Does WWI Blogcard have any unpatched vulnerabilities?

No. All known vulnerabilities in WWI Blogcard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WWI Blogcard compatible with WordPress 6.9.4?

According to WordPress.org data, WWI Blogcard 1.0.11 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WWI Blogcard compatible with PHP 7.4+?

WWI Blogcard requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WWI Blogcard updated?

WWI Blogcard was last updated on Feb 23, 2026. Frequent updates are generally a positive security signal.

What is WWI Blogcard's security score?

WWI Blogcard has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WWI Blogcard Security & Risk Analysis

wordpress.org/plugins/wwi-blogcard

A WordPress block plugin that generates beautiful blog cards from URLs using OGP information.

0 active installs v1.0.11 PHP 7.4+ WP 6.0+ Updated Feb 23, 2026

blogcardcardembedlinkogp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WWI Blogcard Safe to Use in 2026?

Generally Safe

Score 100/100

WWI Blogcard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'wwi-blogcard' plugin v1.0.11 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the consistent use of prepared statements for all SQL queries, and the 100% proper output escaping are all excellent security practices. Furthermore, the presence of nonce and capability checks, along with no recorded vulnerabilities in its history, suggests a well-maintained and secure plugin. The limited attack surface with no identified unprotected entry points is also a positive indicator.

However, there are a few minor points to consider. The plugin makes one external HTTP request, which, while not inherently a vulnerability, could be a potential vector if not handled securely or if the external service is compromised. The lack of taint analysis results (zero flows analyzed) means that while no issues were found, there's no active confirmation of the sanitization of data flows.

In conclusion, 'wwi-blogcard' v1.0.11 appears to be a secure plugin with robust coding practices. The main areas for attention are the single external HTTP request and the absence of taint analysis results, which, while not critical flaws based on the data, represent potential areas for further scrutiny in a broader security audit. The plugin's history of zero vulnerabilities is a significant strength.

Key Concerns

External HTTP request made by the plugin
No taint analysis flows analyzed

Vulnerabilities

None known

WWI Blogcard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WWI Blogcard Code Analysis

Dangerous Functions

Raw SQL Queries

13 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared13 total queries

Output Escaping

100% escaped16 total outputs

Attack Surface

WWI Blogcard Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_menuincludes\class-wwi-blogcard-admin.php:26

actionadmin_initincludes\class-wwi-blogcard-admin.php:27

actionadmin_initincludes\class-wwi-blogcard-admin.php:28

actionadmin_noticesincludes\class-wwi-blogcard-admin.php:29

actionadmin_enqueue_scriptsincludes\class-wwi-blogcard-admin.php:30

actionrest_api_initincludes\class-wwi-blogcard-rest-api.php:33

actioninitwwi-blogcard.php:53

actioninitwwi-blogcard.php:70

Maintenance & Trust

WWI Blogcard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version7.4

Downloads165

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WWI Blogcard Alternatives

Simple Link Embed

simple-link-embed

100

Create beautiful blog cards by simply entering a URL. Automatically fetches OGP data and displays stylish link previews in the block editor.

0 No CVEs

Pz-LinkCard

pz-linkcard

This plugin is intended to display a link in a blog card format. The goodbye to the text-only link.

20K 6 CVEs

Simple Blog Card

simple-blog-card

Get OGP and display blog card.

3K 2 CVEs

Pz-HatenaBlogCard

pz-hatenablogcard

This plug-in to display a link in the article by using the "Hatena blog card".

200 No CVEs

SU Blocks Blogcard

blogcard-for-wp

100

A WordPress plugin that makes it easy to create blog cards. Simply enter a URL and automatically fetch metadata to display beautiful cards.

100 No CVEs

Developer Profile

WWI Blogcard Developer Profile

whywaita

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WWI Blogcard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wwi-blogcard/build/wwi-blogcard.asset.php

Script Paths

/wp-content/plugins/wwi-blogcard/build/index.js

Version Parameters

wwi-blogcard/style.css?ver=wwi-blogcard/index.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-wwi-blogcard-url

JS Globals

window.wwiBlogcardSettings

REST Endpoints

/wp-json/wwi-blogcard/v1/fetch/wp-json/wwi-blogcard/v1/clear-cache

FAQ