WP-Safety

YMC Crossword Security & Risk Analysis

wordpress.org/plugins/ymc-crossword

The plugin Crossword creates an easy crossword from the words of any combination.

100 active installs v2.4.3 PHP 7.2+ WP 4.8+ Updated Apr 17, 2025
crosswordgamemindpuzzles
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is YMC Crossword Safe to Use in 2026?

Generally Safe

Score 92/100

YMC Crossword has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "ymc-crossword" plugin v2.4.3 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, external HTTP requests, file operations, and a secure approach to SQL queries with 100% prepared statements are positive indicators. Furthermore, the plugin has no recorded vulnerabilities (CVEs), which suggests a history of stable and secure development. However, a significant concern lies in the output escaping, with only 42% of outputs being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Additionally, the lack of nonce checks, while potentially mitigated by other factors, is a common security practice that is entirely absent, leaving a potential, albeit unexploited, avenue for certain types of attacks.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks present
Vulnerabilities
None known

YMC Crossword Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

YMC Crossword Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

YMC Crossword Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
14
10 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

42% escaped24 total outputs
Attack Surface

YMC Crossword Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[ymc-crossword] YmcCrossword\Frontend\YmcCrossword_Shortcode.php:22
WordPress Hooks 6
actioninitYmcCrossword\Backend\YmcCrossword_Cpt.php:20
actionadd_meta_boxesYmcCrossword\Backend\YmcCrossword_Meta_Boxes.php:22
actionsave_postYmcCrossword\Backend\YmcCrossword_Meta_Boxes.php:24
actionplugins_loadedYmcCrossword\Crossword.php:111
actionadmin_enqueue_scriptsYmcCrossword\Frontend\YmcCrossword_Assets_Loader.php:23
actionwp_enqueue_scriptsYmcCrossword\Frontend\YmcCrossword_Assets_Loader.php:24
Maintenance & Trust

YMC Crossword Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 17, 2025
PHP min version7.2
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs100
Alternatives

YMC Crossword Alternatives

WHA Puzzle

WHA Puzzle

wha-puzzle

A
85

Puzzle - puzzle game, which is a mosaic that you want to make from the many fragments of the pattern of various shapes.

300 No CVEs
PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

puzzleme

A
99

PuzzleMe makes it easy to add interactive games to your WordPress website - no coding required.

1K 1 CVE
MorePuzzles

MorePuzzles

morepuzzles

A
85

This plugin is for those who would like to insert an interactive crossword/word-search puzzle to their page.

100 No CVEs
Advanced Crossword

Advanced Crossword

advanced-crossword

A
100

Create a beautiful, responsive 15x15 grid crossword to your liking. You have full control over the blank cells and the clues.

90 No CVEs
EV Crosswords

EV Crosswords

ev-crosswords

A
100

Easily add crosswords to your Wordpress website, with or without AI help.

10 No CVEs
Developer Profile

YMC Crossword Developer Profile

YMC

2 plugins · 5K total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect YMC Crossword

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ymc-crossword/YmcCrossword/assets/css/crossword-admin.css/wp-content/plugins/ymc-crossword/YmcCrossword/assets/js/crossword-admin.js/wp-content/plugins/ymc-crossword/YmcCrossword/assets/css/crossword.css/wp-content/plugins/ymc-crossword/YmcCrossword/assets/js/dragscroll.js/wp-content/plugins/ymc-crossword/YmcCrossword/assets/js/crossword.js
Script Paths
/wp-content/plugins/ymc-crossword/YmcCrossword/assets/js/crossword-admin.js/wp-content/plugins/ymc-crossword/YmcCrossword/assets/js/dragscroll.js/wp-content/plugins/ymc-crossword/YmcCrossword/assets/js/crossword.js
Version Parameters
ymc-crossword-admin.css?ver=crossword-admin.js?ver=crossword.css?ver=dragscroll.js?ver=crossword.js?ver=

HTML / DOM Fingerprints

CSS Classes
ymc-crossword-containerymc-rowymc-squareymc-charymc-numymc-lineymc-clueymc-correct+12 more
Data Attributes
data-mutedata-popup
JS Globals
_ymc_crossword_object
Shortcode Output
<div id="ymc-crossword-container" class="ymc-crossword-container<div class="ymc-crossword dragscroll"></div><div class="ymc-crossword-panel"><div class="ymx-theme-crossword">
FAQ

Frequently Asked Questions about YMC Crossword