WP-Safety

AnyFeed Retriever Security & Risk Analysis

wordpress.org/plugins/anyfeed-retriever

A simple, lightweight feed integration plugin which uses simple shortcode to fetch and display any type of feeds using ajax.

10 active installs v1.0.1 PHP 5.6+ WP 2.8+ Updated Mar 2, 2019
atom-feedatom-importfeed-aggregatorrss-feedrss-import
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AnyFeed Retriever Safe to Use in 2026?

Generally Safe

Score 85/100

AnyFeed Retriever has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The 'anyfeed-retriever' v1.0.1 plugin presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and not bundling external libraries, significant concerns arise from its attack surface. A considerable portion of its AJAX handlers, representing critical entry points for user interaction, lack authentication checks, making them potentially vulnerable to unauthorized access and exploitation. The taint analysis, though limited in scope, did not reveal critical or high-severity unsanitized flows, which is a positive indicator. However, the relatively low percentage of properly escaped output suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, as data displayed to users might not be adequately sanitized.

The plugin's vulnerability history is clean, with no recorded CVEs. This absence of past issues is encouraging and could indicate a generally well-developed codebase or diligent maintenance. Nonetheless, the presence of unprotected entry points in the static analysis is a more immediate and actionable concern than the absence of historical vulnerabilities. The conclusion is that while the plugin avoids common pitfalls like raw SQL and outdated libraries, the unprotected AJAX endpoints and insufficient output escaping represent tangible security weaknesses that require attention to improve the overall security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
Vulnerabilities
None known

AnyFeed Retriever Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

AnyFeed Retriever Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
8
3 escaped
Nonce Checks
1
Capability Checks
1
File Operations
3
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

27% escaped11 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
getFeedImage (classes\typeAnyFeed.php:300)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

AnyFeed Retriever Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 4

authwp_ajax_load_anyfeedsclasses\typeAnyFeed.php:36
noprivwp_ajax_load_anyfeedsclasses\typeAnyFeed.php:40
authwp_ajax_getfeedimageclasses\typeAnyFeed.php:44
noprivwp_ajax_getfeedimageclasses\typeAnyFeed.php:48

Shortcodes 2

[anyfeed] classes\typeAnyFeed.php:12
[anyfeed-cat] classes\typeAnyFeed.php:16
WordPress Hooks 6
actioninitclasses\typeAnyFeed.php:8
actioninitclasses\typeAnyFeed.php:20
actionadd_meta_boxesclasses\typeAnyFeed.php:24
actionsave_postclasses\typeAnyFeed.php:28
actionwp_enqueue_scriptsclasses\typeAnyFeed.php:52
filtertemplate_includeclasses\typeAnyFeed.php:56
Maintenance & Trust

AnyFeed Retriever Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.0
Last updatedMar 2, 2019
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

AnyFeed Retriever Alternatives

RSS Feed Retriever

RSS Feed Retriever

wp-rss-retriever

B
84

The fastest RSS feeds plugin for WordPress. Includes excerpt & thumbnail image. Use as a news aggregator, autoblog, or RSS parsing.

8K 2 CVEs
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

wp-rss-aggregator

A
92

The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.

50K 13 CVEs
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

feedzy-rss-feeds

A
92

The most powerful WordPress RSS aggregator, helping you curate content, autoblog, import RSS & display unlimited RSS feeds within a few minutes.

40K 11 CVEs
PowerPress Podcasting plugin by Blubrry

PowerPress Podcasting plugin by Blubrry

powerpress

A
88

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs
Podcast Player – Your Podcasting Companion

Podcast Player – Your Podcasting Companion

podcast-player

A
100

Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.

10K No CVEs
Developer Profile

AnyFeed Retriever Developer Profile

Anushka

2 plugins · 20 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AnyFeed Retriever

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/anyfeed-retriever/anyfeed.js/wp-content/plugins/anyfeed-retriever/anyfeed.css
Script Paths
/wp-content/plugins/anyfeed-retriever/anyfeed.js

HTML / DOM Fingerprints

CSS Classes
anyfeed-containerfeed-blockfeed-categoryfeed-groupsfeed-itemsanyfeed-cta-blockanyfeed-categories
HTML Comments
<!-- anyfeed category block - start --><!-- <h4>$post->post_title</h4> -->
Data Attributes
data-feediddata-feedurl
Shortcode Output
<div class="anyfeed-container"><div class="feed-block"<div class="feed-category"><div class="feed-groups">
FAQ

Frequently Asked Questions about AnyFeed Retriever