WP-Safety

Additional Authors Security & Risk Analysis

wordpress.org/plugins/additional-authors

Let's you add more than one author to your posts.

10 active installs v1.3.5 PHP + WP 5.0+ Updated Dec 21, 2023
authormeta-fields
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Additional Authors Safe to Use in 2026?

Generally Safe

Score 85/100

Additional Authors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "additional-authors" plugin version 1.3.5 exhibits a mixed security posture. On the positive side, the plugin shows good practices by avoiding dangerous functions, file operations, and external HTTP requests. The majority of its SQL queries utilize prepared statements, and most output is properly escaped. Furthermore, the absence of known vulnerabilities (CVEs) and taint analysis findings suggests a generally well-maintained codebase.

However, significant concerns arise from the attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical security weakness, as it allows any user, including unauthenticated ones, to trigger these handlers, potentially leading to unauthorized actions or information disclosure. While there's a nonce check and capability checks present, their effectiveness is diminished by the lack of overall authentication on these entry points.

In conclusion, while the plugin demonstrates strengths in areas like SQL handling and output sanitization, the unprotected AJAX endpoints represent a substantial risk. The vulnerability history is clean, which is a positive indicator, but the present code analysis reveals a clear and actionable security gap that should be addressed immediately.

Key Concerns

  • AJAX handlers without authentication checks
  • Large attack surface without auth
Vulnerabilities
None known

Additional Authors Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Additional Authors Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
3 prepared
Unescaped Output
2
9 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

75% prepared4 total queries

Output Escaping

82% escaped11 total outputs
Attack Surface
2 unprotected

Additional Authors Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_additional_authors_count_postsclasses\Ajax.php:8
authwp_ajax_additional_authors_count_postsclasses\Ajax.php:9
WordPress Hooks 18
actionadmin_enqueue_scriptsclasses\Assets.php:12
actioninitclasses\Components\Plugin.php:83
actionenqueue_block_editor_assetsclasses\Gutenberg.php:11
actionadd_meta_boxesclasses\MetaBox.php:28
actionsave_postclasses\MetaBox.php:29
actionsave_postclasses\MetaBox.php:154
actionph_migrate_register_field_handlersclasses\Migrate.php:22
filtermanage_posts_columnsclasses\PostsTable.php:16
filtermanage_pages_columnsclasses\PostsTable.php:17
actionmanage_posts_custom_columnclasses\PostsTable.php:19
actionmanage_pages_custom_columnclasses\PostsTable.php:20
filterposts_whereclasses\QueryManipulation.php:25
filterget_usernumpostsclasses\QueryManipulation.php:26
actionpre_user_queryclasses\QueryManipulation.php:29
actionrest_api_initclasses\REST.php:12
actionplugins_loadedclasses\Update.php:27
actiondelete_userclasses\User.php:15
filtersolr_index_update_author_idspublic-functions.php:60
Maintenance & Trust

Additional Authors Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 21, 2023
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Additional Authors Alternatives

Edit Author Slug

Edit Author Slug

edit-author-slug

A
100

Allows an admin (or capable user) to edit the author slug of a user, and change the author base.

100K No CVEs
WP Meta and Date Remover

WP Meta and Date Remover

wp-meta-and-date-remover

A
99

Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.

90K 2 CVEs
Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Co-Authors Plus

Co-Authors Plus

co-authors-plus

A
99

Assign multiple bylines to posts, pages, and custom post types with a search-as-you-type input box.

20K 1 CVE
Hide/Remove Metadata

Hide/Remove Metadata

hide-metadata

A
100

Hide/Remove Metadata is a free WordPress plugin that helps you hide author and published date either by CSS or PHP from your website effortlessly.

20K No CVEs
Developer Profile

Additional Authors Developer Profile

EdwardBock

22 plugins · 2K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
107 days
View full developer profile
Detection Fingerprints

How We Detect Additional Authors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/additional-authors/dist/users-table.js/wp-content/plugins/additional-authors/dist/additional-authors-meta-box.css/wp-content/plugins/additional-authors/dist/additional-authors-meta-box.js/wp-content/plugins/additional-authors/dist/additional-authors.css/wp-content/plugins/additional-authors/dist/additional-authors.js
Script Paths
/wp-content/plugins/additional-authors/dist/users-table.js/wp-content/plugins/additional-authors/dist/additional-authors-meta-box.js/wp-content/plugins/additional-authors/dist/additional-authors.js
Version Parameters
additional-authors/dist/users-table.asset.phpadditional-authors/dist/additional-authors-meta-box.asset.phpadditional-authors/dist/additional-authors.asset.php

HTML / DOM Fingerprints

Data Attributes
data-additional-authors-search
JS Globals
AdditionalAuthors
FAQ

Frequently Asked Questions about Additional Authors