WP-Safety

Content Sync Assistant Security & Risk Analysis

wordpress.org/plugins/content-sync-assistant

EN: Efficiently and reliably synchronize content between multiple WordPress sites. ZH: 高效可靠地在多个 WordPress 站点之间同步内容。

40 active installs v1.0.2 PHP 7.0+ WP 5.6+ Updated Jun 23, 2025
automationmetadatamultisitepostssynchronize
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Content Sync Assistant Safe to Use in 2026?

Generally Safe

Score 100/100

Content Sync Assistant has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The content-sync-assistant plugin, version 1.0.2, exhibits a generally strong security posture, characterized by the extensive use of prepared statements for SQL queries and a high percentage of properly escaped output. The absence of critical or high-severity taint flows and a clean vulnerability history with no recorded CVEs are significant strengths, indicating good development practices and a low likelihood of previously exploited vulnerabilities.

However, a notable concern lies within the attack surface. The plugin exposes three AJAX handlers, one of which lacks authentication checks. While the taint analysis did not reveal any unsanitized paths, an unprotected AJAX endpoint represents a potential entry point for attackers to trigger unintended functionality or probe for further weaknesses. The presence of a cron event also adds to the attack surface, though its specific functionality and security are not detailed in the provided data.

In conclusion, the plugin demonstrates commendable attention to secure coding practices in its handling of database interactions and output. The primary area for improvement and potential risk stems from the unprotected AJAX endpoint, which warrants immediate attention to mitigate potential exploitation. The overall security is good, but this single oversight introduces a tangible risk that should be addressed.

Key Concerns

  • AJAX handler without authentication check
Vulnerabilities
None known

Content Sync Assistant Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Content Sync Assistant Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
10
270 escaped
Nonce Checks
17
Capability Checks
32
File Operations
1
External Requests
12
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

96% escaped280 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
<wowown-contsyas-manual-sync> (admin\partials\wowown-contsyas-manual-sync.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Content Sync Assistant Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_wowown_contsyas_update_target_site_status_hookadmin\class-wowown-contsyas-admin-menu.php:29
authwp_ajax_inline-saveincludes\class-wowown-contsyas-sync-tasks.php:51
authwp_ajax_wowown_contsyas_check_target_site_domain_hookincludes\class-wowown-contsyas-target-sites.php:29
WordPress Hooks 39
actionadmin_menuadmin\class-wowown-contsyas-admin-menu.php:27
actionadmin_enqueue_scriptsadmin\class-wowown-contsyas-admin-menu.php:28
actionadmin_post_wowown_contsyas_add_target_siteadmin\class-wowown-contsyas-admin-menu.php:32
actionadmin_post_wowown_contsyas_edit_target_siteadmin\class-wowown-contsyas-admin-menu.php:33
actionadmin_post_wowown_contsyas_delete_target_siteadmin\class-wowown-contsyas-admin-menu.php:34
actionadmin_post_wowown_contsyas_test_connectionadmin\class-wowown-contsyas-admin-menu.php:35
actionadmin_post_wowown_contsyas_manual_sync_postsadmin\class-wowown-contsyas-admin-menu.php:38
actionadmin_post_wowown_contsyas_save_settingsadmin\class-wowown-contsyas-admin-menu.php:41
actionplugins_loadedcontent-sync-assistant.php:88
actionwowown_contsyas_daily_log_cleanup_hookincludes\class-wowown-contsyas-logs.php:54
actioninitincludes\class-wowown-contsyas-rest-controller.php:30
filterrest_request_before_callbacksincludes\class-wowown-contsyas-rest-controller.php:32
filterdetermine_current_userincludes\class-wowown-contsyas-rest-controller.php:34
filterrest_authentication_errorsincludes\class-wowown-contsyas-rest-controller.php:35
filterrest_post_queryincludes\class-wowown-contsyas-rest-controller.php:37
filterrest_page_queryincludes\class-wowown-contsyas-rest-controller.php:38
filterrest_pre_insert_postincludes\class-wowown-contsyas-rest-controller.php:40
filterrest_pre_insert_pageincludes\class-wowown-contsyas-rest-controller.php:41
filterdetermine_current_userincludes\class-wowown-contsyas-rest-controller.php:286
filteruser_has_capincludes\class-wowown-contsyas-rest-controller.php:394
actionadd_meta_boxesincludes\class-wowown-contsyas-sync-tasks.php:33
actionenqueue_block_editor_assetsincludes\class-wowown-contsyas-sync-tasks.php:34
filterrest_pre_insert_postincludes\class-wowown-contsyas-sync-tasks.php:36
filterrest_pre_insert_pageincludes\class-wowown-contsyas-sync-tasks.php:37
actiontransition_post_statusincludes\class-wowown-contsyas-sync-tasks.php:38
actionpost_updatedincludes\class-wowown-contsyas-sync-tasks.php:39
actionsave_postincludes\class-wowown-contsyas-sync-tasks.php:40
actionwp_insert_postincludes\class-wowown-contsyas-sync-tasks.php:41
actionrest_insert_postincludes\class-wowown-contsyas-sync-tasks.php:42
actionrest_insert_pageincludes\class-wowown-contsyas-sync-tasks.php:43
actionrest_after_insert_postincludes\class-wowown-contsyas-sync-tasks.php:44
actionrest_after_insert_pageincludes\class-wowown-contsyas-sync-tasks.php:45
actionwp_after_insert_postincludes\class-wowown-contsyas-sync-tasks.php:46
actiondeleted_postincludes\class-wowown-contsyas-sync-tasks.php:47
actiontrashed_postincludes\class-wowown-contsyas-sync-tasks.php:48
actionuntrashed_postincludes\class-wowown-contsyas-sync-tasks.php:49
actionbulk_edit_postsincludes\class-wowown-contsyas-sync-tasks.php:52
filterbulk_actions-edit-postincludes\class-wowown-contsyas-sync-tasks.php:53
filterhandle_bulk_actions-edit-postincludes\class-wowown-contsyas-sync-tasks.php:54

