Does Co-Authors Plus have any unpatched vulnerabilities?

No. All known vulnerabilities in Co-Authors Plus have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Co-Authors Plus compatible with WordPress 6.8.5?

According to WordPress.org data, Co-Authors Plus 3.7.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Co-Authors Plus compatible with PHP 7.4+?

Co-Authors Plus requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Co-Authors Plus updated?

Co-Authors Plus was last updated on Oct 20, 2025. Frequent updates are generally a positive security signal.

What is Co-Authors Plus's security score?

Co-Authors Plus has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Co-Authors Plus Security & Risk Analysis

wordpress.org/plugins/co-authors-plus

Assign multiple bylines to posts, pages, and custom post types with a search-as-you-type input box.

20K active installs v3.7.0 PHP 7.4+ WP 5.9+ Updated Oct 20, 2025

authorsco-authorsmulti-authormultiple-authorsusers

A · Safe

CVEs total1

Unpatched0

Last CVEJun 7, 2022

Plugin page Download

Safety Verdict

Is Co-Authors Plus Safe to Use in 2026?

Generally Safe

Score 99/100

Co-Authors Plus has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 7, 2022Updated 5mo ago

Risk Assessment

The "co-authors-plus" plugin v3.7.0 presents a mixed security posture. While it demonstrates strong adherence to secure coding practices in many areas, particularly with a high percentage of prepared SQL statements and properly escaped output, there are notable areas of concern. The presence of two REST API routes without permission callbacks significantly expands the attack surface to potentially unauthenticated users, creating a critical risk. Furthermore, the history of a high-severity "Exposure of Sensitive Information" vulnerability in 2022 suggests a past weakness that, while patched, warrants continued vigilance. The single unsanitized path flow, though not rated as critical or high, also indicates a potential entry point for malicious data manipulation. Overall, the plugin has implemented several good security measures, but the unprotected REST API endpoints and past vulnerability history necessitate careful monitoring and prompt updates.

Key Concerns

REST API routes without permission callbacks
Flow with unsanitized path
High severity CVE in history

Vulnerabilities

Co-Authors Plus Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-a9743351-9f28-49bf-8b08-85ffbdcfa5f0-co-authors-plushigh · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Co-Authors Plus 3.5 - 3.5.1 - Sensitive Information Disclosure

Jun 7, 2022 Patched in 3.5.2 (595d)

Code Analysis

Analyzed Mar 16, 2026

Co-Authors Plus Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

174 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select23.2

SQL Query Safety

93% prepared29 total queries

Output Escaping

93% escaped187 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

action_admin_notices (php\class-coauthors-guest-authors.php:426)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Co-Authors Plus Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_search_coauthors_to_assignphp\class-coauthors-guest-authors.php:32

authwp_ajax_coauthors_ajax_suggestphp\class-coauthors-plus.php:59

REST API Routes 2

GET/wp-json/coauthors/v1/coauthorsphp\api\endpoints\class-coauthors-controller.php:65

GET/wp-json/coauthors/v1/coauthors/(?P<user_nicename>[\w-]+)php\api\endpoints\class-coauthors-controller.php:101

WordPress Hooks 94

actionrest_api_initco-authors-plus.php:225

filterblock_type_metadata_settingsphp\blocks\block-coauthors\class-block-coauthors.php:27

