Does Auto Prune Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Auto Prune Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Auto Prune Posts compatible with WordPress 6.8.5?

According to WordPress.org data, Auto Prune Posts 3.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Auto Prune Posts updated?

Auto Prune Posts was last updated on Nov 11, 2025. Frequent updates are generally a positive security signal.

What is Auto Prune Posts's security score?

Auto Prune Posts has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto Prune Posts Security & Risk Analysis

wordpress.org/plugins/auto-prune-posts

Auto deletes expires (prunes) posts after a certain amount of time. On a per category basis (single category, or all at once.

1K active installs v3.1.1 PHP + WP 2.3+ Updated Nov 11, 2025

cleandeleteexpiremassprune

A · Safe

CVEs total3

Unpatched0

Last CVENov 8, 2025

Plugin page Download

Safety Verdict

Is Auto Prune Posts Safe to Use in 2026?

Generally Safe

Score 96/100

Auto Prune Posts has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 8, 2025Updated 4mo ago

Risk Assessment

The static analysis of "auto-prune-posts" v3.1.1 indicates a generally good security posture with no identified critical or high-severity vulnerabilities in the provided code signals. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without proper authentication or permission checks significantly limits the plugin's direct attack surface. Furthermore, the plugin utilizes prepared statements for all SQL queries and has a limited number of file operations, external HTTP requests, and no bundled libraries, which are all positive security indicators. However, a concerning aspect is the relatively low rate of properly escaped output (33%), suggesting a potential for Cross-Site Scripting (XSS) vulnerabilities if the unescaped outputs are rendered in sensitive contexts. The presence of nonces and capability checks, while positive, are not universally applied to all potential entry points, which could be a weakness if new entry points are introduced without them.

Key Concerns

33% of outputs are not properly escaped
Vulnerability history shows 3 medium CVEs

Vulnerabilities

Auto Prune Posts Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-64262medium · 4.3Cross-Site Request Forgery (CSRF)

Auto Prune Posts <= 3.0.0 - Cross-Site Request Forgery

Nov 8, 2025 Patched in 3.1.0 (10d)

CVE-2024-10639medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Auto Prune Posts <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 3.0.0 (86d)

CVE-2023-27423medium · 5.4Cross-Site Request Forgery (CSRF)

Auto Prune Posts <= 1.8.0 - Cross-Site Request Forgery via admin_menu

Mar 10, 2023 Patched in 2.0.0 (319d)

Code Analysis

Analyzed Mar 16, 2026

Auto Prune Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped42 total outputs

Attack Surface

Auto Prune Posts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuauto-prune-posts.php:366

filterplugin_row_metaauto-prune-posts.php:367

actionafter_setup_themeauto-prune-posts.php:379

Maintenance & Trust

Auto Prune Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 11, 2025

PHP min version

Downloads49K

Community Trust

Rating84/100

Number of ratings10

Active installs1K

Alternatives

Auto Prune Posts Alternatives

Mass Delete Unused Tags

mass-delete-unused-tags

Deletes all unused tags, handy tool if you want to start over with a quick clean blog.

900 1 CVE

WP Bulk Delete

wp-bulk-delete

Delete posts, pages, comments, users, taxonomy terms and meta fields in bulk with different powerful filters and conditions.

100K 2 CVEs

Optimize Database after Deleting Revisions

rvg-optimize-database

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs

Bulk Delete

bulk-delete

100

Bulk delete posts, pages, users, attachments, and meta fields based on complex bulk conditions & filters.

30K 1 CVE

Delete Duplicate Posts

delete-duplicate-posts

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K 2 CVEs

Developer Profile

Auto Prune Posts Developer Profile

ramon fincken

12 plugins · 5K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

249 days

View full developer profile

Detection Fingerprints

How We Detect Auto Prune Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-prune-posts/css/admin.css/wp-content/plugins/auto-prune-posts/css/style.css

Script Paths

/wp-content/plugins/auto-prune-posts/js/admin.js

Version Parameters

auto-prune-posts/css/admin.css?ver=auto-prune-posts/css/style.css?ver=auto-prune-posts/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

auto-prune-posts-settings

HTML Comments

Data Attributes

data-plugin-config-urldata-plugin-titledata-plugin-class

JS Globals

auto_prune_posts_admin_obj

FAQ