Does afterRead have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is afterRead compatible with WordPress 2.9.2?

According to WordPress.org data, afterRead .8.3 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is afterRead updated?

afterRead was last updated on May 6, 2010. Frequent updates are generally a positive security signal.

What is afterRead's security score?

afterRead has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

afterRead Security & Risk Analysis

wordpress.org/plugins/afterread

Provides suggestions to readers at the end of articles about what to do next, ie; read related articles, donate, read next article in category, etc.

10 active installs v.8.3 PHP + WP 2.0.2+ Updated May 6, 2010

categoriescategoryorderposttags

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is afterRead Safe to Use in 2026?

Generally Safe

Score 85/100

afterRead has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "afterread" plugin v.8.3 exhibits a concerning security posture primarily due to the complete lack of output escaping on all identified output points. While the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and shows no known historical vulnerabilities, the unescaped output represents a significant risk. This could allow for Cross-Site Scripting (XSS) vulnerabilities if any user-controlled data is displayed directly on the frontend without proper sanitization. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the attack surface. However, the lack of capability checks and nonce checks, while not directly exploitable given the current limited attack surface, suggests a general oversight in security best practices that could become problematic if new entry points are added in the future.

Key Concerns

All output is unescaped
No nonce checks
No capability checks

Vulnerabilities

None known

afterRead Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

afterRead Release Timeline

v0.7.2

v0.7.1

Code Analysis

Analyzed Mar 16, 2026

afterRead Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<save_suggestion> (save_suggestion.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

afterRead Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterthe_contentafterRead.php:36

actionadmin_menuafterRead.php:78

actionadmin_initafterRead.php:81

Maintenance & Trust

afterRead Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedMay 6, 2010

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

afterRead Alternatives

Custom Recent Posts Widget

custom-recent-posts-widget

A widget to show recent posts list based on categories or tags

1K No CVEs

WP-Popular Posts Tool

wp-popular-posts-tool

Enables you to automatically display most commented posts, either by category or tag. Optional: You can choose manually the category or tag you want t …

90 No CVEs

Archive Post Order Plus

archive-post-order-plus

100

A plugin that sets the display order of posts. 投稿の表示順を設定するプラグイン。

10 No CVEs

News In Stack Widget

news-in-stack-widget

Just another recent post widget. Simple but flexible.

10 No CVEs

View Category

view-category

View Category adds a "View Category" button on the "Edit Category" page, next to the header and submit button.

10 No CVEs

Developer Profile

afterRead Developer Profile

Daniel

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect afterRead

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/afterread/css/afterread.css/wp-content/plugins/afterread/js/afterread.js

HTML / DOM Fingerprints

HTML Comments

FAQ

afterRead Security & Risk Analysis

Is afterRead Safe to Use in 2026?

Generally Safe

Key Concerns

afterRead Security Vulnerabilities

afterRead Release Timeline

afterRead Code Analysis

Output Escaping

Data Flow Analysis

afterRead Attack Surface

afterRead Maintenance & Trust

Maintenance Signals

Community Trust

afterRead Alternatives

Custom Recent Posts Widget

WP-Popular Posts Tool

Archive Post Order Plus

News In Stack Widget

View Category

afterRead Developer Profile

How We Detect afterRead

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about afterRead