actioninitphp\blocks\class-blocks.php:26

filterrender_block_contextphp\blocks\class-blocks.php:40

actionenqueue_block_editor_assetsphp\blocks\class-blocks.php:41

actionrest_api_initphp\class-coauthors-endpoint.php:47

actionwp_loadedphp\class-coauthors-endpoint.php:48

actionadmin_menuphp\class-coauthors-guest-authors.php:26

actionadmin_enqueue_scriptsphp\class-coauthors-guest-authors.php:35

actionadmin_noticesphp\class-coauthors-guest-authors.php:38

actionadmin_initphp\class-coauthors-guest-authors.php:41

actionadmin_initphp\class-coauthors-guest-authors.php:42

actionparse_requestphp\class-coauthors-guest-authors.php:45

filterauthor_linkphp\class-coauthors-guest-authors.php:48

filterauthor_feed_linkphp\class-coauthors-guest-authors.php:51

filterwp_insert_post_empty_contentphp\class-coauthors-guest-authors.php:54

actionadd_meta_boxesphp\class-coauthors-guest-authors.php:57

actionwp_insert_post_dataphp\class-coauthors-guest-authors.php:58

actionsave_postphp\class-coauthors-guest-authors.php:59

filterupdate_post_metadataphp\class-coauthors-guest-authors.php:62

filterpost_updated_messagesphp\class-coauthors-guest-authors.php:65

filteruser_row_actionsphp\class-coauthors-guest-authors.php:68

filterget_avatarphp\class-coauthors-guest-authors.php:71

filterwp_privacy_personal_data_exportersphp\class-coauthors-guest-authors.php:74

filternav_menu_link_attributesphp\class-coauthors-guest-authors.php:77

actionadmin_headphp\class-coauthors-guest-authors.php:401

filterwp_dropdown_usersphp\class-coauthors-guest-authors.php:618

actioninitphp\class-coauthors-plus.php:37

actioninitphp\class-coauthors-plus.php:38

actionadmin_initphp\class-coauthors-plus.php:41

filterposts_wherephp\class-coauthors-plus.php:44

filterposts_joinphp\class-coauthors-plus.php:45

filterposts_groupbyphp\class-coauthors-plus.php:46

actionsave_postphp\class-coauthors-plus.php:49

filterwp_insert_post_dataphp\class-coauthors-plus.php:51

actiondelete_userphp\class-coauthors-plus.php:54

filterget_usernumpostsphp\class-coauthors-plus.php:56

filteruser_has_capphp\class-coauthors-plus.php:62

actionadd_meta_boxesphp\class-coauthors-plus.php:65

actionadd_meta_boxesphp\class-coauthors-plus.php:66

actionwp_refresh_noncesphp\class-coauthors-plus.php:69

actionadmin_headphp\class-coauthors-plus.php:72

filterwp_get_object_termsphp\class-coauthors-plus.php:75

actionposts_selectionphp\class-coauthors-plus.php:78

actionthe_postphp\class-coauthors-plus.php:79

filteref_calendar_item_information_fieldsphp\class-coauthors-plus.php:82

filteref_story_budget_term_column_valuephp\class-coauthors-plus.php:83

filterjetpack_open_graph_tagsphp\class-coauthors-plus.php:86

filtercomment_moderation_recipientsphp\class-coauthors-plus.php:89

filterinfinite_scroll_js_settingsphp\class-coauthors-plus.php:92

actionsave_postphp\class-coauthors-plus.php:95

actiondelete_postphp\class-coauthors-plus.php:96

actionset_object_termsphp\class-coauthors-plus.php:97

filterget_the_archive_titlephp\class-coauthors-plus.php:100

filterpre_get_avatar_dataphp\class-coauthors-plus.php:103

actionenqueue_block_editor_assetsphp\class-coauthors-plus.php:106

actionrest_prepare_authorphp\class-coauthors-plus.php:109

actionbulk_edit_custom_boxphp\class-coauthors-plus.php:115

actionbulk_edit_postsphp\class-coauthors-plus.php:118

actionedited_term_taxonomyphp\class-coauthors-plus.php:221

actionadmin_enqueue_scriptsphp\class-coauthors-plus.php:234

actionadmin_headphp\class-coauthors-plus.php:236

filtermanage_posts_columnsphp\class-coauthors-plus.php:239

filtermanage_pages_columnsphp\class-coauthors-plus.php:240

actionmanage_posts_custom_columnphp\class-coauthors-plus.php:241

actionmanage_pages_custom_columnphp\class-coauthors-plus.php:242

actionquick_edit_custom_boxphp\class-coauthors-plus.php:245

filtermanage_users_columnsphp\class-coauthors-plus.php:248

filtermanage_users_custom_columnphp\class-coauthors-plus.php:249

actionload-edit.phpphp\class-coauthors-plus.php:252

actionload-users.phpphp\class-coauthors-plus.php:253

filterquick_edit_dropdown_authors_argsphp\class-coauthors-plus.php:548

filterpre_handle_404php\class-coauthors-plus.php:1284

filterterms_clausesphp\class-coauthors-plus.php:1401

filterpre_count_many_users_postsphp\class-coauthors-plus.php:1525

filterthe_authorphp\class-coauthors-template-filters.php:10

filterthe_author_posts_linkphp\class-coauthors-template-filters.php:11

filterthe_authorphp\class-coauthors-template-filters.php:14

actionrss2_itemphp\class-coauthors-template-filters.php:15

filterposts_wherephp\class-coauthors-wp-list-table.php:128

actionpre_amp_render_postphp\integrations\amp.php:3

filteramp_post_template_metadataphp\integrations\amp.php:5

filteramp_post_template_filephp\integrations\amp.php:6

actionplugins_loadedphp\integrations\yoast.php:33

filterwpseo_schema_graphphp\integrations\yoast.php:83

filterwpseo_schema_authorphp\integrations\yoast.php:84

filterwpseo_schema_profilepagephp\integrations\yoast.php:85

filterwpseo_meta_authorphp\integrations\yoast.php:86

filterwpseo_enhanced_slack_dataphp\integrations\yoast.php:87

filterwpseo_robots_arrayphp\integrations\yoast.php:88

filterwpseo_opengraph_urlphp\integrations\yoast.php:89

filterwpseo_replacementsphp\integrations\yoast.php:90

filterthe_authortemplate-tags.php:216

filterthe_authortemplate-tags.php:371

Maintenance & Trust

Co-Authors Plus Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 20, 2025

PHP min version7.4

Downloads1.4M

Community Trust

Rating70/100

Number of ratings77

Active installs20K

Alternatives

Co-Authors Plus Alternatives

Extend Co-Authors Plus for FacetWP

extend-co-authors-plus-for-facetwp

Add an Co-Authors facet to FacetWP

10 No CVEs

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

molongui-authorship

All-in-One Authorship Solution: Seamless Author Box, Guest Authors, and Co-Authors to enhance your site's authority, credibility, engagement, and SEO.

10K 6 CVEs

Starbox – the Author Box for Humans

starbox

Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship

10K 6 CVEs

ThemeRuby Multi Authors – Assign Multiple Writers to Posts

themeruby-multi-authors

A lightweight plugin that allows you to assign multiple writers to posts, fast and easy to use.

1K 1 CVE

Byline

byline

Solves the co/multi-author problem without modifying the theme. Uses a custom taxonomy, "Byline," that replaces the Display Author.

200 No CVEs

Developer Profile

Co-Authors Plus Developer Profile

Automattic

213 plugins · 19.2M total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1384 days

View full developer profile

Detection Fingerprints

How We Detect Co-Authors Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/co-authors-plus/js/coauthors-plus.js/wp-content/plugins/co-authors-plus/js/coauthors-plus-admin.js/wp-content/plugins/co-authors-plus/css/coauthors-plus.css/wp-content/plugins/co-authors-plus/css/coauthors-plus-admin.css/wp-content/plugins/co-authors-plus/build/index.js

Script Paths

/wp-content/plugins/co-authors-plus/js/coauthors-plus.js/wp-content/plugins/co-authors-plus/js/coauthors-plus-admin.js/wp-content/plugins/co-authors-plus/build/index.js

Version Parameters

co-authors-plus/js/coauthors-plus.js?ver=co-authors-plus/js/coauthors-plus-admin.js?ver=co-authors-plus/css/coauthors-plus.css?ver=co-authors-plus/css/coauthors-plus-admin.css?ver=co-authors-plus/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

coauthors-add-newcoauthors-removecoauthors-dropdowncoauthors-searchcoauthors-search-resultsauthor-listcoauthors-avatars

Data Attributes

data-coauthors-post-iddata-coauthors-current-authordata-coauthors-max-authors

JS Globals

coauthors_plus_settingsCoAuthorsPlus

REST Endpoints

/wp-json/coauthors-plus/v1/users/wp-json/coauthors-plus/v1/authors

Shortcode Output

<div class="coauthors-content">

FAQ