Does xm Stilfinder have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is xm Stilfinder compatible with WordPress 6.9.4?

According to WordPress.org data, xm Stilfinder 1.35 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is xm Stilfinder compatible with PHP 7.0+?

xm Stilfinder requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is xm Stilfinder updated?

xm Stilfinder was last updated on Mar 19, 2026. Frequent updates are generally a positive security signal.

What is xm Stilfinder's security score?

xm Stilfinder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

xm Stilfinder Security & Risk Analysis

wordpress.org/plugins/xm-stilfinder

Categorize Images and filter them in a front-end dialogue with form Submission. Uses formidable forms.

0 active installs v1.35 PHP 7.0+ WP 6.8+ Updated Mar 19, 2026

categorize-and-select-styles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is xm Stilfinder Safe to Use in 2026?

Generally Safe

Score 100/100

xm Stilfinder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "xm-stilfinder" v1.35 plugin demonstrates a strong security posture in several key areas. The static analysis reveals a complete absence of dangerous functions, file operations, and external HTTP requests, which are common vectors for exploitation. Furthermore, all SQL queries are properly prepared, and all output is correctly escaped, mitigating the risks of SQL injection and Cross-Site Scripting (XSS) respectively. The plugin also incorporates nonce checks and capability checks, suggesting an awareness of WordPress security best practices.

However, the analysis does identify one specific area of concern: one REST API route lacks permission callbacks. This means that this REST API endpoint is accessible without any authentication or authorization checks, potentially exposing it to unauthorized access or manipulation. While there are no recorded vulnerabilities or known CVEs for this plugin, this single unprotected entry point represents a potential security weakness that could be leveraged if an attacker discovers it and finds a way to exploit it.

In conclusion, "xm-stilfinder" v1.35 is generally well-secured, with strong coding practices observed in critical areas like SQL handling and output escaping. The lack of known vulnerabilities is a positive indicator. The primary weakness lies in the unprotected REST API route, which, though a single point, requires attention to ensure the plugin's overall security is maintained.

Key Concerns

Unprotected REST API route

Vulnerabilities

None known

xm Stilfinder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

xm Stilfinder Release Timeline

v1.35Current

Code Analysis

Analyzed Apr 16, 2026

xm Stilfinder Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

100% escaped118 total outputs

Attack Surface

1 unprotected

xm Stilfinder Attack Surface

Entry Points2

Unprotected1

REST API Routes 1

GET/wp-json/xm-stilfinder/v1/mediaxm-stilfinder.php:673

Shortcodes 1

[xm-stilfinder] xm-stilfinder.php:1216

WordPress Hooks 10

actioninitxm-stilfinder.php:61

actionset_object_termsxm-stilfinder.php:163

filterattachment_fields_to_editxm-stilfinder.php:334

filterwp_prepare_attachment_for_jsxm-stilfinder.php:345

actionrest_api_initxm-stilfinder.php:477

filterattachment_fields_to_savexm-stilfinder.php:532

actionadmin_enqueue_scriptsxm-stilfinder.php:571

actionrest_api_initxm-stilfinder.php:672

actionwp_enqueue_scriptsxm-stilfinder.php:1289

filterfrm_email_messagexm-stilfinder.php:1298

Maintenance & Trust

xm Stilfinder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 19, 2026

PHP min version7.0

Downloads219

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

xm Stilfinder Alternatives

No alternatives data available yet.

Developer Profile

xm Stilfinder Developer Profile

xmagentur

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect xm Stilfinder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xm-stilfinder/stilfinder-backend.js/wp-content/plugins/xm-stilfinder/stilfinder-frontend.js/wp-content/plugins/xm-stilfinder/stilfinder-admin.css

Script Paths

/wp-content/plugins/xm-stilfinder/stilfinder-backend.js/wp-content/plugins/xm-stilfinder/stilfinder-frontend.js

Version Parameters

xm-stilfinder/stilfinder-backend.js?ver=xm-stilfinder/stilfinder-frontend.js?ver=xm-stilfinder/stilfinder-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

stilfinder-backendstilfinder-admin-wrap

HTML Comments

Data Attributes

data-stilfinder-id

JS Globals

window.xmstilfinder_vars

REST Endpoints

/wp-json/xmstilfinder/v1/media

Shortcode Output

<div class="stilfinder-frontend">

FAQ