Does Contextual Related Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Contextual Related Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contextual Related Posts compatible with WordPress 6.9.4?

According to WordPress.org data, Contextual Related Posts 4.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Contextual Related Posts compatible with PHP 7.4+?

Contextual Related Posts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Contextual Related Posts updated?

Contextual Related Posts was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Contextual Related Posts's security score?

Contextual Related Posts has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contextual Related Posts Security & Risk Analysis

wordpress.org/plugins/contextual-related-posts

Keep visitors on your site longer with intelligent, fast-loading, contextually related posts. Block, shortcode, custom post type and widget ready.

60K active installs v4.2.2 PHP 7.4+ WP 6.6+ Updated Mar 13, 2026

contextual-related-postsrelatedrelated-postsseosimilar-posts

A · Safe

CVEs total7

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is Contextual Related Posts Safe to Use in 2026?

Generally Safe

Score 89/100

Contextual Related Posts has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: May 7, 2025Updated 21d ago

Risk Assessment

The plugin exhibits several positive security practices, including a high percentage of prepared SQL statements and properly escaped output, which are crucial for preventing common web vulnerabilities. The static analysis also shows a minimal attack surface with no unprotected entry points identified in the analyzed components. The absence of critical or high-severity taint analysis findings further suggests that core code flows are likely well-sanitized.

However, the plugin's vulnerability history is a significant concern. With 7 known CVEs, including a past critical and a high-severity vulnerability, and a recent critical vulnerability discovered on May 7, 2025, there's a clear pattern of exploitable weaknesses. The common types of vulnerabilities (XSS, missing authorization, CSRF, SQL injection) indicate a recurring struggle with secure input handling and access control. The presence of a bundled library (Freemius v1.0) also warrants attention, as outdated bundled components can introduce indirect vulnerabilities.

Overall, while the current version's static analysis reveals good fundamental security practices, the historical prevalence of significant vulnerabilities, particularly recent ones, indicates a need for ongoing vigilance and thorough security reviews. Users should prioritize keeping the plugin updated to the latest patched version to mitigate past risks.

Key Concerns

History of 7 known CVEs
Recent critical CVE on 2025-05-07
Bundled outdated library (Freemius v1.0)

Vulnerabilities

Contextual Related Posts Security Vulnerabilities

CVEs by Year

2 CVEs in 2014

2014

1 CVE in 2020

2020

3 CVEs in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

7 total CVEs

CVE-2025-47506medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contextual Related Posts <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025 Patched in 4.0.3 (7d)

WF-37b5fcfd-654b-4151-9494-551799464c7c-contextual-related-postsmedium · 4.3Missing Authorization

Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache

Feb 20, 2023 Patched in 3.3.2 (337d)

WF-ca8f4f6b-756b-4511-9e48-e41a872a9dad-contextual-related-postsmedium · 4.3Cross-Site Request Forgery (CSRF)

Contextual Related Posts <= 3.3.1 - Cross-Site Request Forgery in crpClearCache

Feb 20, 2023 Patched in 3.3.2 (337d)

CVE-2023-0252medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

Jan 5, 2023 Patched in 3.3.1 (383d)

WF-d93006ac-037f-4291-b945-afa38358a037-contextual-related-postsmedium · 4.3Cross-Site Request Forgery (CSRF)

Contextual Related Posts <= 2.9.3 - Cross-Site Request Forgery

Nov 19, 2020 Patched in 2.9.4 (1160d)

CVE-2013-2710high · 8.8Cross-Site Request Forgery (CSRF)

Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting

Aug 1, 2014 Patched in 1.8.7 (3462d)

CVE-2014-3937critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Contextual Related Posts < 1.8.10.2 - SQL Injection

Mar 6, 2014 Patched in 1.8.10.2 (3610d)

Code Analysis

Analyzed Mar 16, 2026

Contextual Related Posts Code Analysis

Dangerous Functions

Raw SQL Queries

44 prepared

Unescaped Output

456 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

88% prepared50 total queries

Output Escaping

94% escaped487 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

taxonomy_search_tom_select (includes\admin\class-settings.php:1838)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Contextual Related Posts Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[crp] includes\frontend\class-shortcodes.php:27

