Does LJ-XP-SW have any unpatched vulnerabilities?

No. All known vulnerabilities in LJ-XP-SW have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LJ-XP-SW compatible with WordPress 2.9.2?

According to WordPress.org data, LJ-XP-SW 1.2 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is LJ-XP-SW updated?

LJ-XP-SW was last updated on Mar 18, 2010. Frequent updates are generally a positive security signal.

What is LJ-XP-SW's security score?

LJ-XP-SW has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LJ-XP-SW Security & Risk Analysis

wordpress.org/plugins/crossposting-in-safe-way

LJ-XP-SW a plugin, that has the ability to crosspost a blog text to your LiveJournal (or LiveJournal-based clone) account in safe way.

10 active installs v1.2 PHP + WP 2.5.0+ Updated Mar 18, 2010

commentscrosspostcrossposterlivejournalposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LJ-XP-SW Safe to Use in 2026?

Generally Safe

Score 85/100

LJ-XP-SW has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The 'crossposting-in-safe-way' plugin v1.2 exhibits a mixed security posture. While it appears to have a very limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, this could also be interpreted as a lack of functionality exposed to user interaction, which is a positive sign. However, the code analysis reveals significant concerns. The presence of the dangerous `create_function` is a notable risk, as it can lead to code injection vulnerabilities if user-supplied input is passed to it without proper sanitization. Furthermore, a substantial percentage of SQL queries are not using prepared statements, which exposes the plugin to SQL injection risks. The complete lack of output escaping for all identified outputs is a critical security flaw, making the plugin highly susceptible to Cross-Site Scripting (XSS) attacks. The absence of nonce and capability checks on any potential entry points further exacerbates these risks, as there are no built-in mechanisms to verify user authorization or prevent CSRF attacks. The plugin's vulnerability history is clean, with no recorded CVEs, which might suggest a lack of targeted attacks or previous diligent patching. However, this clean history should not overshadow the significant security weaknesses identified in the static analysis, particularly the unescaped output and the insecure SQL practices.

Key Concerns

Dangerous function used (create_function)
SQL queries without prepared statements
Output escaping not used
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

LJ-XP-SW Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

LJ-XP-SW Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$modify = create_function('$f, $n, $obj', 'global $$f; $p = &$$f; unset($p[$n]); $p[$obj->term_id] =lj-xp-sw.php:524

SQL Query Safety

57% prepared7 total queries

Output Escaping

0% escaped6 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ljxp_display_options (lj-xp-sw.php:60)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

LJ-XP-SW Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_menulj-xp-sw.php:861

actionpublish_postlj-xp-sw.php:863

actionpublish_future_postlj-xp-sw.php:864

actionedit_postlj-xp-sw.php:865

actiondelete_postlj-xp-sw.php:866

actiondbx_post_sidebarlj-xp-sw.php:867

actionpublish_postlj-xp-sw.php:868

actionsave_postlj-xp-sw.php:869

actionedit_postlj-xp-sw.php:870

Maintenance & Trust

LJ-XP-SW Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedMar 18, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

LJ-XP-SW Alternatives

LJ user ex

lj-user-ex

Replaces <lj user="username"/> and <lj comm="community"/> with correct HTML code.

10 No CVEs

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

No External Links

mihdan-no-external-links

Convert external links into internal links, site wide or post/page specific. Add NoFollow, Click logging, and more...

6K 2 CVEs

news ticker benaceur

news-ticker-benaceur

100

This plugin allow you to display the latest posts or latest comments in a bar with twenty seven beautiful animations and effects...

1K No CVEs

Disable Feeds and Comments

disable-rss-feeds-and-comments

This WordPress plugin, "Disable RSS Feeds and Comments," gives you the ability to turn off both the RSS feeds and comments on pages and/or p …

400 No CVEs

Developer Profile

LJ-XP-SW Developer Profile

GrayHunter

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LJ-XP-SW

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/crossposting-in-safe-way/ljxp_admin.js

HTML / DOM Fingerprints

HTML Comments

<!-- Warning. This is rather UNSAFE code. The only reason for it to remain unchanged so far is that it is inside a protected area. -- FreeAtNet -->

Data Attributes

name="host"name="username"name="password"name="community"name="custom_name_on"name="custom_name"+18 more

JS Globals

var ljxp_admin_js_url

FAQ