WP-Safety

WPReplace内容字符替换插件 Security & Risk Analysis

wordpress.org/plugins/wpreplace

WordPress内容字符替换插件(简称:WPReplace),可视化帮助网友快速替换WordPress网站文章标题、内容、评论用户名和评论内容的指定字符。公众号:老蒋朋友圈

900 active installs v7.2 PHP 5.6+ WP 4.5.0+ Updated Feb 9, 2026
wordpress%e6%9b%bf%e6%8d%a2%e5%ad%97%e7%ac%a6%e6%9b%bf%e6%8d%a2%e6%a0%87%e9%a2%98%e6%96%87%e7%ab%a0%e6%9b%bf%e6%8d%a2
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPReplace内容字符替换插件 Safe to Use in 2026?

Generally Safe

Score 100/100

WPReplace内容字符替换插件 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "wpreplace" v7.2 plugin exhibits a generally strong security posture based on the static analysis. It demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests. The high percentage of SQL queries using prepared statements and properly escaped output are positive indicators. The presence of nonce and capability checks, although limited, also contributes to a more secure foundation. However, the taint analysis reveals a concerning aspect: two flows with unsanitized paths. While these are not classified as critical or high severity based on this analysis, they represent potential pathways for malicious input to be processed without proper sanitization, which could lead to unintended behavior or vulnerabilities in certain contexts. The lack of any recorded vulnerability history is a significant strength, suggesting a history of stable and secure development. Despite the promising overall analysis, the identified unsanitized taint flows warrant attention and should be investigated to ensure they do not pose a latent risk.

Key Concerns

  • Unsanitized taint flows found
Vulnerabilities
None known

WPReplace内容字符替换插件 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPReplace内容字符替换插件 Code Analysis

Dangerous Functions
0
Raw SQL Queries
17
53 prepared
Unescaped Output
8
36 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

76% prepared70 total queries

Output Escaping

82% escaped44 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
render_setting_page (index.php:215)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPReplace内容字符替换插件 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadmin_menuindex.php:44
actionadmin_initindex.php:45
actionadmin_noticesindex.php:53
actionadmin_noticesindex.php:76
actioninitindex.php:1378
Maintenance & Trust

WPReplace内容字符替换插件 Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedFeb 9, 2026
PHP min version5.6
Downloads23K

Community Trust

Rating0/100
Number of ratings0
Active installs900
Alternatives

WPReplace内容字符替换插件 Alternatives

No alternatives data available yet.

Developer Profile

WPReplace内容字符替换插件 Developer Profile

老蒋和他的小伙伴

12 plugins · 4K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPReplace内容字符替换插件

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpreplace/css/wpreplace.css/wp-content/plugins/wpreplace/js/wpreplace.js
Script Paths
/wp-content/plugins/wpreplace/js/wpreplace.js
Version Parameters
wpreplace/css/wpreplace.css?ver=wpreplace/js/wpreplace.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- WPREPLACE_START_COMMENT --><!-- WPREPLACE_END_COMMENT -->
Data Attributes
data-wpreplace-originaldata-wpreplace-newdata-wpreplace-selectordata-wpreplace-is-regex
JS Globals
window.wpreplace
FAQ

Frequently Asked Questions about WPReplace内容字符替换插件