Does Easy Custom Auto Excerpt have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Custom Auto Excerpt have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Custom Auto Excerpt compatible with WordPress 6.5.8?

According to WordPress.org data, Easy Custom Auto Excerpt 2.5.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Easy Custom Auto Excerpt updated?

Easy Custom Auto Excerpt was last updated on Apr 16, 2024. Frequent updates are generally a positive security signal.

What is Easy Custom Auto Excerpt's security score?

Easy Custom Auto Excerpt has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Custom Auto Excerpt Security & Risk Analysis

wordpress.org/plugins/easy-custom-auto-excerpt

Auto Excerpt for your posts on home, search and archive pages. Customize Read More button and thumbnail image. Easy to configure and have a lot of opt …

7K active installs v2.5.0 PHP + WP 3.5+ Updated Apr 16, 2024

archiveautomaticexcerpthomesearch

A · Safe

CVEs total2

Unpatched0

Last CVEApr 18, 2024

Plugin page Download

Safety Verdict

Is Easy Custom Auto Excerpt Safe to Use in 2026?

Generally Safe

Score 91/100

Easy Custom Auto Excerpt has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 18, 2024Updated 1yr ago

Risk Assessment

The "easy-custom-auto-excerpt" v2.5.0 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling, extensive output escaping, and a lack of unpatched CVEs, significant concerns remain. The presence of 13 instances of the "unserialize" function, a known vector for remote code execution if user-controlled data is involved, is a major red flag. Furthermore, the vulnerability history reveals a pattern of past issues, including medium severity vulnerabilities related to missing authorization and cross-site scripting. This suggests a potential for security weaknesses to be introduced in development. Although the current version shows no critical or high taint flows and a protected attack surface, the inherent risk associated with "unserialize" and past vulnerability trends necessitates caution.

Key Concerns

Dangerous function "unserialize" used
Bundled outdated library: Select2 v3.4.5
Past medium severity CVEs (Missing Authorization)
Past medium severity CVEs (XSS)

Vulnerabilities

Easy Custom Auto Excerpt Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-3312medium · 5.3Missing Authorization

Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure

Apr 18, 2024 Patched in 2.5.0 (15d)

CVE-2018-5311medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Custom Auto Excerpt < 2.4.7 - Stored Cross-Site Scripting

Nov 13, 2018 Patched in 2.4.7 (1897d)

Code Analysis

Analyzed Mar 16, 2026

Easy Custom Auto Excerpt Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

302 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$options['home_post_type'] = unserialize( $options['home_post_type'] );default.php:157

unserialize$options['home_category'] = unserialize( $options['home_category'] );default.php:162

unserialize$options['frontpage_post_type'] = unserialize( $options['frontpage_post_type'] );default.php:177

unserialize$options['frontpage_category'] = unserialize( $options['frontpage_category'] );default.php:182

unserialize$options['archive_post_type'] = unserialize( $options['archive_post_type'] );default.php:197

unserialize$options['archive_category'] = unserialize( $options['archive_category'] );default.php:202

unserialize$options['search_post_type'] = unserialize( $options['search_post_type'] );default.php:217

unserialize$options['search_category'] = unserialize( $options['search_category'] );default.php:222

unserialize$options['excerpt_in_page_advanced'] = unserialize( $options['excerpt_in_page_advanced'] );default.php:237

unserialize$options['advanced_page'] = unserialize( $options['advanced_page'] );default.php:242

unserialize$page_post_type = unserialize( $options['page_post_type'] );default.php:247

unserialize$page_category = unserialize( $options['page_category'] );default.php:261

unserialize$license = isset( $options['license_status'] ) ? unserialize( $options['license_status'] ) : false;options-license.php:11

Bundled Libraries

Select23.4.5

Output Escaping

94% escaped322 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ecae_preview_button (ajax.php:11)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Easy Custom Auto Excerpt Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_ecae_preview_buttonajax.php:9

