Does WPS Bidouille have any unpatched vulnerabilities?

No. All known vulnerabilities in WPS Bidouille have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPS Bidouille compatible with WordPress 6.8.5?

According to WordPress.org data, WPS Bidouille 1.33.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WPS Bidouille updated?

WPS Bidouille was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is WPS Bidouille's security score?

WPS Bidouille has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPS Bidouille Security & Risk Analysis

wordpress.org/plugins/wps-bidouille

WPS Bidouille provides information about your WordPress and contains optimization tools.

10K active installs v1.33.3 PHP + WP 4.2+ Updated Jan 28, 2026

adminerrorlogintoolstransient

A · Safe

CVEs total2

Unpatched0

Last CVEDec 2, 2025

Download

Safety Verdict

Is WPS Bidouille Safe to Use in 2026?

Generally Safe

Score 96/100

WPS Bidouille has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 2, 2025Updated 2mo ago

Risk Assessment

The "wps-bidouille" plugin, version 1.33.3, presents a moderate security risk. While it demonstrates several positive security practices, such as a reasonable number of nonce and capability checks, and a majority of its SQL queries using prepared statements and output being properly escaped, there are significant concerns. The presence of an unprotected AJAX handler creates a direct attack vector that could be exploited by unauthenticated users. This is exacerbated by the plugin's history of vulnerabilities, particularly a high-severity missing authorization flaw and a medium-severity CSRF issue. Although there are no currently unpatched CVEs, the recurring patterns of authorization and CSRF vulnerabilities suggest potential weaknesses in how user actions are validated and secured. The single unsanitized path flow, while not classified as critical or high severity in the static analysis, also warrants attention as it could potentially lead to path traversal or file manipulation if exploited in conjunction with other vulnerabilities.

Key Concerns

AJAX handler without authentication check
Vulnerability history: 1 high severity CVE
Vulnerability history: 1 medium severity CVE
Taint flow with unsanitized path
SQL queries: 43% prepared statements (potential for raw SQL)
Output escaping: 61% properly escaped (potential for XSS)

Vulnerabilities

WPS Bidouille Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-64238medium · 4.3Missing Authorization

WPS Bidouille <= 1.33.1 - Missing Authorization

Dec 2, 2025 Patched in 1.33.2 (35d)

WF-8ddc4593-bdb4-4b01-be28-4317c76ae6b0-wps-bidouillehigh · 8.8Cross-Site Request Forgery (CSRF)

WPS Bidouille <= 1.12.2 - Multiple Cross-Site Request Forgery

Jul 23, 2019 Patched in 1.12.4 (1645d)

Code Analysis

Analyzed Mar 16, 2026

WPS Bidouille Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

163

253 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

43% prepared21 total queries

Output Escaping

61% escaped416 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

<check_cache> (blocks\check_cache.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WPS Bidouille Attack Surface

