WP-Safety

Content Writer Security & Risk Analysis

wordpress.org/plugins/content-writer

Allows users to order, post and socially share uniquely written content to their blog.

200 active installs v3.6.9 PHP 8.3+ WP 4.5+ Updated Oct 16, 2025
blog-content-writerscontent-writercontent-writerscontent-writingseo-content
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 14, 2025
Plugin page Download
Safety Verdict

Is Content Writer Safe to Use in 2026?

Generally Safe

Score 99/100

Content Writer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 14, 2025Updated 5mo ago
Risk Assessment

The 'content-writer' plugin v3.6.9 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and shows no open CVEs. The absence of direct SQL injection, critical taint flows, and external HTTP requests are encouraging signs. However, significant concerns arise from the static analysis. A notably low percentage of output escaping (12%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the presence of file operations without any apparent authorization checks or nonce verification on its entry points is a major red flag, potentially allowing unauthorized file manipulation. The vulnerability history, while currently clear, included a past medium severity vulnerability related to sensitive information logging, suggesting a potential for past oversight in security practices.

Key Concerns

  • Low output escaping percentage
  • File operations without auth/nonce checks
  • Bundled outdated library (TinyMCE)
  • Past medium severity vulnerability
Vulnerabilities
1

Content Writer Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-10486medium · 5.3Insertion of Sensitive Information into Log File

Content Writer <= 3.6.8 - Unauthenticated Information Exposure via Log File

Oct 14, 2025 Patched in 3.6.9 (3d)
Code Analysis
Analyzed Mar 16, 2026

Content Writer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

12% escaped17 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
conwr_render_options_page (content-writer.php:91)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Content Writer Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 13
actioninitcontent-writer.php:30
actionadmin_initcontent-writer.php:31
filtermce_csscontent-writer.php:32
actionadmin_menucontent-writer.php:33
actionadmin_enqueue_scriptscontent-writer.php:34
actiontransition_post_statuscontent-writer.php:35
actionpost_updatedcontent-writer.php:36
actiondelete_postcontent-writer.php:37
actionrest_api_initcontent-writer.php:38
actionplugins_loadedcontent-writer.php:56
filterplugin_action_linkscontent-writer.php:65
filtermce_external_pluginscontent-writer.php:81
actionadmin_noticescontent-writer.php:98
Maintenance & Trust

Content Writer Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedOct 16, 2025
PHP min version8.3
Downloads29K

Community Trust

Rating86/100
Number of ratings7
Active installs200
Alternatives

Content Writer Alternatives

Outranking Plugin Options

Outranking Plugin Options

outranking

A
85

A simple plugin to extend functionalities of Outranking.io content writing tool.

100 No CVEs
LongShot AI – Long Form Writing Assistant

LongShot AI – Long Form Writing Assistant

longshot-ai-long-form-writing-assistant

A
85

LongShot is an AI writing assistant that helps research, generate, and optimize long-form content. With a comprehensive list of features, you can say &hellip;

20 No CVEs
GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

getgenie

A
95

GPT-4o powered AI content writer with 37+ templates, chatbot, AI image, NLP keyword research, SEO analysis for WordPress, Gutenberg & Elementor.

70K 4 CVEs
Surfer – WordPress Plugin

Surfer – WordPress Plugin

surferseo

A
97

Connect Surfer's Content Editor to WordPress. Write and optimize your articles for SEO, find new keyword ideas and publish straight to WordPress.

6K 3 CVEs
Quickcreator – AI Blog Writer

Quickcreator – AI Blog Writer

quickcreator

A
97

Integrate QuickCreator's Content Editor with WordPress for AI-driven SEO content creation and seamless publishing.

600 1 CVE
Developer Profile

Content Writer Developer Profile

steadycontent

1 plugin · 200 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect Content Writer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-writer/assets/js/conwr_base.js/wp-content/plugins/content-writer/assets/js/conwr_tinymce.js
Script Paths
/wp-content/plugins/content-writer/assets/js/conwr_base.js/wp-content/plugins/content-writer/assets/js/conwr_tinymce.js
Version Parameters
content-writer/assets/js/conwr_base.js?ver=content-writer/assets/js/conwr_tinymce.js?ver=

HTML / DOM Fingerprints

CSS Classes
conwr-kw-wrapperconwr-kw-innerconwr-kw-tablekw-labelkw-valuewriter-info-wrappermd-20fa-heart
Data Attributes
data-save_settingsdata-disconnect
JS Globals
conwr_base_urlCONWR_BASE_URL
REST Endpoints
/wp-json/content-writer/v1/settings
FAQ

Frequently Asked Questions about Content Writer