Scheduled Events 1

wowown_contsyas_daily_log_cleanup_hook
Maintenance & Trust

Content Sync Assistant Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 23, 2025
PHP min version7.0
Downloads579

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

Content Sync Assistant Alternatives

WP Meta and Date Remover

WP Meta and Date Remover

wp-meta-and-date-remover

A
99

Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.

90K 2 CVEs
JSM Show Post Metadata

JSM Show Post Metadata

jsm-show-post-meta

A
99

Show post metadata (aka custom fields) in a metabox when editing posts / pages - a great tool for debugging issues with post metadata.

10K 1 CVE
Publish to Schedule

Publish to Schedule

publish-to-schedule

A
99

Automate your WordPress post scheduling with Publish to Schedule. Set rules for days and times to publish posts automatically, saving you time and ens &hellip;

5K 2 CVEs
WP Multisite Content Copier/Updater

WP Multisite Content Copier/Updater

wp-multisite-content-copier

A
98

Copy/Update posts and pages from one site (blog) to the other sites (blogs) in your WordPress Multisite Network.

800 3 CVEs
GSheets Connector

GSheets Connector

sheetlink

B
70

Sync your WordPress posts, custom post types, and WooCommerce orders, including custom fields, to Google Spreadsheets using available filter hooks.

100 1 unpatched
Developer Profile

Content Sync Assistant Developer Profile

wowown

3 plugins · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Content Sync Assistant

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-sync-assistant/admin/css/target-sites.css/wp-content/plugins/content-sync-assistant/admin/css/settings.css/wp-content/plugins/content-sync-assistant/admin/css/sync-tasks.css/wp-content/plugins/content-sync-assistant/admin/js/target-sites.js/wp-content/plugins/content-sync-assistant/admin/js/settings.js/wp-content/plugins/content-sync-assistant/admin/js/sync-tasks.js
Script Paths
/wp-content/plugins/content-sync-assistant/admin/js/target-sites.js/wp-content/plugins/content-sync-assistant/admin/js/settings.js/wp-content/plugins/content-sync-assistant/admin/js/sync-tasks.js
Version Parameters
content-sync-assistant/admin/css/target-sites.css?ver=content-sync-assistant/admin/css/settings.css?ver=content-sync-assistant/admin/css/sync-tasks.css?ver=content-sync-assistant/admin/js/target-sites.js?ver=content-sync-assistant/admin/js/settings.js?ver=content-sync-assistant/admin/js/sync-tasks.js?ver=

HTML / DOM Fingerprints

CSS Classes
wowown-contsyas-target-sites-wrapwowown-contsyas-settings-wrapwowown-contsyas-sync-tasks-wrapwowown-contsyas-target-site-formwowown-contsyas-sync-task-formwowown-contsyas-settings-form
HTML Comments
<!-- Target Sites List --><!-- Sync Tasks List --><!-- Settings Form --><!-- Add Target Site Form -->+3 more
Data Attributes
data-wowown-contsyas-actiondata-wowown-contsyas-target-site-iddata-wowown-contsyas-nonce
JS Globals
wowown_contsyas_target_sites_ajax_objectwowown_contsyas_settings_ajax_objectwowown_contsyas_sync_tasks_ajax_object
REST Endpoints
/wp-json/content-sync-assistant/v1/target-sites/wp-json/content-sync-assistant/v1/sync-status/wp-json/content-sync-assistant/v1/sync-log
FAQ

Frequently Asked Questions about Content Sync Assistant