Entry Points14

Unprotected1

AJAX Handlers 14

authwp_ajax_dismiss_admin_noticeclasses\plugin.php:28

authwp_ajax_count_notifclasses\plugin.php:29

authwp_ajax_add_option_wps_displayclasses\plugin.php:33

authwp_ajax_delete_option_wps_displayclasses\plugin.php:34

authwp_ajax_add_allow_repair_wp_configclasses\plugin.php:36

authwp_ajax_wpsbidouille_ratedclasses\plugin.php:50

authwp_ajax_wps_get_postsclasses\removefromcache.php:17

authwp_ajax_download_plugins_premiumclasses\suggest-plugins-themes.php:20

authwp_ajax_download_themes_premiumclasses\suggest-plugins-themes.php:21

authwp_ajax_update_plugin_premiumclasses\suggest-plugins-themes.php:22

authwp_ajax_update_theme_premiumclasses\suggest-plugins-themes.php:23

authwp_ajax_delete_transient_premiumclasses\suggest-plugins-themes.php:24

authwp_ajax_save_settings_wpsclasses\tools.php:27

authwp_ajax_wps_get_usersclasses\whitelabel.php:11

WordPress Hooks 80

actionadmin_initclasses\db-prefix.php:10

filterrest_authentication_errorsclasses\disable-rest-api\disable-rest-api.php:15

actioninitclasses\helpers.php:10

actionlogin_enqueue_scriptsclasses\plugin.php:12

actionadmin_headclasses\plugin.php:13

actionadmin_menuclasses\plugin.php:14

actionadmin_enqueue_scriptsclasses\plugin.php:15

actionadmin_initclasses\plugin.php:24

actionadmin_initclasses\plugin.php:25

actionadmin_initclasses\plugin.php:26

actionwp_before_admin_bar_renderclasses\plugin.php:31

actioninitclasses\plugin.php:37

actionafter_plugin_rowclasses\plugin.php:39

filterall_pluginsclasses\plugin.php:40

actionadmin_initclasses\plugin.php:42

actiondeleted_pluginclasses\plugin.php:44

filteradmin_footerclasses\plugin.php:48

filteradmin_footer_textclasses\plugin.php:49

actionadmin_menuclasses\removefromcache.php:10

actionwp_before_admin_bar_renderclasses\removefromcache.php:12

actionwp_headclasses\removefromcache.php:14

actionwp_headclasses\removefromcache.php:15

actionadmin_initclasses\removefromcache.php:18

actionadmin_initclasses\removefromcache.php:19

filterpre_update_optionclasses\removefromcache.php:21

filterpre_update_optionclasses\removefromcache.php:26

filterpre_update_optionclasses\removefromcache.php:31

actionadmin_initclasses\removefromcache.php:36

actionadmin_initclasses\removefromcache.php:37

actionadd_meta_boxesclasses\removefromcache.php:39

actionsave_postclasses\removefromcache.php:40

filterwps_not_purge_autoclasses\removefromcache.php:42

actionsend_headersclasses\removefromcache.php:166

actionwp_headclasses\removefromcache.php:167

actionadmin_menuclasses\suggest-plugins-themes.php:10

actionadmin_pageclasses\suggest-plugins-themes.php:11

filterinstall_plugins_tabsclasses\suggest-plugins-themes.php:13

filterinstall_themes_tabsclasses\suggest-plugins-themes.php:14

filterinstall_plugins_table_api_args_wps_bidouilleclasses\suggest-plugins-themes.php:15

