Does EFavourite Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in EFavourite Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EFavourite Posts compatible with WordPress 5.0.25?

According to WordPress.org data, EFavourite Posts 1.2 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is EFavourite Posts updated?

EFavourite Posts was last updated on Oct 1, 2019. Frequent updates are generally a positive security signal.

What is EFavourite Posts's security score?

EFavourite Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EFavourite Posts Security & Risk Analysis

wordpress.org/plugins/efavourite-posts

Do you want to allow your users to add Most Favorite Posts in WordPress Website?

30 active installs v1.2 PHP + WP 4.6+ Updated Oct 1, 2019

favouritefavourite-postsfavouritesposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is EFavourite Posts Safe to Use in 2026?

Generally Safe

Score 85/100

EFavourite Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "efavourite-posts" v1.2 plugin exhibits a generally strong security posture based on the static analysis. The absence of dangerous functions, file operations, and external HTTP requests is a positive indicator. Crucially, all detected SQL queries are properly prepared, and the presence of nonce and capability checks demonstrates an awareness of basic WordPress security principles. The plugin also boasts a small attack surface with no unprotected entry points identified.

However, the taint analysis reveals two flows with unsanitized paths. While these are not classified as critical or high severity, they represent potential vectors for attackers to inject malicious code or data. The output escaping, while at 76%, indicates that a portion of the output is not being properly sanitized, which could lead to Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign but doesn't guarantee future security.

Overall, "efavourite-posts" v1.2 is a relatively secure plugin, with its strengths lying in its prepared SQL statements and authentication checks. The primary areas for improvement and concern are the identified unsanitized paths in the taint analysis and the incomplete output escaping, which require attention to mitigate potential security risks.

Key Concerns

Unsanitized paths found in taint analysis
Output escaping is not 100%

Vulnerabilities

None known

EFavourite Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

EFavourite Posts Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

76% escaped131 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

efav_die_or_go (efavourite-posts.php:97)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EFavourite Posts Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[efav-favourite-posts] efavourite-posts.php:346

WordPress Hooks 9

actionwidgets_initefav-widgets.php:100

actionplugins_loadedefavourite-posts.php:30

actionwp_loadedefavourite-posts.php:46

filterthe_contentefavourite-posts.php:341

actionwp_print_scriptsefavourite-posts.php:352

actionwp_print_stylesefavourite-posts.php:357

actionactivate_efavourite-posts/efavourite-posts.phpefavourite-posts.php:384

actionadmin_menuefavourite-posts.php:391

actionadmin_enqueue_scriptsefavourite-posts.php:506

Maintenance & Trust

EFavourite Posts Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedOct 1, 2019

PHP min version

Downloads3K

Community Trust

Rating86/100

Number of ratings6

Active installs30

Alternatives

EFavourite Posts Alternatives

WP My Favourites

wp-my-favourites

Choose your favourite posts, pages, comments, media and reorder them to display anywhere on your website.

0 No CVEs

Heroic Favicon Generator

favhero-favicon-generator

Heroic Favicon Generator is your one-click favicon generator for WordPress.

7K No CVEs

Simple Woocommerce Favourites

simple-woocommerce-favourites

100

Manages a simple list of favourites for each user of their preferred products and displays it with a shortcode

100 No CVEs

WP Favorite Posts Extended

wp-favorite-posts-extended

wp-favorite-posts, reading list, post list, post lists, lists Requires at least: 3.5 Tested up to: 4.0 Stable tag: 0.1 Based on plugin "WP Favor …

20 No CVEs

Techvoot Favourites for WooCommerce

techvoot-favourites-for-woocommerce

100

Lets WooCommerce customers save products as Favourites for quick reordering, with admin tools to manage each user's saved products.

0 No CVEs

Developer Profile

EFavourite Posts Developer Profile

Paresh Sagar

4 plugins · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EFavourite Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/efavourite-posts/css/efav-style.css/wp-content/plugins/efavourite-posts/js/efav_script.js

Script Paths

/wp-content/plugins/efavourite-posts/js/efav_script.js

Version Parameters

efavourite-posts/css/efav-style.css?ver=efavourite-posts/js/efav_script.js?ver=

HTML / DOM Fingerprints

CSS Classes

efav-spanefav-link

Data Attributes

efav_actionefav_postid

JS Globals

efav_mode

FAQ