Does Deshi News Aggregator have any unpatched vulnerabilities?

No. All known vulnerabilities in Deshi News Aggregator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Deshi News Aggregator compatible with WordPress 5.2.24?

According to WordPress.org data, Deshi News Aggregator 1.0.3 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Deshi News Aggregator compatible with PHP 5.5+?

Deshi News Aggregator requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Deshi News Aggregator updated?

Deshi News Aggregator was last updated on Jun 16, 2019. Frequent updates are generally a positive security signal.

What is Deshi News Aggregator's security score?

Deshi News Aggregator has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Deshi News Aggregator Security & Risk Analysis

wordpress.org/plugins/deshi-news-aggregator

Display news from prominent Bangladeshi newspaper (Prothom-Alo) in your wordpress site's widget

0 active installs v1.0.3 PHP 5.5+ WP 4.0+ Updated Jun 16, 2019

aggregatorbangladeshinews

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Deshi News Aggregator Safe to Use in 2026?

Generally Safe

Score 85/100

Deshi News Aggregator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The Deshi News Aggregator plugin version 1.0.3 exhibits a mixed security posture. On the positive side, there are no reported vulnerabilities (CVEs) and no critical or high-severity taint flows identified. The plugin also avoids dangerous functions and file operations, which are common sources of security issues. However, the static analysis reveals significant areas of concern. Notably, the plugin executes two SQL queries that do not use prepared statements, posing a risk of SQL injection if user input is not meticulously sanitized before being passed to these queries. Furthermore, the output escaping is poor, with only 27% of outputs being properly escaped, creating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks, especially in conjunction with the cron event, is concerning as it might allow unauthorized actions or information disclosure. The external HTTP request also warrants investigation for potential supply chain or data leakage risks. While the lack of reported vulnerabilities is a good sign, it does not negate the identified code-level risks that could lead to future security incidents.

Key Concerns

Raw SQL queries without prepared statements
Low percentage of properly escaped output
Missing nonce checks
Missing capability checks
External HTTP request present

Vulnerabilities

None known

Deshi News Aggregator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Deshi News Aggregator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

27% escaped15 total outputs

Attack Surface

Deshi News Aggregator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menudeshi-news-aggregator.php:47

actionadmin_initdeshi-news-aggregator.php:52

actionget_prothom_alo_fresh_newssrc\Cron\GetNews.php:17

actionwpsrc\Cron\ScheduledTasks.php:11

filtercron_schedulessrc\Cron\ScheduledTasks.php:18

actionplugins_loadedsrc\DB\Prepare.php:12

actionwidgets_initsrc\Widgets\Config.php:11

Scheduled Events 1

get_prothom_alo_fresh_news

Maintenance & Trust

Deshi News Aggregator Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJun 16, 2019

PHP min version5.5

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Deshi News Aggregator Alternatives

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

wp-rss-aggregator

The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.

50K 13 CVEs

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

feedzy-rss-feeds

The most powerful WordPress RSS aggregator, helping you curate content, autoblog, import RSS & display unlimited RSS feeds within a few minutes.

40K 11 CVEs

RSS Feed Retriever

wp-rss-retriever

The fastest RSS feeds plugin for WordPress. Includes excerpt & thumbnail image. Use as a news aggregator, autoblog, or RSS parsing.

8K 2 CVEs

Content Pilot – Autoblogging & Affiliate Marketing Suite

wp-content-pilot

Automatically post contents, create news feeds, import and display unlimited RSS feeds from various sources in a few clicks!

1K 2 CVEs

Auto Robot – WP Autoblogging and RSS Feed News Aggregator

auto-robot

100

Auto blogging and generate WordPress posts automatically from OpenAI ChatGPT, RSS Feed, Instagram, Youtube, Facebook, Twitter, Vimeo, Flickr and etc.

100 No CVEs

Developer Profile

Deshi News Aggregator Developer Profile

Shaharia Azam

5 plugins · 470 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Deshi News Aggregator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/deshi-news-aggregator/statics/css/dna_widget_style.css

Version Parameters

deshi-news-aggregator/statics/css/dna_widget_style.css?ver=1.1

HTML / DOM Fingerprints

CSS Classes

na_widget_one_ulna_widget_one_headlinesna_widget_one_headlines_featured_imgna_widget_one_headlines_headline

Data Attributes

news_aggregator_widget_onedna_widget_style

FAQ