Shortcodes 1

[ecae_button] easy-custom-auto-excerpt.php:101

WordPress Hooks 20

actionplugins_loadedeasy-custom-auto-excerpt.php:29

actionwp_headeasy-custom-auto-excerpt.php:43

filterget_the_excerpteasy-custom-auto-excerpt.php:54

filterthe_excerpteasy-custom-auto-excerpt.php:55

filterthe_content_more_linkeasy-custom-auto-excerpt.php:73

actionadmin_enqueue_scriptseasy-custom-auto-excerpt.php:135

actionwp_enqueue_scriptseasy-custom-auto-excerpt.php:174

actionloop_endeasy-custom-auto-excerpt.php:303

filterthe_contenteasy-custom-auto-excerpt.php:323

filterecae-thumbnail-modeeasy-custom-auto-excerpt.php:566

filterecae-thumbnail-modeeasy-custom-auto-excerpt.php:767

actionactivated_plugineasy-custom-auto-excerpt.php:1002

actionadmin_initoptions-page.php:8

actionadmin_menuoptions-page.php:9

actionthe_postthe-post.php:13

filterget_post_metadatathe-post.php:14

filterecae-postthe-post.php:18

actionadmin_enqueue_scriptstonjoo-notice.php:15

actionadmin_inittonjoo-notice.php:43

actionadmin_noticestonjoo-notice.php:115

Maintenance & Trust

Easy Custom Auto Excerpt Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 16, 2024

PHP min version

Downloads320K

Community Trust

Rating90/100

Number of ratings151

Active installs7K

Alternatives

Easy Custom Auto Excerpt Alternatives

WP-UTF8-Excerpt

wp-utf8-excerpt

This plugin generates a better excerpt for multi-byte language users (Chinese, for example). Besides, it keeps the html tags in the excerpt.

800 No CVEs

Sitekit

sitekit

Widgets: search, archives and categories. Shortcodes: archives, bloginfo, iframe and categories.

3K 1 unpatched

Exclude Category from Blog

wonderplugin-exclude-category

Exclude categories from WordPress blog page, home page and search

1K No CVEs

Stealth Publish

stealth-publish

Prevent specified posts from being featured on the front page or in feeds, and from notifying external services of publication.

900 No CVEs

Posts per Cat

posts-per-cat

Group recent posts by category and show them inside boxes organized to columns.

300 1 CVE

Developer Profile

Easy Custom Auto Excerpt Developer Profile

todiadiyatmo

4 plugins · 7K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

956 days

View full developer profile

Detection Fingerprints

How We Detect Easy Custom Auto Excerpt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-custom-auto-excerpt/assets/style-frontend.css/wp-content/plugins/easy-custom-auto-excerpt/assets/admin-script.js/wp-content/plugins/easy-custom-auto-excerpt/assets/admin-style.css/wp-content/plugins/easy-custom-auto-excerpt/assets/ace-min-noconflict-css-monokai/ace.js/wp-content/plugins/easy-custom-auto-excerpt/assets/select2/select2.js/wp-content/plugins/easy-custom-auto-excerpt/assets/select2/select2.css/wp-content/plugins/easy-custom-auto-excerpt/assets/jquery-cloneya.min.js

Script Paths

/wp-content/plugins/easy-custom-auto-excerpt/assets/ace-min-noconflict-css-monokai/ace.js/wp-content/plugins/easy-custom-auto-excerpt/assets/select2/select2.js/wp-content/plugins/easy-custom-auto-excerpt/assets/jquery-cloneya.min.js/wp-content/plugins/easy-custom-auto-excerpt/assets/admin-script.js

Version Parameters

easy-custom-auto-excerpt/assets/ace-min-noconflict-css-monokai/ace.js?ver=easy-custom-auto-excerpt/assets/select2/select2.js?ver=easy-custom-auto-excerpt/assets/jquery-cloneya.min.js?ver=easy-custom-auto-excerpt/assets/admin-script.js?ver=easy-custom-auto-excerpt/assets/style-frontend.css?ver=easy-custom-auto-excerpt/assets/admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

ecae-linkecae-button

Data Attributes

data-aligndata-linkdata-targetdata-view

JS Globals

ecae_dir_nameecae_button_dir_nameecae_premium_dir_nameecae_button_premium_dir_nameecae_premium_enable

Shortcode Output

<p class="ecae-button<a class="ecae-link" href=

FAQ

Easy Custom Auto Excerpt Security & Risk Analysis

Is Easy Custom Auto Excerpt Safe to Use in 2026?

Generally Safe

Key Concerns

Easy Custom Auto Excerpt Security Vulnerabilities

CVEs by Year

Severity Breakdown

Easy Custom Auto Excerpt Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Easy Custom Auto Excerpt Attack Surface

AJAX Handlers 1

Shortcodes 1

Easy Custom Auto Excerpt Maintenance & Trust

Maintenance Signals

Community Trust

Easy Custom Auto Excerpt Alternatives

WP-UTF8-Excerpt

Sitekit

Exclude Category from Blog

Stealth Publish

Posts per Cat

Easy Custom Auto Excerpt Developer Profile

How We Detect Easy Custom Auto Excerpt

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Easy Custom Auto Excerpt