Does Yandex Webmaster have any unpatched vulnerabilities?

No. All known vulnerabilities in Yandex Webmaster have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Yandex Webmaster compatible with WordPress 3.2.1?

According to WordPress.org data, Yandex Webmaster 0.1.2 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Yandex Webmaster updated?

Yandex Webmaster was last updated on May 10, 2012. Frequent updates are generally a positive security signal.

What is Yandex Webmaster's security score?

Yandex Webmaster has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Yandex Webmaster Security & Risk Analysis

wordpress.org/plugins/yandex-webmaster

This plugin shows information from Yandex Webmaster.

60 active installs v0.1.2 PHP + WP 2.8+ Updated May 10, 2012

dashboardwebmasteryandex

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Yandex Webmaster Safe to Use in 2026?

Generally Safe

Score 85/100

Yandex Webmaster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The yandex-webmaster plugin v0.1.2 exhibits a mixed security posture. On one hand, the lack of registered CVEs and no critical taint flows suggest a generally stable history and minimal high-severity code flaws. The plugin also correctly utilizes prepared statements for its SQL queries, a crucial security practice. However, significant concerns arise from the static analysis. The most alarming finding is that 0% of its 16 output operations are properly escaped, leaving it highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. Additionally, the absence of any nonce or capability checks on its entry points (AJAX, REST API, shortcodes, cron events) means that any functionality exposed through these means could be executed by unauthenticated or unauthorized users. The presence of file operations and external HTTP requests, without explicit checks mentioned, could also introduce risks if not handled with utmost care and validation. While the plugin has no recorded past vulnerabilities, this does not negate the clear and present dangers identified in its current code, particularly the unescaped output and lack of access control.

Key Concerns

0% output escaping on 16 outputs
0 nonce checks on entry points
0 capability checks on entry points
2 unsanitized path taint flows

Vulnerabilities

None known

Yandex Webmaster Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Yandex Webmaster Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Yandex Webmaster Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped16 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

verify_by_html_file (WMlogic.php:269)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Yandex Webmaster Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedyandex-webmaster.php:33

actionadmin_menuyandex-webmaster.php:34

actionadmin_inityandex-webmaster.php:334

actionwp_dashboard_setupyandex-webmaster.php:338

Maintenance & Trust

Yandex Webmaster Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedMay 10, 2012

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Yandex Webmaster Alternatives

Yandex News Feed

yandex-news-feed

100

Generates a valid RSS 2.0 feed for the Yandex "Latest and most important news" program. Ensures full compliance with Yandex Webmaster requirements.

80 No CVEs

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs

White Label CMS

white-label-cms

Customise dashboard panels and branding, hide menus plus lots more.

200K 7 CVEs

Developer Profile

Yandex Webmaster Developer Profile

TIgor4eg

3 plugins · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Yandex Webmaster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

JS Globals

poptastic

FAQ