Does Dynamic Post have any unpatched vulnerabilities?

Yes — Dynamic Post currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Dynamic Post compatible with WordPress 6.8.5?

According to WordPress.org data, Dynamic Post 5.02 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Dynamic Post updated?

Dynamic Post was last updated on Jul 31, 2025. Frequent updates are generally a positive security signal.

What is Dynamic Post's security score?

Dynamic Post has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dynamic Post Security & Risk Analysis

wordpress.org/plugins/dynamic-post

Dynamic Post will automatically publish free articles or syndicate articles to your blog once a month.

100 active installs v5.02 PHP + WP 3.0+ Updated Jul 31, 2025

accountant-business-articles-contentblog-financial-articles-contentcpa-blog-articles-contentfinancial-articles-for-my-blogtax-blog-articles-content

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 16, 2025

Plugin page Download

Safety Verdict

Is Dynamic Post Safe to Use in 2026?

Mostly Safe

Score 78/100

Dynamic Post is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 16, 2025Updated 8mo ago

Risk Assessment

The "dynamic-post" v5.02 plugin exhibits several significant security concerns, particularly regarding its attack surface and output escaping. While the plugin avoids dangerous functions and has limited external requests, a substantial portion of its AJAX handlers (5 out of 5) lack proper authentication checks. This creates a wide entry point for potential attackers to exploit. Furthermore, only 24% of output escapes are properly implemented, leaving the door open for cross-site scripting (XSS) vulnerabilities. The vulnerability history reveals a concerning pattern of missing authorization, with a currently unpatched medium severity vulnerability of this type, indicating a recurring issue that has not been fully addressed.

Despite strengths like a good percentage of prepared SQL statements and a single nonce check, the plugin's security posture is weakened by its exposed AJAX endpoints and insufficient output sanitization. The lack of taint analysis data doesn't provide a complete picture, but the static analysis clearly points to areas needing immediate attention. The presence of an unpatched CVE, specifically related to missing authorization, further elevates the risk. A balanced conclusion would highlight the potential for exploitation due to unprotected AJAX endpoints and poor output escaping, coupled with the ongoing risk from the unpatched vulnerability.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped output
Currently unpatched medium severity CVE
Large attack surface without auth checks

Vulnerabilities

Dynamic Post Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-39522medium · 4.3Missing Authorization

Dynamic Post <= 4.10 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Apr 16, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Dynamic Post Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

60% prepared10 total queries

Output Escaping

24% escaped51 total outputs

Attack Surface

5 unprotected

Dynamic Post Attack Surface

Entry Points7

Unprotected5

AJAX Handlers 5

noprivwp_ajax_api_callpost-types\post_type_dynamic_post.php:17

authwp_ajax_api_callpost-types\post_type_dynamic_post.php:18

noprivwp_ajax_check_api_typepost-types\post_type_dynamic_post.php:19

authwp_ajax_check_api_typepost-types\post_type_dynamic_post.php:20

authwp_ajax_dynaDeactivatefinalwp_plugin_dynamic_post.php:409

Shortcodes 2

[dynamic-post] settings.php:498

[dynamic-posts] settings.php:570

WordPress Hooks 22

actioninitpost-types\post_type_dynamic_post.php:16

filterget_attached_filepost-types\post_type_dynamic_post.php:522

filterwp_get_attachment_urlpost-types\post_type_dynamic_post.php:523

filterposts_wherepost-types\post_type_dynamic_post.php:524

filterwp_get_attachment_image_srcpost-types\post_type_dynamic_post.php:525

actionadmin_headpost-types\post_type_dynamic_post.php:721

actionwp_headpost-types\post_type_dynamic_post.php:722

filteradmin_post_thumbnail_htmlpost-types\post_type_dynamic_post.php:735

actionsave_postpost-types\post_type_dynamic_post.php:736

filterpost_thumbnail_htmlpost-types\post_type_dynamic_post.php:737

filterthe_contentpost-types\post_type_dynamic_post.php:844

actionwp_headpost-types\post_type_dynamic_post.php:849

filterwp_kses_allowed_htmlpost-types\post_type_dynamic_post.php:917

actioninitpost-types\post_type_dynamic_post.php:938

actionadmin_initsettings.php:13

actionadmin_menusettings.php:14

actionwp_enqueue_scriptswp_plugin_dynamic_post.php:250

actionwp_headwp_plugin_dynamic_post.php:252

filterget_canonical_urlwp_plugin_dynamic_post.php:270

actionwp_headwp_plugin_dynamic_post.php:285

actionwp_footerwp_plugin_dynamic_post.php:315

filterthe_contentwp_plugin_dynamic_post.php:341

Maintenance & Trust

Dynamic Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 31, 2025

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Dynamic Post Alternatives

No alternatives data available yet.

Developer Profile

Dynamic Post Developer Profile

Service2Client LLC

1 plugin · 100 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dynamic Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dynamic-post/assets/ajaxloader.gif

HTML / DOM Fingerprints

CSS Classes

dynaHeadClassmodal_bodyinput-rowdynaRadiotextareasubmit-row

Data Attributes

id="runDynamic_deact"id="dynaContent"id="dynaAjax"

JS Globals

PLUGIN_PATH_DP

FAQ