WordPress Hooks 41

actionactivated_plugincontextual-related-posts.php:147

actionadmin_noticescontextual-related-posts.php:152

actionplugins_loadedcontextual-related-posts.php:202

actionwp_initialize_siteincludes\admin\class-activator.php:27

actioninitincludes\admin\class-activator.php:28

actionnetwork_admin_menuincludes\admin\network\class-admin.php:59

actionadmin_enqueue_scriptsincludes\admin\network\class-admin.php:60

actionnetwork_admin_menuincludes\admin\network\class-tools-page.php:37

actionadmin_enqueue_scriptsincludes\admin\network\class-tools-page.php:38

actionadmin_enqueue_scriptsincludes\admin\settings\class-metabox-api.php:98

actionadd_meta_boxesincludes\admin\settings\class-metabox-api.php:99

actionadmin_menuincludes\admin\settings\class-settings-api.php:178

actionadmin_initincludes\admin\settings\class-settings-api.php:179

filteradmin_footer_textincludes\admin\settings\class-settings-api.php:180

actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-api.php:181

filteradmin_body_classincludes\admin\settings\class-settings-api.php:182

actionadmin_menuincludes\admin\settings\class-settings-wizard-api.php:180

actionadmin_initincludes\admin\settings\class-settings-wizard-api.php:181

actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-wizard-api.php:182

actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-wizard-api.php:242

filterpre_get_postsincludes\class-crp-core-query.php:166

filterposts_fieldsincludes\class-crp-core-query.php:167

filterposts_joinincludes\class-crp-core-query.php:168

filterposts_whereincludes\class-crp-core-query.php:169

filterposts_orderbyincludes\class-crp-core-query.php:170

filterposts_groupbyincludes\class-crp-core-query.php:171

filterposts_requestincludes\class-crp-core-query.php:172

filterposts_pre_queryincludes\class-crp-core-query.php:173

filterthe_postsincludes\class-crp-core-query.php:174

filterpre_get_postsincludes\class-crp-query.php:55

filterposts_fieldsincludes\class-crp-query.php:56

filterposts_joinincludes\class-crp-query.php:57

filterposts_whereincludes\class-crp-query.php:58

filterposts_orderbyincludes\class-crp-query.php:59

filterposts_groupbyincludes\class-crp-query.php:60

filterposts_requestincludes\class-crp-query.php:61

filterposts_pre_queryincludes\class-crp-query.php:62

filterthe_postsincludes\class-crp-query.php:63

actioninitincludes\class-main.php:127

filterplugin_iconload-freemius.php:49

filterafter_uninstallload-freemius.php:50

Maintenance & Trust

Contextual Related Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4

Downloads2.6M

Community Trust

Rating96/100

Number of ratings199

Active installs60K

Alternatives

Contextual Related Posts Alternatives

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K 8 CVEs

Awesome Related Posts – Display Contextual Similar Posts

awesome-related-posts

100

Displays related posts based on categories, tags, and custom taxonomies with customizable layouts.

0 No CVEs

SPAI – Similar posts AI Plugin

similar-posts-ai-spai

100

Creates an AI-based recommended articles widget. The fastest plugin, since all calculations take place on the developer's servers.

10 No CVEs

Super Related Posts – Lightweight, High Performance Algorithm & Increase Traffic!

super-related-posts

100

Related Posts Plugin to improve Traffic & Bounce-Rate with Superior Algorithm. ZERO Server Load & Highly Configurable Related Post Plugin.

10 No CVEs

Developer Profile

Contextual Related Posts Developer Profile

Ajay

31 plugins · 89K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

825 days

View full developer profile

Detection Fingerprints

How We Detect Contextual Related Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contextual-related-posts/css/crp-admin.css/wp-content/plugins/contextual-related-posts/js/crp-admin.js/wp-content/plugins/contextual-related-posts/js/crp-shortcode-button.js/wp-content/plugins/contextual-related-posts/js/crp-widget.js/wp-content/plugins/contextual-related-posts/css/crp-display.css/wp-content/plugins/contextual-related-posts/js/crp-frontend.js/wp-content/plugins/contextual-related-posts/default.png

Script Paths

/wp-content/plugins/contextual-related-posts/js/crp-admin.js/wp-content/plugins/contextual-related-posts/js/crp-shortcode-button.js/wp-content/plugins/contextual-related-posts/js/crp-widget.js/wp-content/plugins/contextual-related-posts/js/crp-frontend.js

Version Parameters

contextual-related-posts/css/crp-admin.css?ver=contextual-related-posts/js/crp-admin.js?ver=contextual-related-posts/js/crp-shortcode-button.js?ver=contextual-related-posts/js/crp-widget.js?ver=contextual-related-posts/css/crp-display.css?ver=contextual-related-posts/js/crp-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

crp-widgetcrp-displaycrp_related_posts

HTML Comments

Data Attributes

data-crp-slugdata-crp-postiddata-crp-related-post-id

JS Globals

crp_settingscrp_ajax_url

Shortcode Output

[crp]

FAQ