Does Authors List have any unpatched vulnerabilities?

Yes — Authors List currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Authors List compatible with WordPress 6.8.5?

According to WordPress.org data, Authors List 2.0.6.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Authors List compatible with PHP 5.4+?

Authors List requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Authors List updated?

Authors List was last updated on Nov 24, 2025. Frequent updates are generally a positive security signal.

What is Authors List's security score?

Authors List has a WP-Safety security score of 67/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Authors List Security & Risk Analysis

wordpress.org/plugins/authors-list

Use a shortcode to display a list or grid of post authors (or any other user role) and links to their post archives page.

5K active installs v2.0.6.2 PHP 5.4+ WP 4.7.0+ Updated Nov 24, 2025

authorauthors-gridauthors-listgridlist

C · Use Caution

CVEs total5

Unpatched1

Last CVENov 10, 2025

Download

Safety Verdict

Is Authors List Safe to Use in 2026?

Use With Caution

Score 67/100

Authors List has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

5 known CVEs 1 unpatched Last CVE: Nov 10, 2025Updated 4mo ago

Risk Assessment

The "authors-list" v2.0.6.2 plugin presents a mixed security posture. The static analysis reveals good practices in several areas, including the absence of dangerous functions, proper usage of prepared statements for SQL queries, and strong adherence to output escaping (93%). The plugin also demonstrates a commendable effort in implementing nonce and capability checks, indicating a conscious attempt to secure its entry points. However, the significant vulnerability history, including one currently unpatched high-severity CVE and a pattern of past issues like information exposure, CSRF, code injection, and XSS, is a major concern. This history suggests recurring security weaknesses that have been exploited in the past.

While the static analysis itself does not reveal critical or high-severity issues within the current version's code, the historical context cannot be ignored. The presence of an unpatched high-severity vulnerability from the near future (2025-11-10) is particularly alarming and represents a direct, exploitable threat. The plugin has a history of critical and high-severity vulnerability types, which, despite the current static analysis findings, warrants a cautious approach due to the potential for these historical issues to resurface or for undiscovered vulnerabilities to exist. Users should prioritize patching the known unpatched vulnerability and consider the plugin's past security record when evaluating its overall risk.

Key Concerns

Unpatched high severity CVE
Known history of critical/high vulnerabilities
Known history of medium vulnerabilities

Vulnerabilities

Authors List Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

3 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-12010medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode

Nov 10, 2025 Patched in 2.0.6.2 (15d)

CVE-2025-58792medium · 4.3Cross-Site Request Forgery (CSRF)

Authors List <= 2.0.6.1 - Cross-Site Request Forgery

Sep 5, 2025Unpatched

CVE-2024-13806medium · 6.5Improper Control of Generation of Code ('Code Injection')

Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

Feb 28, 2025 Patched in 2.0.6.1 (1d)

CVE-2024-10952high · 7.3Improper Control of Generation of Code ('Code Injection')

Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax

Dec 3, 2024 Patched in 2.0.5 (9d)

CVE-2023-37981medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Authors List <= 2.0.2 - Reflected Cross-Site Scripting via al_id

Jul 10, 2023 Patched in 2.0.3 (197d)

Code Analysis

Analyzed Mar 16, 2026

Authors List Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

303 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

93% escaped327 total outputs

Data Flows

All sanitized

Data Flow Analysis

7 flows

display_edit_item_preview_ajax (backend\includes\class-authors-list-dashboard.php:451)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Authors List Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 3

authwp_ajax_authors_list_display_edit_item_preview_ajaxbackend\includes\class-authors-list-dashboard.php:77

authwp_ajax_update_authors_list_ajaxbackend\includes\class-authors-list-item.php:75

noprivwp_ajax_update_authors_list_ajaxbackend\includes\class-authors-list-item.php:76

Shortcodes 2

[authors_list] includes\class-authors-list-shortcode.php:55

[sk_authors_list] includes\class-authors-list-shortcode.php:56

WordPress Hooks 20

actionwp_enqueue_scriptsbackend\includes\class-authors-list-backend.php:121

actionadmin_enqueue_scriptsbackend\includes\class-authors-list-dashboard.php:68

actionadmin_menubackend\includes\class-authors-list-dashboard.php:71

actionadmin_initbackend\includes\class-authors-list-dashboard.php:74

actioninitbackend\includes\class-authors-list-general.php:64

actioninitbackend\includes\class-authors-list-general.php:65

actioninitbackend\includes\class-authors-list-general.php:66

actioninitbackend\includes\class-authors-list-general.php:67

filterauthors_list_shortcode_attsbackend\includes\class-authors-list-item.php:57

filterauthors_list_before_loopbackend\includes\class-authors-list-item.php:60

actionauthors_list_before_loopbackend\includes\class-authors-list-item.php:63

actionauthors_list_before_loopbackend\includes\class-authors-list-item.php:66

actionauthors_list_after_loopbackend\includes\class-authors-list-item.php:69

actionauthors_list_after_main_loop_endbackend\includes\class-authors-list-item.php:72

filterauthors_list_shortcode_attsbackend\includes\class-authors-list-item.php:819

filterauthors_list_custom_argsbackend\includes\class-authors-list-item.php:820

actionauthors_list_settings_itembackend\includes\class-authors-list-settings.php:57

actionadmin_enqueue_scriptsbackend\includes\class-authors-list-styler.php:66

actionpre_user_queryincludes\class-authors-list-wp-hooks.php:55

actionplugins_loadedincludes\class-authors-list.php:105

Maintenance & Trust

Authors List Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 24, 2025

PHP min version5.4

Downloads56K

Community Trust

Rating100/100

Number of ratings22

Active installs5K

Alternatives

Authors List Alternatives

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs

Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

advanced-post-block

Advanced Post Block lets you add dynamic post grids, lists, sliders, and tickers. Filter content by category, tag, author, or custom post type.

10K 1 CVE

WooCommerce Grid / List toggle

woocommerce-grid-list-toggle

Adds a grid/list view toggle to product archives

10K No CVEs

JetWidgets for Elementor and WooCommerce

jetwoo-widgets-for-elementor

JetWidgets for Elementor and WooCommerce is a plugin that allows adding WooCommerce Products and Categories into stylish grid and listing layouts to t …

8K 1 CVE

Latest Posts Block – Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

latest-posts-block-lite

100

Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

8K No CVEs

Developer Profile

Authors List Developer Profile

WPKube

9 plugins · 238K total installs

trust score

Avg Security Score

81/100

Avg Patch Time

725 days

View full developer profile

Detection Fingerprints

How We Detect Authors List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/authors-list/assets/css/front.css/wp-content/plugins/authors-list/assets/css/jquery-ui.css/wp-content/plugins/authors-list/assets/css/dashboard.css/wp-content/plugins/authors-list/assets/js/front.js/wp-content/plugins/authors-list/assets/js/dashboard.js

Script Paths

/wp-content/plugins/authors-list/assets/js/front.js/wp-content/plugins/authors-list/assets/js/dashboard.js

Version Parameters

authors-list/assets/css/front.css?ver=authors-list/assets/css/jquery-ui.css?ver=authors-list/assets/js/front.js?ver=authors-list/assets/css/dashboard.css?ver=authors-list/assets/js/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

authors-list-authorsauthors-list-authorauthors-list-itemauthors-list-searchauthors-list-dashboardauthors-list-dashboard-wrapauthors-list-dashboard-inner

Data Attributes

data-authors-list-search-results

JS Globals

authorsListAjaxSearchauthorsListDashboardActions

FAQ