WP-Safety

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Security & Risk Analysis

wordpress.org/plugins/authorsy

Authorsy is a powerful WordPress author box plugin. Add customizable author profiles, multiple authors, guest authors, bios, social links, and post ra …

1K active installs v1.0.7 PHP 7.3+ WP 5.2+ Updated Dec 25, 2025
author-bioauthor-boxauthor-profileguest-authorsmultiple-authors
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 3, 2026
Plugin page Download
Safety Verdict

Is Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Safe to Use in 2026?

Generally Safe

Score 98/100

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 3, 2026Updated 3mo ago
Risk Assessment

The "authorsy" plugin v1.0.7 exhibits a generally good security posture, particularly in its handling of SQL queries and output escaping, with a very high percentage of outputs properly escaped and all SQL queries utilizing prepared statements. The presence of nonce and capability checks further bolsters its defense against common web vulnerabilities. The static analysis reveals a small attack surface with no directly unprotected entry points.

However, the use of the "preg_replace(/e)" dangerous function is a notable concern. While taint analysis did not reveal any immediate unsanitized paths, this function, if misused, can be a vector for code injection or unintended regular expression evaluation, potentially leading to security issues. The plugin's vulnerability history, with two known medium-severity CVEs related to Authorization Bypass and Cross-site Scripting, even though currently unpatched, indicates a past susceptibility to critical vulnerability types.

The plugin's strengths lie in its robust input sanitization and authorization mechanisms. Nevertheless, the historical presence of vulnerabilities and the identified dangerous function warrant caution. While the current version appears to have addressed past issues and has a small attack surface, vigilance regarding the "preg_replace(/e)" usage and awareness of past vulnerability types is recommended.

Key Concerns

  • Use of dangerous function preg_replace(/e)
  • History of medium severity CVEs (2 total)
Vulnerabilities
2

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24950medium · 5.3Authorization Bypass Through User-Controlled Key

Authorsy <= 1.0.6 - Unauthenticated Insecure Direct Object Reference

Feb 3, 2026 Patched in 1.0.7 (7d)
CVE-2025-27006medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Sep 10, 2025 Patched in 1.0.6 (36d)
Code Analysis
Analyzed Mar 16, 2026

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
2
77 escaped
Nonce Checks
3
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace( '/ecore\settings\api-settings.php:162

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

97% escaped79 total outputs
Attack Surface

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[authorsy-author-box] core\authors\hooks.php:26
[authorsy-like-dislike] core\like-dislike\hooks.php:26
WordPress Hooks 22
actionplugins_loadedauthorsy.php:104
actionplugins_loadedauthorsy.php:145
actionadmin_headauthorsy.php:239
actionrest_api_initbase\api.php:26
actionadmin_enqueue_scriptsbootstrap.php:217
actionwp_enqueue_scriptsbootstrap.php:221
filterplugin_action_linkscore\admin\hooks.php:23
actionadmin_menucore\admin\menu.php:26
filteradmin_body_classcore\authors\author-meta.php:26
actionadd_meta_boxescore\authors\author-meta.php:28
actionsave_postcore\authors\author-meta.php:29
filterposts_wherecore\authors\author-meta.php:32
filterposts_joincore\authors\author-meta.php:33
filterposts_distinctcore\authors\author-meta.php:34
filterthe_postscore\authors\author-meta.php:224
filterthe_contentcore\authors\hooks.php:25
filterget_avatarcore\authors\hooks.php:27
actioninitcore\authors\hooks.php:28
actionwp_headcore\enqueue-inline\enqueue-inline.php:28
filterthe_contentcore\like-dislike\hooks.php:25
actionadd_meta_boxescore\like-dislike\like-dislike-meta.php:27
actionsave_postcore\like-dislike\like-dislike-meta.php:28
Maintenance & Trust

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 25, 2025
PHP min version7.3
Downloads16K

Community Trust

Rating0/100
Number of ratings0
Active installs1K
Alternatives

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Alternatives

Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

publishpress-authors

A
94

PublishPress Authors is the best plugin for adding authors, co-authors, multiple authors and guest authors to WordPress posts.

20K 3 CVEs
Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

molongui-authorship

A
99

All-in-One Authorship Solution: Seamless Author Box, Guest Authors, and Co-Authors to enhance your site's authority, credibility, engagement, and SEO.

10K 6 CVEs
Starbox – the Author Box for Humans

Starbox – the Author Box for Humans

starbox

A
97

Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship

10K 6 CVEs
WP Post Author – Author Box, Co-Authors & Guest Authors

WP Post Author – Author Box, Co-Authors & Guest Authors

wp-post-author

A
92

WP Post Author provides a complete solution for displaying author information, managing multiple authors, collecting post ratings, and creating user r &hellip;

10K 6 CVEs
Developer Profile

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating Developer Profile

themeplugs

1 plugin · 1K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
22 days
View full developer profile
Detection Fingerprints

How We Detect Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/authorsy/assets/css/authorsy-public.css/wp-content/plugins/authorsy/assets/js/authorsy-public.js/wp-content/plugins/authorsy/assets/css/authorsy-admin.css/wp-content/plugins/authorsy/assets/js/authorsy-admin.js
Script Paths
/wp-content/plugins/authorsy/assets/js/authorsy-public.js/wp-content/plugins/authorsy/assets/js/authorsy-admin.js
Version Parameters
authorsy/assets/css/authorsy-public.css?ver=authorsy/assets/js/authorsy-public.js?ver=authorsy/assets/css/authorsy-admin.css?ver=authorsy/assets/js/authorsy-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
authorsy-author-boxauthorsy-avatarauthorsy-author-nameauthorsy-author-bioauthorsy-social-linksauthorsy-admin-notice
Data Attributes
data-authorsy-id
JS Globals
authorsy_public_params
FAQ

Frequently Asked Questions about Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating