Does Content Relations have any unpatched vulnerabilities?

No. All known vulnerabilities in Content Relations have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Content Relations compatible with WordPress 6.0.11?

According to WordPress.org data, Content Relations 1.0.15 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Content Relations updated?

Content Relations was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Content Relations's security score?

Content Relations has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Content Relations Security & Risk Analysis

wordpress.org/plugins/content-relations

Add relations between posts.

20 active installs v1.0.15 PHP + WP 4.0+ Updated Feb 16, 2026

metaboxpostrelation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Content Relations Safe to Use in 2026?

Generally Safe

Score 100/100

Content Relations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "content-relations" plugin v1.0.15 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no recorded CVEs, indicating a potentially stable codebase. It also demonstrates some good practices by implementing nonce and capability checks for one entry point and a reasonable percentage of SQL queries using prepared statements. Furthermore, the absence of file operations and external HTTP requests mitigates common attack vectors.

However, significant concerns arise from the static analysis. The plugin has a single entry point via an AJAX handler that lacks any authentication or permission checks. This unprotected entry point, combined with a taint flow identified with unsanitized paths, presents a considerable risk. While the taint analysis did not reveal critical or high severity issues, the presence of an unsanitized path flow suggests potential for injection vulnerabilities if an attacker can control the input leading to that flow. The SQL query usage and output escaping, while not perfect, are not the most pressing concerns compared to the unprotected AJAX handler.

In conclusion, while the plugin benefits from a clean security history, the single unprotected AJAX handler is a critical weakness. This, along with the identified unsanitized path flow, significantly elevates the risk profile. The plugin needs immediate attention to secure this entry point and address the unsanitized path.

Key Concerns

Unprotected AJAX handler
Flow with unsanitized path
SQL queries not using prepared statements (40% use)
Outputs not properly escaped (59% escaped)

Vulnerabilities

None known

Content Relations Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Content Relations Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

40% prepared5 total queries

Output Escaping

59% escaped27 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

render_menu (classes\meta-box.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Content Relations Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_ph_content_relations_titleclasses\meta-box.php:32

WordPress Hooks 11

filtergrid_posts_box_content_structureclasses\grid.php:9

filtergrid_posts_box_query_argsclasses\grid.php:10

actionadmin_menuclasses\meta-box.php:22

actionadd_meta_boxesclasses\meta-box.php:23

actionsave_postclasses\meta-box.php:27

actiondelete_postclasses\meta-box.php:28

actionthe_postclasses\post.php:16

actionrest_api_initclasses\rest-api.php:16

filtercontent_relations_modify_rest_jsonclasses\rest-api.php:17

filterposts_whereclasses\wp-post-query-extension.php:23

actionph_migrate_register_field_handlersmigrate.php:10

Maintenance & Trust

Content Relations Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedFeb 16, 2026

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Content Relations Alternatives

Posts 2 Posts

posts-to-posts

100

Efficient many-to-many connections between posts, pages, custom post types, users.

10K No CVEs

Pure Metafields

pure-metafields

100

Pure Metafields is very light weight plugin tused to create custom metabox for any post type like page, post and your custom post type support it.

10K No CVEs

Multi Image Metabox

multi-image-metabox

Add a multi-image metabox to your posts, pages and custom post types

7K No CVEs

CubeWP Framework

cubewp-framework

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

Developer Profile

Content Relations Developer Profile

EdwardBock

22 plugins · 2K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

107 days

View full developer profile

Detection Fingerprints

How We Detect Content Relations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/content-relations/css/content-relations-admin.css/wp-content/plugins/content-relations/js/content-relations-admin.js

Script Paths

/wp-content/plugins/content-relations/js/content-relations-admin.js

Version Parameters

content-relations-stylecontent-relations-js

HTML / DOM Fingerprints

CSS Classes

delete-relations-wrapperdelete-relation-button

Data Attributes

data-relation-id

JS Globals

_ContentRelations

REST Endpoints

/wp-json/content-relations

FAQ