Does Author by Category have any unpatched vulnerabilities?

No. All known vulnerabilities in Author by Category have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Author by Category compatible with WordPress 6.9.4?

According to WordPress.org data, Author by Category 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Author by Category compatible with PHP 7.4+?

Author by Category requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Author by Category updated?

Author by Category was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Author by Category's security score?

Author by Category has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Author by Category Security & Risk Analysis

wordpress.org/plugins/authorbycategory

Automatically assign post authors based on categories, while keeping full manual control.

10 active installs v1.1.0 PHP 7.4+ WP 6.0+ Updated Jan 6, 2026

authorcategorieseditorialnewsroles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Author by Category Safe to Use in 2026?

Generally Safe

Score 100/100

Author by Category has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "authorbycategory" v1.1.0 plugin exhibits a generally positive security posture, with a notable absence of known vulnerabilities and a clean taint analysis. The developers have implemented good security practices, including the use of prepared statements for all SQL queries and a decent number of nonce and capability checks. However, there are areas for improvement. The static analysis reveals that a significant portion of output is not properly escaped (55% escaped, 45% unescaped). While there are no critical or high severity taint flows detected, this level of unescaped output presents a potential risk for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully within the plugin's output mechanisms. The plugin's vulnerability history is excellent, showing no recorded CVEs, which suggests a commitment to security or a history of low exposure. In conclusion, while the plugin is currently strong due to its lack of known vulnerabilities and good SQL handling, the unescaped output is a notable weakness that could be exploited. Addressing this would significantly strengthen its security.

Key Concerns

Significant portion of output not properly escaped

Vulnerabilities

None known

Author by Category Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Author by Category Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

55% escaped71 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ajax_import_settings (authorbycategory.php:1930)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Author by Category Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_authorbycategory_search_categoriesauthorbycategory.php:132

authwp_ajax_authorbycategory_search_usersauthorbycategory.php:136

authwp_ajax_authorbycategory_exportauthorbycategory.php:208

authwp_ajax_authorbycategory_importauthorbycategory.php:209

authwp_ajax_authorbycategory_saveauthorbycategory.php:210

WordPress Hooks 24

actionadmin_menuauthorbycategory.php:128

actionadmin_initauthorbycategory.php:129

actionadmin_enqueue_scriptsauthorbycategory.php:130

actionset_object_termsauthorbycategory.php:142

actionsave_postauthorbycategory.php:145

actionsave_postauthorbycategory.php:146

actiontransition_post_statusauthorbycategory.php:154

actionpublish_future_postauthorbycategory.php:162

actionwp_after_insert_postauthorbycategory.php:170

filterrest_pre_insert_postauthorbycategory.php:173

actionrest_after_insert_postauthorbycategory.php:179

actiontransition_post_statusauthorbycategory.php:189

filtermanage_posts_columnsauthorbycategory.php:197

actionmanage_posts_custom_columnauthorbycategory.php:198

filtermanage_edit-post_sortable_columnsauthorbycategory.php:204

actionpre_get_postsauthorbycategory.php:205

actionmasspost_post_categories_setauthorbycategory.php:213

actionadmin_noticesauthorbycategory.php:1067

actionadmin_noticesauthorbycategory.php:1091

actionshutdownauthorbycategory.php:1240

actionsave_postauthorbycategory.php:1651

actionsave_postauthorbycategory.php:1709

actionsave_postauthorbycategory.php:1774

actionsave_postauthorbycategory.php:2165

Maintenance & Trust

Author by Category Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version7.4

Downloads306

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Author by Category Alternatives

Edit Flow

edit-flow

100

Redefining your editorial workflow.

5K No CVEs

List all posts by Authors, nested Categories and Titles

list-all-posts-by-authors-nested-categories-and-titles

This plugin lists all posts by Author, nested Categories and Title, allowing to place the lists in any page.

700 1 CVE

News Manager

news-manager

Every CMS site needs a news section. News Manager allows you add, manage and display news, date archives, AJAX Calendar, Categories, Tags and more.

700 No CVEs

Editorial Access Manager

editorial-access-manager

Allow for granular editorial access control for all post types in WordPress

80 No CVEs

WP Author Meta

wp-author-meta

100

This is a simple plugin that allows you to set author name that appears in facebook news feeds, when someone shares it on facebook.

20 No CVEs

Developer Profile

Author by Category Developer Profile

Unioney

3 plugins · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Author by Category

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/authorbycategory/assets/css/admin-settings.css/wp-content/plugins/authorbycategory/assets/js/admin-settings.js/wp-content/plugins/authorbycategory/assets/js/select2.full.min.js/wp-content/plugins/authorbycategory/assets/css/select2.min.css

Script Paths

/wp-content/plugins/authorbycategory/assets/js/admin-settings.js/wp-content/plugins/authorbycategory/assets/js/select2.full.min.js

Version Parameters

authorbycategory/assets/css/admin-settings.css?ver=authorbycategory/assets/js/admin-settings.js?ver=authorbycategory/assets/js/select2.full.min.js?ver=authorbycategory/assets/css/select2.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

authorbycategory-settings-formauthorbycategory-category-selectauthorbycategory-user-selectauthorbycategory-excluded-usersauthorbycategory-add-rule-buttonauthorbycategory-delete-rule-buttonauthorbycategory-import-export-wrapperauthorbycategory-settings-section

HTML Comments

+1 more

Data Attributes

data-authorbycategory-categorydata-authorbycategory-userdata-authorbycategory-actiondata-authorbycategory-nonce

JS Globals

AuthorByCategoryAdminabc_admin_varsabc_i18n

REST Endpoints

/wp-json/authorbycategory/v1/categories/wp-json/authorbycategory/v1/users

FAQ