WP-Safety

EasyContent Security & Risk Analysis

wordpress.org/plugins/easycontent

Easily transfer your content between your website and your EasyContent account. As simple as it can be - just install our plugin and you are all set!

10 active installs v1.2.0 PHP 5.6+ WP 5.0.7+ Updated Nov 15, 2023
approvalcollaborationeasy-contenteasycontentworkflow
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EasyContent Safe to Use in 2026?

Generally Safe

Score 85/100

EasyContent has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "easycontent" v1.2.0 plugin exhibits a generally strong security posture based on the static analysis. The complete absence of direct attack surface points like AJAX handlers, REST API routes, shortcodes, and cron events, especially without authentication checks, is a significant strength. The plugin also demonstrates good practices by exclusively using prepared statements for all SQL queries and a high percentage of properly escaped output. The limited file operations and external HTTP requests are also positive indicators.

However, the taint analysis reveals two flows with unsanitized paths, one of which is flagged as high severity. This is a notable concern, as unsanitized paths can lead to directory traversal or other file system vulnerabilities if not handled carefully. The plugin also only has one nonce check, which is very low for a plugin of this nature, and crucially, it has zero capability checks. This indicates that actions within the plugin might not be properly authorized, potentially allowing unauthorized users to perform privileged actions if they can find a way to trigger those functions.

The vulnerability history shows no known CVEs, which is excellent and suggests a responsible development team or a lack of past exploitation. However, the zero capability checks combined with the taint analysis findings are red flags. While there are no *known* vulnerabilities, the lack of robust authorization and the presence of high-severity taint flows indicate a significant potential for undiscovered vulnerabilities. The plugin's strengths in SQL and output escaping are commendable, but the lack of authorization checks and the identified taint flows represent the most significant risks.

Key Concerns

  • High severity taint flow
  • Unsanitized paths in taint flows
  • Zero capability checks
  • Only one nonce check
  • Low output escaping percentage (88%)
Vulnerabilities
None known

EasyContent Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EasyContent Release Timeline

v1.2.0Current
v1.1.2
v1.1.1
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

EasyContent Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
60 prepared
Unescaped Output
40
306 escaped
Nonce Checks
1
Capability Checks
0
File Operations
4
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared60 total queries

Output Escaping

88% escaped346 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
search_box (app/WP_List_Table.php:349)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EasyContent Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
filtermanage_post_posts_columnsapp/ListTableManager.php:18
filtermanage_page_posts_columnsapp/ListTableManager.php:19
actionmanage_post_posts_custom_columnapp/ListTableManager.php:21
actionmanage_page_posts_custom_columnapp/ListTableManager.php:22
actionbulk_edit_custom_boxapp/ListTableManager.php:24
actionquick_edit_custom_boxapp/ListTableManager.php:25
actioninitapp/ListTableManager.php:27
actionadmin_noticesapp/ListTableManager.php:28
actionadd_meta_boxesapp/Metaboxes/MetaBoxesManager.php:19
actionadmin_noticesapp/Notices/AdminNoticesService.php:17
actionadmin_menuapp/Pages/PagesManager.php:16
actionplugins_loadedapp/Plugin.php:85
actioninitapp/Plugin.php:86
actionadmin_enqueue_scriptsapp/Plugin.php:88
actiondelete_postapp/Plugin.php:90
actionsave_postapp/Plugin.php:91
actioninitapp/Plugin.php:95
actionenqueue_block_editor_assetsapp/Plugin.php:110
filteris_protected_metaapp/Plugin.php:115
filterwp_insert_post_empty_contentapp/Plugin.php:122
actioninitapp/Plugin.php:224
actionrest_api_initapp/Rest/RestManager.php:30
actionadmin_footerapp/WP_List_Table.php:167
Maintenance & Trust

EasyContent Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedNov 15, 2023
PHP min version5.6
Downloads3K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

EasyContent Alternatives

Peter’s Post Notes

Peter’s Post Notes

peters-post-notes

A
85

Add notes to the "edit post" and "edit page" sidebars. Collaborators can also share notes on the WordPress dashboard.

3K No CVEs
Gravity Forms Approvals Add-On

Gravity Forms Approvals Add-On

gravityformsapprovals

A
85

Add simple approval workflow processes to your Gravity Forms.

800 No CVEs
Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab

commenting-feature

A
100

This plugin serves the commenting feature like Google Docs within the Gutenberg Editor!

300 No CVEs
Content Approval Workflow

Content Approval Workflow

content-approval-workflow

A
92

Enhance collaboration with this plugin. Easily assign reviewers, track status, and get timely notifications for a seamless content review process.

80 No CVEs
Approval Workflow

Approval Workflow

approval-workflow

A
85

Approval Workflow is meant to create a workflow process in WordPress. This plugin adds a box to the post edit screen when a user does not have publish …

40 No CVEs
Developer Profile

EasyContent Developer Profile

EasyContentLock

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EasyContent

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easycontent-wp/assets/css/gutenberg.css/wp-content/plugins/easycontent-wp/assets/css/plugin.css/wp-content/plugins/easycontent-wp/assets/css/vendor/jquery-ui/jquery-ui.min.css/wp-content/plugins/easycontent-wp/assets/js/admin.js/wp-content/plugins/easycontent-wp/assets/js/gutenberg/build/index.js
Script Paths
/wp-content/plugins/easycontent-wp/assets/js/admin.js/wp-content/plugins/easycontent-wp/assets/js/gutenberg/build/index.js
Version Parameters
easycontent-wp/assets/css/gutenberg.css?ver=easycontent-wp/assets/css/plugin.css?ver=easycontent-wp/assets/css/vendor/jquery-ui/jquery-ui.min.css?ver=easycontent-wp/assets/js/admin.js?ver=easycontent-wp/assets/js/gutenberg/build/index.js?ver=

HTML / DOM Fingerprints

JS Globals
EASYCONTENT_PLUGIN_VERSIONEASYCONTENT_TXTDOMAINEASYCONTENT_URLEASYCONTENT_ENDPOINTEASYCONTENT_DEBUGEASYCONTENT_ENTRY_FILE+1 more
REST Endpoints
/wp-json/easycontent/v1/categories/wp-json/easycontent/v1/tags/wp-json/easycontent/v1/posts/wp-json/easycontent/v1/stages/wp-json/easycontent/v1/posts/\d+/wp-json/easycontent/v1/posts/\d+/push/wp-json/easycontent/v1/posts/\d+/unlink/wp-json/easycontent/v1/posts/\d+/article/wp-json/easycontent/v1/articles/\d+/pull
FAQ

Frequently Asked Questions about EasyContent