Does Edit Flow have any unpatched vulnerabilities?

No. All known vulnerabilities in Edit Flow have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Edit Flow compatible with WordPress 6.9.4?

According to WordPress.org data, Edit Flow 0.10.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Edit Flow compatible with PHP 7.4+?

Edit Flow requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Edit Flow updated?

Edit Flow was last updated on Jan 12, 2026. Frequent updates are generally a positive security signal.

What is Edit Flow's security score?

Edit Flow has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Edit Flow Security & Risk Analysis

wordpress.org/plugins/edit-flow

Redefining your editorial workflow.

5K active installs v0.10.3 PHP 7.4+ WP 6.4+ Updated Jan 12, 2026

custom-statuseditorialeditorial-calendarnewsroomworkflow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Edit Flow Safe to Use in 2026?

Generally Safe

Score 100/100

Edit Flow has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The edit-flow plugin v0.10.3 demonstrates a generally good security posture with a strong emphasis on secure coding practices. The plugin exhibits a high percentage of properly escaped outputs and a significant use of prepared statements for SQL queries. The absence of dangerous functions, file operations, and a history of known vulnerabilities further reinforces this positive assessment. The plugin also includes a substantial number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms.

However, the analysis does reveal two critical security concerns. The presence of two AJAX handlers without authentication checks presents a significant attack vector. While the taint analysis did not flag critical or high-severity issues, the 14 flows with unsanitized paths warrant attention, especially in conjunction with the unprotected AJAX handlers. The vulnerability history being clean is a strong positive, suggesting proactive security measures or a lack of past exploitation, but it does not negate the immediate risks identified in the current static analysis.

In conclusion, edit-flow v0.10.3 is a plugin with a solid foundation of secure coding. The lack of historical vulnerabilities is commendable. The primary area for improvement and immediate concern lies in securing the identified AJAX handlers. Addressing these unprotected entry points is crucial to mitigating potential risks and maintaining the plugin's strong security reputation.

Key Concerns

AJAX handlers without authentication checks
Flows with unsanitized paths

Vulnerabilities

None known

Edit Flow Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Edit Flow Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

699 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

83% prepared6 total queries

Output Escaping

95% escaped739 total outputs

Data Flows

14 unsanitized

Data Flow Analysis

19 flows14 with unsanitized paths

handle_ics_subscription (modules\calendar\calendar.php:487)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Edit Flow Attack Surface

Entry Points14

Unprotected2

AJAX Handlers 14

authwp_ajax_ef_calendar_ics_subscriptionmodules\calendar\calendar.php:154

noprivwp_ajax_ef_calendar_ics_subscriptionmodules\calendar\calendar.php:155

authwp_ajax_ef_calendar_drag_and_dropmodules\calendar\calendar.php:176

authwp_ajax_ef_insert_postmodules\calendar\calendar.php:179

authwp_ajax_ef_calendar_update_metadatamodules\calendar\calendar.php:182

authwp_ajax_update_status_positionsmodules\custom-status\custom-status.php:131

authwp_ajax_inline_save_statusmodules\custom-status\custom-status.php:132

authwp_ajax_editflow_ajax_insert_commentmodules\editorial-comments\editorial-comments.php:63

authwp_ajax_inline_save_termmodules\editorial-metadata\editorial-metadata.php:119

authwp_ajax_update_term_positionsmodules\editorial-metadata\editorial-metadata.php:120

authwp_ajax_save_notificationsmodules\notifications\notifications.php:131

authwp_ajax_ef_notifications_user_post_subscriptionmodules\notifications\notifications.php:132

