Does de:feed (Beta) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is de:feed (Beta) compatible with WordPress 4.3.34?

According to WordPress.org data, de:feed (Beta) 0.1.1 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is de:feed (Beta) updated?

de:feed (Beta) was last updated on Sep 16, 2015. Frequent updates are generally a positive security signal.

What is de:feed (Beta)'s security score?

de:feed (Beta) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

de:feed (Beta) Security & Risk Analysis

wordpress.org/plugins/defeed

Create custom RSS feeds that will fit your requirements.

10 active installs v0.1.1 PHP + WP 4.0+ Updated Sep 16, 2015

feedrssweb-syndicationxml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is de:feed (Beta) Safe to Use in 2026?

Generally Safe

Score 85/100

de:feed (Beta) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The 'defeed' plugin v0.1.1 demonstrates a generally good security posture based on the provided static analysis. The absence of raw SQL queries, file operations, and external HTTP requests is a positive sign. Importantly, all identified entry points (AJAX handlers) are protected by nonce and capability checks, which is a critical security practice for handling user input and preventing unauthorized actions. The plugin also shows a commitment to input validation with capability checks on two distinct points.

However, a significant concern arises from the output escaping, where only 10% of the 21 outputs are properly escaped. This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data that is not properly sanitized before being displayed to other users can be exploited to inject malicious scripts. The lack of any recorded vulnerabilities in its history is positive, but it does not negate the immediate risks identified in the current codebase. The plugin's small attack surface is a strength, but the low percentage of properly escaped output presents a clear weakness that needs immediate attention to mitigate XSS risks.

Key Concerns

Low percentage of properly escaped output (10%)

Vulnerabilities

None known

de:feed (Beta) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

de:feed (Beta) Release Timeline

v0.1.1Current

v0.1.0

Code Analysis

Analyzed Mar 17, 2026

de:feed (Beta) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

10% escaped21 total outputs

Attack Surface

de:feed (Beta) Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_add_feed_itemcore\ui\class-main.php:42

WordPress Hooks 9

actioninitcore\class-entities.php:13

actioninitcore\class-entities.php:14

actiontemplate_redirectcore\class-feed-generator.php:18

actionwp_loadedcore\class-feed-generator.php:19

actionadmin_menucore\ui\class-main.php:40

filterplugin_action_linkscore\ui\class-main.php:41

actionadmin_initcore\utils\class-compatibility.php:29

actionadmin_noticescore\utils\class-compatibility.php:66

actionplugins_loadeddefeed.php:29

Maintenance & Trust

de:feed (Beta) Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 16, 2015

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

de:feed (Beta) Alternatives

WPeMatico RSS Feed Fetcher

wpematico

WPeMatico is autoblogging in the blink of an eye! On complete autopilot, WPeMatico delivers fresh content to your site regularly!

10K 6 CVEs

Import XML and RSS Feeds

import-xml-feed

Import content from any XML or RSS file or URL. Very useful for importing content from Wix websites.

2K 4 CVEs

JP's Get RSS Feed

jps-get-rss-feed

Get last X number of posts from a selected RSS feed. Default is last 5 items. Includes shortcode for listing feed items on posts or pages.

200 No CVEs

Whitespace Fixer for XML Sitemap

whitespace-fixer-for-xml-sitemap

100

Fixes XML declaration errors in sitemaps and RSS by removing leading whitespace. Just activate, no setup required.

200 No CVEs

Force text/xml as MIME-type in the feed

force-textxml-as-mime-type-in-the-feed

Forces 'text/xml' as content-type for your blog's feed

10 No CVEs

Developer Profile

de:feed (Beta) Developer Profile

deco.agency

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect de:feed (Beta)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/defeed/libs/core-nav-menus/assets/style.css

HTML / DOM Fingerprints

FAQ