Does Yada Wiki have any unpatched vulnerabilities?

No. All known vulnerabilities in Yada Wiki have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Yada Wiki compatible with WordPress 6.9.4?

According to WordPress.org data, Yada Wiki 3.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Yada Wiki updated?

Yada Wiki was last updated on Nov 22, 2025. Frequent updates are generally a positive security signal.

What is Yada Wiki's security score?

Yada Wiki has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Yada Wiki Security & Risk Analysis

wordpress.org/plugins/yada-wiki

Yada Wiki is a simple wiki for your WordPress site.

2K active installs v3.6 PHP + WP 4.1+ Updated Nov 22, 2025

faqknowledge-basepage-linksshortcodewiki

A · Safe

CVEs total2

Unpatched0

Last CVEDec 30, 2025

Plugin page Download

Safety Verdict

Is Yada Wiki Safe to Use in 2026?

Generally Safe

Score 98/100

Yada Wiki has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 30, 2025Updated 4mo ago

Risk Assessment

The yada-wiki plugin v3.6 exhibits a mixed security posture. On the positive side, it demonstrates good practices by consistently using prepared statements for all its SQL queries, indicating a strong defense against SQL injection. Furthermore, the absence of file operations and external HTTP requests limits potential attack vectors. However, the plugin has a significant concern regarding output escaping, with only 47% of outputs being properly escaped. This suggests a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, which is corroborated by its vulnerability history.

The plugin's attack surface includes a single AJAX handler that lacks authentication checks, presenting an immediate entry point for unauthenticated attackers. While there are no critical or high severity taint flows, the general lack of proper output escaping is a pressing issue. The plugin's history reveals two medium-severity Cross-Site Scripting (XSS) vulnerabilities, with the most recent one being in late 2025, suggesting a recurring pattern of input validation and output sanitization weaknesses. Although there are no currently unpatched vulnerabilities, the past issues highlight a need for more rigorous security testing and development practices.

In conclusion, the yada-wiki plugin v3.6 has some solid security foundations, particularly in its SQL handling. Nevertheless, the prevalence of improperly escaped output and an unprotected AJAX endpoint are critical weaknesses that require immediate attention. The historical XSS vulnerabilities underscore a persistent problem that needs to be addressed to improve the plugin's overall security and prevent future compromises.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output
2 medium severity CVEs in history

Vulnerabilities

Yada Wiki Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-66094medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Yada Wiki <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2025 Patched in 3.6 (7d)

CVE-2021-24470medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Yada Wiki <= 3.4 - Stored Cross-Site Scripting

Jun 28, 2021 Patched in 3.4.1 (939d)

Code Analysis

Analyzed Mar 16, 2026

Yada Wiki Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

47% escaped72 total outputs

Attack Surface

1 unprotected

Yada Wiki Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 1

authwp_ajax_yada_wiki_suggestyada-wiki.php:223

Shortcodes 3

[yadawiki] yada-wiki.php:210

[yadawikitoc] yada-wiki.php:211

[yadawiki-index] yada-wiki.php:212

WordPress Hooks 21

filtermce_external_pluginsinc\functions-admin.php:72

filtermce_external_pluginsinc\functions-admin.php:73

filtermce_buttonsinc\functions-admin.php:74

filtermce_buttonsinc\functions-admin.php:75

filterwp_terms_checklist_argsinc\functions-admin.php:77

actionsave_postinc\functions-admin.php:292

actioninitinc\functions-register-cpt.php:68

actioninitinc\functions-register-cpt.php:109

actioninitinc\functions-register-cpt.php:150

actionplugins_loadedyada-wiki.php:208

actioninityada-wiki.php:209

actionwp_enqueue_scriptsyada-wiki.php:216

actionadmin_enqueue_scriptsyada-wiki.php:222

actionadmin_menuyada-wiki.php:224

actionadmin_inityada-wiki.php:225

actionsave_postyada-wiki.php:226

filteruse_block_editor_for_post_typeyada-wiki.php:231

filtergutenberg_can_edit_post_typeyada-wiki.php:236

filterwp_insert_post_datayada-wiki.php:239

actionwidgets_inityada-wiki.php:242

actionwidgets_inityada-wiki.php:243

Maintenance & Trust

Yada Wiki Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 22, 2025

PHP min version

Downloads68K

Community Trust

Rating98/100

Number of ratings23

Active installs2K

Alternatives

Yada Wiki Alternatives

EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

eazydocs

Build professional knowledge bases with unlimited docs, drag-and-drop editor, live search, and SEO optimization.

2K 9 CVEs

VS Knowledge Base

very-simple-knowledge-base

100

With this lightweight plugin you can create a knowledge base that contains your categories and posts.

300 No CVEs

Knowledge Base CPT

knowledge-base-cpt

Enables a 'knowledge base post' type and 'section' taxonomy.

60 No CVEs

MinervaKB Lite

minerva-knowledge-base-lite

MinervaKB Lite is a fully responsive knowledge base plugin for WordPress with live search.

50 No CVEs

Instant Knowledge Base – AI Knowledge Base, Documentation, Wiki & Help Center

instant-knowledgebase

100

Create a fast, searchable knowledge base and docs in WordPress with AI search, FAQ schema, and analytics.

0 No CVEs

Developer Profile

Yada Wiki Developer Profile

dmccan

1 plugin · 2K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

473 days

View full developer profile

Detection Fingerprints

How We Detect Yada Wiki

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yada-wiki/css/yada-wiki-admin.css/wp-content/plugins/yada-wiki/css/yada-wiki-public.css/wp-content/plugins/yada-wiki/js/yada-wiki-admin.js/wp-content/plugins/yada-wiki/js/yada-wiki-public.js

Script Paths

/wp-content/plugins/yada-wiki/js/yada-wiki-admin.js/wp-content/plugins/yada-wiki/js/yada-wiki-public.js

Version Parameters

yada-wiki/css/yada-wiki-admin.css?ver=yada-wiki/css/yada-wiki-public.css?ver=yada-wiki/js/yada-wiki-admin.js?ver=yada-wiki/js/yada-wiki-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

yada-wiki-indexyada-wiki-pageyada-wiki-toc

Data Attributes

data-yada-wiki-id

JS Globals

yada_wiki_data

Shortcode Output

[yadawiki][yadawikitoc][yadawiki-index]

FAQ