authwp_ajax_change_edit_flow_module_statemodules\settings\settings.php:56

authwp_ajax_inline_save_usergroupmodules\user-groups\user-groups.php:116

WordPress Hooks 119

filterscreen_settingscommon\php\screen-options.php:30

actionadmin_print_scriptscommon\php\screen-options.php:31

actionadmin_noticesedit_flow.php:32

actioninitedit_flow.php:194

actioninitedit_flow.php:195

actionadmin_initedit_flow.php:197

actionplugins_loadededit_flow.php:460

actionadmin_initmodules\calendar\calendar.php:167

actionadmin_initmodules\calendar\calendar.php:168

actionadmin_initmodules\calendar\calendar.php:170

actionadmin_menumodules\calendar\calendar.php:171

actionadmin_print_stylesmodules\calendar\calendar.php:172

actionadmin_enqueue_scriptsmodules\calendar\calendar.php:173

actionadmin_initmodules\calendar\calendar.php:185

actionpre_post_updatemodules\calendar\calendar.php:188

actionpost_updatedmodules\calendar\calendar.php:189

actionadmin_initmodules\custom-status\custom-status.php:106

actionadmin_enqueue_scriptsmodules\custom-status\custom-status.php:110

actionenqueue_block_editor_assetsmodules\custom-status\custom-status.php:113

actionenqueue_block_editor_assetsmodules\custom-status\custom-status.php:116

actionadmin_noticesmodules\custom-status\custom-status.php:119

actionadmin_print_scriptsmodules\custom-status\custom-status.php:120

filterdisplay_post_statesmodules\custom-status\custom-status.php:123

actionadmin_initmodules\custom-status\custom-status.php:126

actionadmin_initmodules\custom-status\custom-status.php:127

actionadmin_initmodules\custom-status\custom-status.php:128

actionadmin_initmodules\custom-status\custom-status.php:129

actionadmin_initmodules\custom-status\custom-status.php:130

actionadmin_initmodules\custom-status\custom-status.php:135

filterwp_insert_post_datamodules\custom-status\custom-status.php:136

filterwp_insert_post_datamodules\custom-status\custom-status.php:137

filterwp_insert_post_datamodules\custom-status\custom-status.php:138

filterpre_wp_unique_post_slugmodules\custom-status\custom-status.php:139

filterpreview_post_linkmodules\custom-status\custom-status.php:140

filterpost_linkmodules\custom-status\custom-status.php:141

filterpage_linkmodules\custom-status\custom-status.php:142

filterpost_type_linkmodules\custom-status\custom-status.php:143

filterpreview_post_linkmodules\custom-status\custom-status.php:144

filterget_sample_permalinkmodules\custom-status\custom-status.php:145

filterget_sample_permalink_htmlmodules\custom-status\custom-status.php:146

filterpost_row_actionsmodules\custom-status\custom-status.php:147

filterpage_row_actionsmodules\custom-status\custom-status.php:148

filterwp_link_pages_linkmodules\custom-status\custom-status.php:151

filterpre_post_datemodules\custom-status\custom-status.php:1509

filterpre_post_date_gmtmodules\custom-status\custom-status.php:1510

filterget_sample_permalinkmodules\custom-status\custom-status.php:1856

filterget_sample_permalink_htmlmodules\custom-status\custom-status.php:1893

actionwp_dashboard_setupmodules\dashboard\dashboard.php:70

actionadmin_initmodules\dashboard\dashboard.php:73

actionadmin_initmodules\dashboard\widgets\dashboard-notepad.php:44

actionadd_meta_boxesmodules\editorial-comments\editorial-comments.php:60

actionadmin_initmodules\editorial-comments\editorial-comments.php:61

actionadmin_enqueue_scriptsmodules\editorial-comments\editorial-comments.php:62

actionadmin_initmodules\editorial-metadata\editorial-metadata.php:109

actionadmin_initmodules\editorial-metadata\editorial-metadata.php:112

actionadmin_initmodules\editorial-metadata\editorial-metadata.php:115

actionadmin_initmodules\editorial-metadata\editorial-metadata.php:116

actionadmin_initmodules\editorial-metadata\editorial-metadata.php:117

actionadmin_initmodules\editorial-metadata\editorial-metadata.php:118

actionadd_meta_boxesmodules\editorial-metadata\editorial-metadata.php:122

actionsave_postmodules\editorial-metadata\editorial-metadata.php:123

filteref_calendar_item_information_fieldsmodules\editorial-metadata\editorial-metadata.php:134

filteref_story_budget_term_columnsmodules\editorial-metadata\editorial-metadata.php:139

filteref_story_budget_term_column_valuemodules\editorial-metadata\editorial-metadata.php:141

actionadmin_enqueue_scriptsmodules\editorial-metadata\editorial-metadata.php:145

actionparse_querymodules\editorial-metadata\editorial-metadata.php:219

actionadd_meta_boxesmodules\notifications\notifications.php:98

actionef_user_subscribe_actionsmodules\notifications\notifications.php:101

actiontransition_post_statusmodules\notifications\notifications.php:106

actiontransition_post_statusmodules\notifications\notifications.php:107

actionef_post_insert_editorial_commentmodules\notifications\notifications.php:108

