

wordpress.org/plugins/wpmagplus-companion

WPMagPlus is generic plugin to companion plugin that will help import demo content for your webiste.

700 active installs v1.0.8 PHP + WP 5.5+ Updated Aug 11, 2021
advanced-importdemo-import
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPMagPlus Companion Safe to Use in 2026?

Generally Safe

Score 85/100

WPMagPlus Companion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The wpmagplus-companion plugin version 1.0.8 exhibits a generally strong security posture based on the static analysis. The code demonstrates good practices by utilizing prepared statements for all SQL queries and by properly escaping the vast majority (95%) of its output. The absence of file operations and external HTTP requests further reduces potential attack vectors. The presence of nonce and capability checks also indicates an awareness of common WordPress security mechanisms.

However, a significant concern is the presence of one AJAX handler that lacks any authentication checks. This creates a direct entry point for unauthenticated users to interact with the plugin's functionality, potentially leading to unintended consequences or exploitation if the handler's logic is vulnerable. While taint analysis showed no flows, the lack of input validation on this unprotected AJAX endpoint is a potential weakness. The plugin's clean vulnerability history is a positive indicator of past secure development, but it doesn't negate the identified risks in the current version.

In conclusion, while the plugin has many strengths in its secure coding practices, the unprotected AJAX handler represents a critical weakness that needs immediate attention. The overall risk is moderate, primarily due to this single, but significant, exposed entry point. Addressing this would greatly improve the plugin's security.

Key Concerns

  • AJAX handler without auth checks
Vulnerabilities
None known

WPMagPlus Companion Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPMagPlus Companion Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
42 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped44 total outputs
Attack Surface
1 unprotected

WPMagPlus Companion Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wpmagplus_companion_getting_startedincludes\class-wpmagplus-companion.php:244
WordPress Hooks 12
filterwpmagplus_about_pageadmin\about\about.php:6
actionadmin_enqueue_scriptsadmin\about\about.php:15
actioncustomize_registeradmin\demo-documentation.php:81
actionadmin_noticesincludes\class-wpmagplus-companion.php:122
actionplugins_loadedincludes\class-wpmagplus-companion.php:226
actionadmin_initincludes\class-wpmagplus-companion.php:241
actionadvanced_import_demo_listsincludes\class-wpmagplus-companion.php:242
actionadmin_menuincludes\class-wpmagplus-companion.php:243
actionadmin_enqueue_scriptsincludes\class-wpmagplus-companion.php:245
actionadmin_enqueue_scriptsincludes\class-wpmagplus-companion.php:246
actionwp_enqueue_scriptsincludes\class-wpmagplus-companion.php:261
actionwp_enqueue_scriptsincludes\class-wpmagplus-companion.php:262
Maintenance & Trust

WPMagPlus Companion Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedAug 11, 2021
PHP min version
Downloads19K

Community Trust

Rating0/100
Number of ratings0
Active installs700
Alternatives

WPMagPlus Companion Alternatives

Acme Demo Setup

Acme Demo Setup

acme-demo-setup

A
100

Easily set up your site with dummy data. Import settings, widgets, and content in one click using Advanced Import.

10K No CVEs
Ripple Themes Toolset

Ripple Themes Toolset

ripple-themes-toolset

A
85

Import Dummy data for themes developed by Ripple Themes.

200 No CVEs
Advanced Import: One-Click Demo Import for WordPress

Advanced Import: One-Click Demo Import for WordPress

advanced-import

A
91

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K 1 CVE
Keon Toolset

Keon Toolset

keon-toolset

A
100

Import dummy data for themes developed by Keon Themes.

30K No CVEs
Ibtana – WordPress Website Builder

Ibtana – WordPress Website Builder

ibtana-visual-editor

B
74

Build your dream WordPress website with Ibtana, a powerful website builder with customizable templates and drag-and-drop elements for customization.

20K 1 unpatched
Developer Profile

WPMagPlus Companion Developer Profile

WPMagPlus

1 plugin · 700 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPMagPlus Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpmagplus-companion/admin/about/about.css/wp-content/plugins/wpmagplus-companion/admin/about/images/layouts.jpg
Version Parameters
wpmagplus-companion/admin/about/about.css?ver=

HTML / DOM Fingerprints

CSS Classes
main-infomain-info-detailupgrade-to-proupgrade-imagets-logoupgrade-textvideo-tutorialtop-wrapper+5 more
Data Attributes
data-action
JS Globals
WPMAGPLUS_COMPANION_URL
FAQ

Frequently Asked Questions about WPMagPlus Companion