actionadmin_menuclasses\suggestions.php:10

actionadmin_pageclasses\suggestions.php:11

actionadmin_menuclasses\tools.php:10

actionadmin_pageclasses\tools.php:11

actionadmin_initclasses\tools.php:12

actionadmin_initclasses\tools.php:13

actionadmin_initclasses\tools.php:14

actionadmin_initclasses\tools.php:15

actionadmin_initclasses\tools.php:16

actionadmin_initclasses\tools.php:17

actionadmin_initclasses\tools.php:19

actioninitclasses\tools.php:20

filterwp_sitemaps_add_providerclasses\tools.php:22

filtertiny_mce_pluginsclasses\tools.php:306

filterwp_resource_hintsclasses\tools.php:307

filterwp_revisions_to_keepclasses\tools.php:351

filtertiny_mce_before_initclasses\tools.php:361

actionwp_enqueue_scriptsclasses\tools.php:365

actionwp_enqueue_scriptsclasses\tools.php:383

actionwp_print_stylesclasses\tools.php:421

actionwp_print_scriptsclasses\tools.php:422

filterlogin_errorsclasses\tools.php:456

filterjson_enabledclasses\tools.php:490

filterjson_jsonp_enabledclasses\tools.php:491

filterrest_enabledclasses\tools.php:494

filterrest_jsonp_enabledclasses\tools.php:495

filterrest_endpointsclasses\tools.php:507

filterfeed_links_show_posts_feedclasses\tools.php:524

filterfeed_links_show_comments_feedclasses\tools.php:531

filterimage_size_names_chooseclasses\tools.php:535

actiontemplate_redirectclasses\tools.php:558

filterauthor_linkclasses\tools.php:559

filtersanitize_file_name_charsclasses\tools.php:583

filtersanitize_file_nameclasses\tools.php:584

actionadmin_menuclasses\whitelabel.php:10

actionadmin_initclasses\whitelabel.php:13

filterpre_update_optionclasses\whitelabel.php:15

actionplugins_loadedwps-bidouille.php:38

actionupdate_option_list_post_without_cachewps-bidouille.php:64

actionupdate_option_list_post_without_cachewps-bidouille.php:86

filterrocket_cache_reject_uriwps-bidouille.php:106

Maintenance & Trust

WPS Bidouille Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 28, 2026

PHP min version

Downloads256K

Community Trust

Rating98/100

Number of ratings54

Active installs10K

Alternatives

WPS Bidouille Alternatives

The Ultimate WordPress Toolkit – WP Extended

wpextended

SMTP Email, Maintenance Mode, Duplicate Posts & Pages, Duplicate menu, Code Snippets, SVG File upload, Disable Gutenberg, Limit Login Attempts &am …

700 16 CVEs

Hibiscus Login As Customer for WooCommerce

hibiscus-login-as-customer

100

Securely log in as any WooCommerce customer and return to admin with one click.

10 No CVEs

Last Login Tracker & Redirect URL

last-login-tracker-redirect-url

Tracks user last login and allows redirection of 404 pages to the homepage.

10 No CVEs

Plug & Play

plug-and-play

Plug and Play our feautures and turn your WordPress Blog into a Highly Interactive, Elegant and Secure Blog.

10 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Developer Profile

WPS Bidouille Developer Profile

NicolasKulka

9 plugins · 149K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

1444 days

View full developer profile

Detection Fingerprints

How We Detect WPS Bidouille

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wps-bidouille/assets/css/wps-bidouille-admin.css/wp-content/plugins/wps-bidouille/assets/js/wps-bidouille-admin.js/wp-content/plugins/wps-bidouille/assets/css/wps-bidouille.css/wp-content/plugins/wps-bidouille/assets/js/wps-bidouille.js/wp-content/plugins/wps-bidouille/assets/css/wps-bidouille-login.css

Script Paths

/wp-content/plugins/wps-bidouille/assets/js/wps-bidouille-admin.js/wp-content/plugins/wps-bidouille/assets/js/wps-bidouille.js

Version Parameters

wps-bidouille/assets/css/wps-bidouille-admin.css?ver=wps-bidouille/assets/js/wps-bidouille-admin.js?ver=wps-bidouille/assets/css/wps-bidouille.css?ver=wps-bidouille/assets/js/wps-bidouille.js?ver=wps-bidouille/assets/css/wps-bidouille-login.css?ver=

HTML / DOM Fingerprints

CSS Classes

wps-bidouille-dashboard-widget

HTML Comments

Data Attributes

data-wps-bidouille-rated

JS Globals

wps_bidouille_datawps_bidouille_ajax_object

REST Endpoints

/wp-json/wps-bidouille/v1/settings

FAQ

WPS Bidouille Security & Risk Analysis

Is WPS Bidouille Safe to Use in 2026?

Generally Safe

Key Concerns

WPS Bidouille Security Vulnerabilities

CVEs by Year

Severity Breakdown

WPS Bidouille Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WPS Bidouille Attack Surface

AJAX Handlers 14

WPS Bidouille Maintenance & Trust

Maintenance Signals

Community Trust

WPS Bidouille Alternatives

The Ultimate WordPress Toolkit – WP Extended

Hibiscus Login As Customer for WooCommerce

Last Login Tracker & Redirect URL

Plug & Play

Loginizer

WPS Bidouille Developer Profile

How We Detect WPS Bidouille

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WPS Bidouille