Does Anonymous Restricted Content have any unpatched vulnerabilities?

No. All known vulnerabilities in Anonymous Restricted Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Anonymous Restricted Content compatible with WordPress 6.7.5?

According to WordPress.org data, Anonymous Restricted Content 1.6.6 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Anonymous Restricted Content updated?

Anonymous Restricted Content was last updated on Nov 18, 2024. Frequent updates are generally a positive security signal.

What is Anonymous Restricted Content's security score?

Anonymous Restricted Content has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Anonymous Restricted Content Security & Risk Analysis

wordpress.org/plugins/anonymous-restricted-content

Simple but yet effective plugin to hide selected posts and pages from anonymous users.

1K active installs v1.6.6 PHP + WP 5.3+ Updated Nov 18, 2024

access-controlcontent-controlhide-contentrestrict-anonymousrestricted-access

A · Safe

CVEs total2

Unpatched0

Last CVENov 20, 2024

Plugin page Download

Safety Verdict

Is Anonymous Restricted Content Safe to Use in 2026?

Generally Safe

Score 91/100

Anonymous Restricted Content has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 20, 2024Updated 1yr ago

Risk Assessment

The "anonymous-restricted-content" plugin version 1.6.6 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant concerns regarding its attack surface. The presence of one unprotected AJAX handler is a critical vulnerability, as it represents a direct entry point into the plugin that lacks any authentication or authorization checks, potentially allowing unauthorized users to trigger sensitive actions or expose information.

The vulnerability history reveals a concerning pattern of "Exposure of Sensitive Information to an Unauthorized Actor" with two previously documented medium-severity CVEs. Although there are currently no unpatched vulnerabilities, the recurring nature of this vulnerability type suggests a potential weakness in how the plugin handles data access and permissions. The absence of taint analysis results (zero flows analyzed) is also noteworthy; while this could indicate no complex data flows, it also means potential vulnerabilities within these flows may have gone undetected by static analysis tools.

In conclusion, the plugin has some strengths in its secure handling of database queries and output escaping. However, the unprotected AJAX handler is a severe and immediate risk. The past vulnerabilities, particularly around information exposure, combined with the limited visibility into complex data flows via taint analysis, indicate that further scrutiny and potentially refactoring of the plugin's access control mechanisms are warranted to improve its overall security.

Key Concerns

Unprotected AJAX handler
Past medium severity CVEs (2 instances)
Unsanitized output (14% unescaped)

Vulnerabilities

Anonymous Restricted Content Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-11089medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

Nov 20, 2024 Patched in 1.6.6 (2d)

CVE-2024-0909medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass

Feb 2, 2024 Patched in 1.6.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

Anonymous Restricted Content Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped37 total outputs

Attack Surface

1 unprotected

Anonymous Restricted Content Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