actiondelete_usermodules\notifications\notifications.php:109

actionef_send_scheduled_emailmodules\notifications\notifications.php:110

actionadmin_initmodules\notifications\notifications.php:112

actionadmin_enqueue_scriptsmodules\notifications\notifications.php:115

actionadmin_enqueue_scriptsmodules\notifications\notifications.php:116

actionadmin_headmodules\notifications\notifications.php:121

filterpost_row_actionsmodules\notifications\notifications.php:123

filterpage_row_actionsmodules\notifications\notifications.php:124

filteref_calendar_item_actionsmodules\notifications\notifications.php:126

filteref_story_budget_item_actionsmodules\notifications\notifications.php:127

filteref_notification_auto_subscribe_current_usermodules\notifications\notifications.php:498

actionadmin_initmodules\settings\settings.php:49

actionadmin_print_stylesmodules\settings\settings.php:51

actionadmin_print_scriptsmodules\settings\settings.php:52

actionadmin_enqueue_scriptsmodules\settings\settings.php:53

actionadmin_menumodules\settings\settings.php:54

actionadmin_initmodules\story-budget\story-budget.php:137

actionadmin_initmodules\story-budget\story-budget.php:138

actionadmin_initmodules\story-budget\story-budget.php:139

actionadmin_initmodules\story-budget\story-budget.php:142

actionadmin_menumodules\story-budget\story-budget.php:144

actionadmin_enqueue_scriptsmodules\story-budget\story-budget.php:146

actionadmin_enqueue_scriptsmodules\story-budget\story-budget.php:147

actionadmin_initmodules\user-groups\user-groups.php:110

actionadmin_initmodules\user-groups\user-groups.php:113

actionadmin_initmodules\user-groups\user-groups.php:114

actionadmin_initmodules\user-groups\user-groups.php:115

actionshow_user_profilemodules\user-groups\user-groups.php:119

actionedit_user_profilemodules\user-groups\user-groups.php:120

actionuser_profile_update_errorsmodules\user-groups\user-groups.php:121

actionadmin_enqueue_scriptsmodules\user-groups\user-groups.php:124

actionadmin_enqueue_scriptsmodules\user-groups\user-groups.php:125

actionafter_setup_themevipgo-helper.php:12

filteref_kill_add_caps_to_rolevipgo-helper.php:18

filteref_view_calendar_capvipgo-helper.php:19

filteref_view_story_budget_capvipgo-helper.php:22

filteref_edit_post_subscriptions_capvipgo-helper.php:25

filteref_manage_usergroups_capvipgo-helper.php:28

actionafter_setup_themevipgo-helper.php:32

actionafter_setup_themewpcom-helper.php:12

filteref_kill_add_caps_to_rolewpcom-helper.php:18

filteref_view_calendar_capwpcom-helper.php:19

filteref_view_story_budget_capwpcom-helper.php:22

filteref_edit_post_subscriptions_capwpcom-helper.php:25

filteref_manage_usergroups_capwpcom-helper.php:28

actionafter_setup_themewpcom-helper.php:32

filterredirect_canonicalwpcom-helper.php:49

filteref_fix_post_name_postwpcom-helper.php:71

Scheduled Events 1

ef_send_scheduled_email

Maintenance & Trust

Edit Flow Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 12, 2026

PHP min version7.4

Downloads476K

Community Trust

Rating84/100

Number of ratings50

Active installs5K

Alternatives

Edit Flow Alternatives

Newsroom AI Assistant – Editorial Task Manager & Prompts

newsroom-ai-assistant

100

The ultimate control center for newsrooms. Assign editorial tasks, track European Google Trends, and generate AI Prompts for your journalists.

0 No CVEs

TMX Quote Request Manager

tmx-quote-request-manager

100

The trusted standard in media verification - now built into your CMS, securing every written quote you publish.

0 No CVEs

Editorial Calendar

editorial-calendar

0ddcemmihs4a843ekhaoofzosrunf4bl Editorial Calendar allows you to view all your posts, schedule post, make quick edits, and manage your blog by draggi …

20K 4 CVEs

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner

publishpress

100

PublishPress Planner has all the tools you need to plan WordPress content including a Content Calendar, Content Overview, and Kanban Board.

