Does Wpopal Medical have any unpatched vulnerabilities?

No. All known vulnerabilities in Wpopal Medical have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wpopal Medical compatible with WordPress 5.9.13?

According to WordPress.org data, Wpopal Medical 1.0.4 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Wpopal Medical updated?

Wpopal Medical was last updated on Apr 4, 2022. Frequent updates are generally a positive security signal.

What is Wpopal Medical's security score?

Wpopal Medical has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wpopal Medical Security & Risk Analysis

wordpress.org/plugins/wpopal-medical

Opal Medical is a flexible WordPress plugin that lets you display your company’s medicals in a variety of ways: as single pages, and even as embedded …

20 active installs v1.0.4 PHP + WP + Updated Apr 4, 2022

medicals

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wpopal Medical Safe to Use in 2026?

Generally Safe

Score 85/100

Wpopal Medical has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the wopald-medical plugin version 1.0.4 exhibits a strong security posture. The absence of any identified dangerous functions, SQL queries without prepared statements, or external HTTP requests is commendable. Furthermore, the lack of known CVEs and a clean vulnerability history suggests diligent security practices by the developers or a lack of significant prior security issues. The code signals indicate that input sanitization and output escaping, while not perfect with 73% proper escaping, are generally handled well, and capability checks are present, which is a good sign for access control.

However, there are areas that warrant attention. The most significant concern is the complete absence of nonce checks and the presence of only one capability check across all code. This, combined with zero AJAX handlers or REST API routes being analyzed for authorization, presents a potential blind spot. If any such endpoints exist and were not included in the static analysis, they could be vulnerable to CSRF or unauthorized access. While the current analysis shows no critical or high-severity taint flows, the limited scope of the analysis (0 taint flows analyzed) means this cannot be definitively ruled out for the entire codebase.

In conclusion, the plugin demonstrates good foundational security practices, particularly in data handling and preventing direct code execution vulnerabilities. The clean vulnerability history is a positive indicator. However, the lack of comprehensive checks on potential entry points like AJAX and REST APIs, and the minimal noncing, represent a weakness that could be exploited if these components are present and improperly secured. Further investigation into the plugin's actual entry points and their authorization mechanisms is recommended.

Key Concerns

Missing nonce checks on potential entry points
Limited scope of taint analysis
Only one capability check present
Output escaping not fully comprehensive (73%)

Vulnerabilities

None known

Wpopal Medical Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Wpopal Medical Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

160 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

73% escaped219 total outputs

Attack Surface

Wpopal Medical Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 32

actionadmin_menuinc\admin\register-settings.php:52

actionadmin_initinc\admin\register-settings.php:54

actioncmb2_render_opalmedical_titleinc\admin\register-settings.php:57

actioncmb2_render_apiinc\admin\register-settings.php:59

actioncmb2_render_license_keyinc\admin\register-settings.php:60

actioncmb2_save_options-page_fieldsinc\admin\register-settings.php:61

actionadmin_print_styles-opalmedical_medical_page_opalmedical-settingsinc\admin\register-settings.php:64

filtercmb2_get_metabox_form_formatinc\admin\register-settings.php:648

actionopalmedical_settings_tab_api_keysinc\admin\register-settings.php:746

actioncustomize_registerinc\class-opalmedical-customizer.php:129

actionafter_setup_themeinc\class-opalmedical-customizer.php:134

actionwp_headinc\class-opalmedical-scripts.php:24

actionwp_enqueue_scriptsinc\class-opalmedical-scripts.php:26

actionadmin_enqueue_scriptsinc\class-opalmedical-scripts.php:27

actioninitinc\class-opalmedical-scripts.php:28

actionwidgets_initinc\class-opalmedical-widgets.php:3

filtertemplate_includeinc\class-template-loader.php:27

filteropalmedical_areasize_unit_formatinc\mixes-functions.php:111

actionafter_switch_themeinc\mixes-functions.php:252

actioninitinc\post-types\class-posttype-doctor.php:25

filtermanage_opal_medical_posts_columnsinc\post-types\class-posttype-doctor.php:27

actionmanage_opal_medical_posts_custom_columninc\post-types\class-posttype-doctor.php:28

filtercmb2_meta_boxesinc\post-types\class-posttype-doctor.php:30

actioninitinc\taxonomies\class-posttype-departments.php:25

actioninitinc\taxonomies\class-taxonomy-category-doctor.php:24

actioninitinc\template-functions.php:29

actionopalmedical_single_medical_contentinc\template-functions.php:66

filteropalmedical_sidebar_archive_positioninc\template-functions.php:80

actionadmin_initinstall.php:73

actionplugins_loadedopalmedical.php:72

actionelementor/widgets/widgets_registeredopalmedical.php:73

actionwidgets_initopalmedical.php:202

Maintenance & Trust

Wpopal Medical Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedApr 4, 2022

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Wpopal Medical Alternatives

No alternatives data available yet.

Developer Profile

Wpopal Medical Developer Profile

wpopal

19 plugins · 3K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

50 days

View full developer profile

Detection Fingerprints

How We Detect Wpopal Medical

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpopal-medical/inc/vendors/elementor/opal-medical-doctors-widget.php/wp-content/plugins/wpopal-medical/inc/vendors/elementor/opal-medical-departments-widget.php/wp-content/plugins/wpopal-medical/inc/vendors/elementor/opal-medical-services-widget.php/wp-content/plugins/wpopal-medical/inc/vendors/elementor/opal-medical-appointments-widget.php

HTML / DOM Fingerprints

HTML Comments

+7 more

Data Attributes

data-elementor-open-widget-edit-mode

JS Globals

opalmedical_ajax_objectosv_medical_widget_dataopalmedical_script_dataopalmedical_woo_data

Shortcode Output

[opalmedical_doctors][opalmedical_departments][opalmedical_services][opalmedical_appointments]

FAQ