WP-Safety

Bestseller Lists from the New York Times Security & Risk Analysis

wordpress.org/plugins/bestseller-lists-from-new-york-times

Integrate bestseller lists from the New York Times into your own site with a user-friendly interface.

10 active installs v2.6.0 PHP 7.4+ WP 5.4+ Updated Jan 5, 2026
bestsellersbookslibrarieslibraryreading-lists
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bestseller Lists from the New York Times Safe to Use in 2026?

Generally Safe

Score 100/100

Bestseller Lists from the New York Times has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "bestseller-lists-from-new-york-times" plugin v2.6.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices in several areas. All SQL queries utilize prepared statements, ensuring protection against SQL injection. Furthermore, all identified output operations are properly escaped, mitigating cross-site scripting (XSS) vulnerabilities. The absence of any recorded historical vulnerabilities, including critical or high-severity ones, suggests a generally stable codebase over time. However, a significant concern arises from the substantial attack surface exposed through its AJAX handlers. With four AJAX handlers identified, and alarmingly, all four lacking any authentication checks, this presents a direct pathway for unauthenticated users to potentially interact with sensitive plugin functionality. This lack of authorization on AJAX endpoints is a critical security weakness that could be exploited.

Key Concerns

  • AJAX handlers without authentication checks
Vulnerabilities
None known

Bestseller Lists from the New York Times Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Bestseller Lists from the New York Times Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
15 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped15 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
nyt_best_seller_listings_ajax_get_list (bestseller-lists-from-new-york-times.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Bestseller Lists from the New York Times Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_nyt_bestseller_listings_getListbestseller-lists-from-new-york-times.php:73
noprivwp_ajax_nyt_bestseller_listings_getListbestseller-lists-from-new-york-times.php:74
authwp_ajax_nyt_bestseller_listings_getAllListsbestseller-lists-from-new-york-times.php:88
noprivwp_ajax_nyt_bestseller_listings_getAllListsbestseller-lists-from-new-york-times.php:89

Shortcodes 1

[nyt-bestseller-listings] bestseller-lists-from-new-york-times.php:42
WordPress Hooks 3
actioninitbestseller-lists-from-new-york-times.php:41
filterwp_kses_allowed_htmlbestseller-lists-from-new-york-times.php:43
actionadmin_menubestseller-lists-from-new-york-times.php:64
Maintenance & Trust

Bestseller Lists from the New York Times Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedJan 5, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Bestseller Lists from the New York Times Alternatives

BNC BiblioShare

BNC BiblioShare

bnc-biblioshare

A
85

Displays a book's cover image, title, author, and other book data from BiblioShare

20 No CVEs
Library Bookshelves

Library Bookshelves

library-bookshelves

C
66

Create bookshelves that link to your library catalog. Use shortcodes to display book covers in carousels.

500 1 unpatched
Library Management System

Library Management System

library-management-system

A
93

Library Management System is a WordPress plugin that helps schools and colleges manage libraries, bookcases, sections, categories, and users.

300 4 CVEs
Classroom Library

Classroom Library

classroom-library

A
100

Classroom library plugin to catalog books and create a check in/out system for students.

20 No CVEs
Books Library

Books Library

books-library

A
85

This is a Books Library plugin for Gutenberg block. Easily manager books data in the backend. There are some good features like ratings, price, and fi …

10 No CVEs
Developer Profile

Bestseller Lists from the New York Times Developer Profile

jakeparis

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bestseller Lists from the New York Times

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bestseller-lists-from-new-york-times/build/lists/block.js/wp-content/plugins/bestseller-lists-from-new-york-times/build/lists/style.css/wp-content/plugins/bestseller-lists-from-new-york-times/build/lists/editor.css
Script Paths
/wp-content/plugins/bestseller-lists-from-new-york-times/build/lists/block.js/wp-content/plugins/bestseller-lists-from-new-york-times/build/lists/editor.js
Version Parameters
bestseller-lists-from-new-york-times/build/lists/block.js?ver=bestseller-lists-from-new-york-times/build/lists/style.css?ver=bestseller-lists-from-new-york-times/build/lists/editor.css?ver=bestseller-lists-from-new-york-times/build/lists/editor.js?ver=

HTML / DOM Fingerprints

JS Globals
window.ajaxurl = window?.ajaxurl ||
REST Endpoints
/wp-json/nyt-bestseller-listings
Shortcode Output
[nyt-bestseller-listings]
FAQ

Frequently Asked Questions about Bestseller Lists from the New York Times