Does Checklist in Post have any unpatched vulnerabilities?

No. All known vulnerabilities in Checklist in Post have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Checklist in Post compatible with WordPress 5.0.25?

According to WordPress.org data, Checklist in Post 1.1.3 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is Checklist in Post updated?

Checklist in Post was last updated on Dec 8, 2018. Frequent updates are generally a positive security signal.

What is Checklist in Post's security score?

Checklist in Post has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Checklist in Post Security & Risk Analysis

wordpress.org/plugins/checklist-in-post

Allow creating checklists in posts based on bulleted list.

400 active installs v1.1.3 PHP + WP 3.0+ Updated Dec 8, 2018

checklistforinpostshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Checklist in Post Safe to Use in 2026?

Generally Safe

Score 85/100

Checklist in Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "checklist-in-post" plugin v1.1.3 presents a generally good security posture, primarily due to the absence of known vulnerabilities and the use of prepared statements for all SQL queries. The static analysis reveals no critical security flaws such as dangerous functions, file operations, or external HTTP requests. Furthermore, there are no recorded CVEs, indicating a history of secure development or prompt patching.

However, a significant concern arises from the lack of output escaping. With three output points identified and none properly escaped, there is a notable risk of Cross-Site Scripting (XSS) vulnerabilities. While the attack surface is minimal, with only one shortcode and no AJAX handlers or REST API routes to analyze, any unescaped output could still be exploited. The complete absence of nonce and capability checks, even on the single shortcode, further exacerbates this risk, as it suggests a lack of robust authorization and validation for the plugin's functionality.

Key Concerns

Unescaped output detected
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Checklist in Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Checklist in Post Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

Checklist in Post Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[checklist_in_post] checklist_in_post.php:70

WordPress Hooks 10

actionadmin_initadmin\options.php:7

actionadmin_menuadmin\options.php:8

actionadmin_initadmin\options.php:19

actionadmin_enqueue_scriptschecklist_in_post.php:21

filtermce_external_pluginschecklist_in_post.php:49

filtermce_buttonschecklist_in_post.php:58

actionadmin_enqueue_scriptschecklist_in_post.php:63

actionwp_enqueue_scriptschecklist_in_post.php:71

actionwp_enqueue_scriptschecklist_in_post.php:72

actionwp_enqueue_scriptschecklist_in_post.php:73

Maintenance & Trust

Checklist in Post Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedDec 8, 2018

PHP min version

Downloads8K

Community Trust

Rating100/100

Number of ratings6

Active installs400

Alternatives

Checklist in Post Alternatives

amoForms

amoforms

Create forms and manage submissions easily with a simple interface. Contact forms, subscription forms, or other forms for WordPress. Absolutely FREE!

300 No CVEs

Login Form Anywhere

Allow admin to show login from anywhere in Wordpress.

60 No CVEs

Wpautop Mask

wpautop-mask

Toggle wpautop with shortcodes.

10 No CVEs

PrePublish Checks by Kgaurav

prepublish-checks-by-kgaurav

100

A plugin that checks to ensure variety of conditions are being met before any new post can be published.Eg-Minimum Title length,Featured Image,etc.

0 No CVEs

Advanced Excerpt

advanced-excerpt

Control the appearance of WordPress post excerpts

80K No CVEs

Developer Profile

Checklist in Post Developer Profile

Intar IT

1 plugin · 400 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Checklist in Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/checklist-in-post/css/checklist_in_post_frontend.css/wp-content/plugins/checklist-in-post/checklist_in_post_frontend.js/wp-content/plugins/checklist-in-post/checklist_in_post.js/wp-content/plugins/checklist-in-post/css/checklist_in_post.css

Script Paths

https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css

HTML / DOM Fingerprints

CSS Classes

checklist_in_post

JS Globals

options

Shortcode Output

<div class='checklist_in_post'>

FAQ