Does Content Scheduler have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Content Scheduler compatible with WordPress 4.1.0?

According to WordPress.org data, Content Scheduler 2.0.5 has been tested up to WordPress 4.1.0. Check the plugin's changelog for the latest compatibility information.

How often is Content Scheduler updated?

Content Scheduler was last updated on Dec 26, 2014. Frequent updates are generally a positive security signal.

What is Content Scheduler's security score?

Content Scheduler has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Content Scheduler Security & Risk Analysis

wordpress.org/plugins/content-scheduler

Schedule content to automatically expire and change at a certain time, and notify people of expiration.

200 active installs v2.0.5 PHP + WP 2.9+ Updated Dec 26, 2014

expireexpire-postsexpiringschedulingsticky

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Content Scheduler Safe to Use in 2026?

Generally Safe

Score 85/100

Content Scheduler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "content-scheduler" v2.0.5 plugin exhibits a generally good security posture based on the provided static analysis. It demonstrates a small attack surface with no unprotected entry points, and the code signals indicate a conscientious effort to implement security best practices such as capability checks and nonce verification. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced risk profile. Furthermore, the plugin has a clean vulnerability history with no known CVEs, suggesting a stable and well-maintained codebase.

However, a significant concern arises from the low percentage of properly escaped output. With only 6% of the 35 total outputs being properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Malicious actors could potentially inject arbitrary scripts through user-controlled data that is displayed on the frontend without adequate sanitization. While the taint analysis showed no flows with unsanitized paths, the low output escaping rate means that if such paths were to exist, they would be a direct threat. The SQL queries, while mostly prepared, still present a minor risk if any of the unprepared queries handle user input.

In conclusion, "content-scheduler" v2.0.5 is strong in its defense against common attack vectors and has a solid history. The primary weakness lies in output escaping, which requires immediate attention to mitigate potential XSS risks. Addressing this concern would significantly improve the plugin's overall security.

Key Concerns

Low output escaping rate (94% unescaped)
SQL queries with potential for unsanitized input (20%)

Vulnerabilities

None known

Content Scheduler Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Content Scheduler Release Timeline

v2.0.5Current

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.0.0

v0.9.9

v0.9.8

v0.9.7

v0.9.6

v0.9.5

v0.9.4

v0.9.3

Code Analysis

Analyzed Mar 16, 2026

Content Scheduler Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

6% escaped35 total outputs

Attack Surface

Content Scheduler Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cs_expiration] content-scheduler.php:105

WordPress Hooks 18

actionadmin_initcontent-scheduler-settings.php:25

actionadmin_menucontent-scheduler-settings.php:26

actionupdate_option_ContentScheduler_Optionscontent-scheduler-settings.php:31

actionadmin_enqueue_scriptscontent-scheduler.php:68

actionadmin_enqueue_scriptscontent-scheduler.php:69

actionadd_meta_boxescontent-scheduler.php:71

actionsave_postcontent-scheduler.php:72

actionmanage_posts_custom_columncontent-scheduler.php:74

actionmanage_pages_custom_columncontent-scheduler.php:75

filtermanage_posts_columnscontent-scheduler.php:77

filtermanage_pages_columnscontent-scheduler.php:78

actioninitcontent-scheduler.php:81

actionadmin_initcontent-scheduler.php:85

actionadmin_menucontent-scheduler.php:86

actionadmin_headcontent-scheduler.php:87

actionadmin_footercontent-scheduler.php:88

actioncontentschedulercontent-scheduler.php:99

filtercron_schedulescontent-scheduler.php:108

Scheduled Events 2

contentscheduler

Maintenance & Trust

Content Scheduler Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.0

Last updatedDec 26, 2014

PHP min version

Downloads30K

Community Trust

Rating48/100

Number of ratings8

Active installs200

Alternatives

Content Scheduler Alternatives

Expiring Posts

expiring-posts

This plugin adds functionality to expire a post on a given date.

900 No CVEs

WP Post Expires

wp-post-expires

Plugin adds post expires time after which will be performed actions: add prefix to title, move to drafts or trash.

2K No CVEs

Expire Sticky Posts

expire-sticky-posts

A simple plugin that allows you to set an expiration date on posts. Once a post is expired, it will no longer be sticky.

1K No CVEs

VA Simple Expires

va-simple-expires

This is the fork of Simple Expires created by Mr. abmcr. Simple plugin which can set up the term of validity.

900 No CVEs

Simple Expires

simple-expires

Enable Posts and Pages to automatically expire and change at a certain time, and provide notification of expiration.

500 No CVEs

Developer Profile

Content Scheduler Developer Profile

Paul Kaiser

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Content Scheduler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/content-scheduler/css/cs-admin-styles.css/wp-content/plugins/content-scheduler/css/cs-admin-styles-v2.css/wp-content/plugins/content-scheduler/css/cs-public-styles.css/wp-content/plugins/content-scheduler/js/cs-admin-scripts.js/wp-content/plugins/content-scheduler/js/cs-public-scripts.js

Script Paths

/wp-content/plugins/content-scheduler/js/cs-admin-scripts.js/wp-content/plugins/content-scheduler/js/cs-public-scripts.js

Version Parameters

content-scheduler/css/cs-admin-styles.css?ver=content-scheduler/css/cs-admin-styles-v2.css?ver=content-scheduler/css/cs-public-styles.css?ver=content-scheduler/js/cs-admin-scripts.js?ver=content-scheduler/js/cs-public-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

cs_expiration_datecs_expire_date_labelcs_expire_date_fieldcs_expire_date_notescs_expiration_date_metabox

Data Attributes

data-cs-nonce

JS Globals

cs_admin_ajax_objectcs_admin_ajax_urlcs_admin_nonce

REST Endpoints

/wp-json/content-scheduler/v1/settings

Shortcode Output

[cs_expiration]

FAQ