Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media Security & Risk Analysis

The Evergreen Content Poster plugin exhibits a mixed security posture. On one hand, it demonstrates good practices in areas like SQL query preparation (87% prepared) and output escaping (97% escaped), along with a substantial number of capability checks (73) and nonce checks (44). The absence of critical or high-severity taint analysis findings is also a positive indicator. However, a significant concern arises from the attack surface, particularly the 9 AJAX handlers that lack authentication checks. This represents a direct pathway for potential unauthorized actions if not properly secured by WordPress's default user roles.

The vulnerability history is a more concerning aspect. While there are no currently unpatched CVEs, the plugin has a history of 6 medium-severity vulnerabilities, including Cross-Site Request Forgery (CSRF), Missing Authorization, and Cross-Site Scripting (XSS). The pattern of these past vulnerabilities suggests a recurring need for careful input validation and authorization checks. The most recent vulnerability was in July 2025, which, if the current date is prior to that, indicates that the latest version (1.4.8) may have addressed past issues, but the history itself warrants caution.

In conclusion, while the plugin has strengths in its code hygiene for SQL and output, the presence of unprotected AJAX handlers and a history of medium-severity vulnerabilities necessitates a cautious approach. Users should ensure they are using the latest version of the plugin to benefit from any patches applied since the last reported vulnerability. Further investigation into the specific nature of the past vulnerabilities and the functionality of the unprotected AJAX handlers would be advisable for a complete risk assessment.