noprivwp_ajax_arcajaxloginincludes\class-arc.php:210

WordPress Hooks 44

actionplugins_loadedincludes\class-arc.php:142

filterplugin_action_linksincludes\class-arc.php:157

filterbulk_actions-edit-postincludes\class-arc.php:159

filterbulk_actions-edit-pageincludes\class-arc.php:160

filterhandle_bulk_actions-edit-postincludes\class-arc.php:161

filterhandle_bulk_actions-edit-pageincludes\class-arc.php:162

filtermanage_posts_columnsincludes\class-arc.php:164

filtermanage_pages_columnsincludes\class-arc.php:165

filtermanage_posts_custom_columnincludes\class-arc.php:166

filtermanage_pages_custom_columnincludes\class-arc.php:167

filtermanage_edit-category_columnsincludes\class-arc.php:169

filtermanage_edit-post_tag_columnsincludes\class-arc.php:170

filtermanage_category_custom_columnincludes\class-arc.php:171

filtermanage_post_tag_custom_columnincludes\class-arc.php:172

actionadmin_enqueue_scriptsincludes\class-arc.php:174

actionadmin_enqueue_scriptsincludes\class-arc.php:175

actionpost_submitbox_misc_actionsincludes\class-arc.php:177

actionedit_postincludes\class-arc.php:178

actioncategory_add_form_fieldsincludes\class-arc.php:179

actioncategory_edit_form_fieldsincludes\class-arc.php:180

actioncreated_categoryincludes\class-arc.php:181

actionedited_categoryincludes\class-arc.php:182

actionadd_tag_form_fieldsincludes\class-arc.php:183

actionpost_tag_edit_form_fieldsincludes\class-arc.php:184

actioncreated_post_tagincludes\class-arc.php:185

actionedited_post_tagincludes\class-arc.php:186

actionadmin_initincludes\class-arc.php:187

actionadmin_menuincludes\class-arc.php:188

actioninitincludes\class-arc.php:189

actionadmin_noticesincludes\class-arc.php:190

actionwp_enqueue_scriptsincludes\class-arc.php:205

actionwp_enqueue_scriptsincludes\class-arc.php:206

actionpre_get_postsincludes\class-arc.php:208

actionwp_body_openincludes\class-arc.php:209

filterlogin_messageincludes\class-arc.php:212

filterpre_handle_404includes\class-arc.php:213

filterwidget_comments_argsincludes\class-arc.php:214

filterwidget_posts_argsincludes\class-arc.php:215

filterwp_list_pages_excludesincludes\class-arc.php:216

filterwidget_categories_argsincludes\class-arc.php:217

filterpost_classincludes\class-arc.php:219

filterrest_request_before_callbacksincludes\class-arc.php:221

filterbody_classpublic\class-arc-public.php:184

filterwp_body_openpublic\class-arc-public.php:189

Maintenance & Trust

Anonymous Restricted Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 18, 2024

PHP min version

Downloads27K

Community Trust

Rating86/100

Number of ratings9

Active installs1K

Alternatives

Anonymous Restricted Content Alternatives

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Groups

groups

Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.

10K 2 CVEs

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs

Show-Hide / Collapse-Expand

show-hidecollapse-expand

Save space on your pages, posts, sidebars. Hide the content before user clicks to see it. Collapse long lists, create FAQs & more.

10K 2 CVEs

Groups 404 Redirect

groups-404-redirect

100

Redirect 404's when a visitor tries to access a page protected by Groups.

1K No CVEs

Developer Profile

Anonymous Restricted Content Developer Profile

taras.sych

2 plugins · 1K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

2 days

View full developer profile

Detection Fingerprints

How We Detect Anonymous Restricted Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/anonymous-restricted-content/admin/css/arc-admin.css/wp-content/plugins/anonymous-restricted-content/admin/js/arc-admin.js

Script Paths

/wp-content/plugins/anonymous-restricted-content/admin/js/arc-admin.js

Version Parameters

anonymous-restricted-content/admin/css/arc-admin.css?ver=anonymous-restricted-content/admin/js/arc-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

misc-pub-sectionmisc-pub-restricted-postterm-restricted-wrap

Data Attributes

name="restricted_post_value"id="restricted_post_value"name="arc_classic_editor"name="restricted_category_value"id="restricted_category_value"

JS Globals

ArcLStrings

FAQ

Anonymous Restricted Content Security & Risk Analysis

Is Anonymous Restricted Content Safe to Use in 2026?

Generally Safe

Key Concerns

Anonymous Restricted Content Security Vulnerabilities

CVEs by Year

Severity Breakdown

Anonymous Restricted Content Code Analysis

Output Escaping

Anonymous Restricted Content Attack Surface

AJAX Handlers 1

Anonymous Restricted Content Maintenance & Trust

Maintenance Signals

Community Trust

Anonymous Restricted Content Alternatives

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

Groups

Restrict User Access – Ultimate Membership & Content Protection

Show-Hide / Collapse-Expand

Groups 404 Redirect

Anonymous Restricted Content Developer Profile

How We Detect Anonymous Restricted Content

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Anonymous Restricted Content