6K 1 CVE

Nelio Content – Editorial Calendar & Social Media Auto-Posting

nelio-content

Editorial calendar and social media auto-posting for WordPress. Plan content, schedule shares, and grow reach with powerful automations.

5K 3 CVEs

Developer Profile

Edit Flow Developer Profile

Automattic

213 plugins · 19.2M total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1384 days

View full developer profile

Detection Fingerprints

How We Detect Edit Flow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/edit-flow/modules/post-status-dropdown/css/post-status-dropdown.css/wp-content/plugins/edit-flow/modules/notifications/css/notifications.css/wp-content/plugins/edit-flow/modules/post-list-columns/css/post-list-columns.css/wp-content/plugins/edit-flow/modules/revision-control/css/revision-control.css/wp-content/plugins/edit-flow/modules/story-budget/css/story-budget.css/wp-content/plugins/edit-flow/modules/content-by-user/css/content-by-user.css/wp-content/plugins/edit-flow/modules/duplicate-post/css/duplicate-post.css/wp-content/plugins/edit-flow/modules/editor-flow/css/editor-flow.css+22 more

Script Paths

/wp-content/plugins/edit-flow/common/js/admin.js/wp-content/plugins/edit-flow/common/js/calendar.js/wp-content/plugins/edit-flow/common/js/tinymce.js/wp-content/plugins/edit-flow/common/js/utils.js/wp-content/plugins/edit-flow/modules/post-status-dropdown/js/post-status-dropdown.js/wp-content/plugins/edit-flow/modules/notifications/js/notifications.js+11 more

Version Parameters

edit-flow/css/edit-flow.css?ver=edit-flow/modules/post-status-dropdown/css/post-status-dropdown.css?ver=edit-flow/modules/notifications/css/notifications.css?ver=edit-flow/modules/post-list-columns/css/post-list-columns.css?ver=edit-flow/modules/revision-control/css/revision-control.css?ver=edit-flow/modules/story-budget/css/story-budget.css?ver=edit-flow/modules/content-by-user/css/content-by-user.css?ver=edit-flow/modules/duplicate-post/css/duplicate-post.css?ver=edit-flow/modules/editor-flow/css/editor-flow.css?ver=edit-flow/modules/images/css/images.css?ver=edit-flow/modules/story-workflow/css/story-workflow.css?ver=edit-flow/modules/custom-user-photo/css/custom-user-photo.css?ver=edit-flow/modules/wysiwyg-toolbar/css/wysiwyg-toolbar.css?ver=edit-flow/modules/custom-fields/css/custom-fields.css?ver=edit-flow/common/js/admin.js?ver=edit-flow/common/js/calendar.js?ver=edit-flow/common/js/tinymce.js?ver=edit-flow/common/js/utils.js?ver=edit-flow/modules/post-status-dropdown/js/post-status-dropdown.js?ver=edit-flow/modules/notifications/js/notifications.js?ver=edit-flow/modules/post-list-columns/js/post-list-columns.js?ver=edit-flow/modules/revision-control/js/revision-control.js?ver=edit-flow/modules/story-budget/js/story-budget.js?ver=edit-flow/modules/content-by-user/js/content-by-user.js?ver=edit-flow/modules/duplicate-post/js/duplicate-post.js?ver=edit-flow/modules/editor-flow/js/editor-flow.js?ver=edit-flow/modules/images/js/images.js?ver=edit-flow/modules/story-workflow/js/story-workflow.js?ver=edit-flow/modules/custom-user-photo/js/custom-user-photo.js?ver=edit-flow/modules/wysiwyg-toolbar/js/wysiwyg-toolbar.js?ver=edit-flow/modules/custom-fields/js/custom-fields.js?ver=

HTML / DOM Fingerprints

CSS Classes

ef-post-status-dropdownef-notificationsef-post-list-columnsef-revision-controlef-story-budgetef-content-by-useref-duplicate-postef-editor-flow+111 more

HTML Comments

+77 more

Data Attributes

data-edit-flow-moduledata-edit-flow-module-slugdata-edit-flow-module-namedata-edit-flow-module-descriptiondata-edit-flow-module-settings-fielddata-edit-flow-module-settings-field-id+56 more

JS Globals

EditFloweditFlowefef_admin_paramsedit_flow

REST Endpoints

/wp-json/edit-flow/v1/settings/wp-json/edit-flow/v1/modules

FAQ