Does Export Post Info have any unpatched vulnerabilities?

No. All known vulnerabilities in Export Post Info have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Export Post Info compatible with WordPress 6.3.8?

According to WordPress.org data, Export Post Info 1.3.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is Export Post Info updated?

Export Post Info was last updated on Sep 23, 2023. Frequent updates are generally a positive security signal.

What is Export Post Info's security score?

Export Post Info has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Export Post Info Security & Risk Analysis

wordpress.org/plugins/export-post-info

This plugin exports posts Date published, Post title, Word Count, Status, URL and Category to a CSV file.

1K active installs v1.3.0 PHP + WP 4.0.1+ Updated Sep 23, 2023

export-post-titlesexport-titleexport-urlsextract-titleextract-urls

B · Generally Safe

CVEs total2

Unpatched0

Last CVESep 22, 2022

Plugin page Download

Safety Verdict

Is Export Post Info Safe to Use in 2026?

Mostly Safe

Score 84/100

Export Post Info is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEsLast CVE: Sep 22, 2022Updated 2yr ago

Risk Assessment

The 'export-post-info' plugin v1.3.0 exhibits a mixed security posture. On the positive side, static analysis reveals no identified attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that lack proper authentication or permission checks. The code also demonstrates good practices with 100% of SQL queries utilizing prepared statements, and a single file operation and capability check are present. However, a significant concern arises from the output escaping, where 60% of the 20 total outputs are properly escaped, leaving 40% potentially vulnerable to injection or XSS attacks if the unsanitized output is processed by downstream components or rendered directly in the browser. Taint analysis did not uncover any flows with unsanitized paths, which is a positive indicator.

The vulnerability history of this plugin is a notable area of concern. With two known medium-severity CVEs, both related to 'Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')' and 'Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')', it suggests a pattern of insecure output handling or input sanitization. The fact that these were the common vulnerability types and the last one occurred in September 2022 indicates a recurring issue that may not have been fully addressed in this version, despite there being no currently unpatched CVEs. The lack of recent patching history for these specific vulnerability types is a red flag.

In conclusion, while the plugin has a minimal attack surface and uses prepared statements for SQL, the concerning percentage of unescaped output and the history of injection and XSS vulnerabilities indicate potential risks. The plugin has strengths in its limited entry points and SQL practices but weaknesses in output sanitization and a history of exploitable flaws that warrant careful consideration. Users should exercise caution and ensure proper output handling within their WordPress environment.

Key Concerns

Significant portion of outputs not properly escaped
History of 2 medium severity vulnerabilities (Injection/XSS)

Vulnerabilities

Export Post Info Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2022-38061medium · 5.4Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection

Sep 22, 2022 Patched in 1.2.1 (488d)

CVE-2022-38068medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 7, 2022 Patched in 1.2.0 (503d)

Code Analysis

Analyzed Mar 16, 2026

Export Post Info Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped20 total outputs

Attack Surface

Export Post Info Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionplugins_loadedexport-post-info.php:17

actionadmin_initexport-post-info.php:29

actionadmin_menuexport-post-info.php:31

Maintenance & Trust

Export Post Info Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 23, 2023

PHP min version

Downloads23K

Community Trust

Rating100/100

Number of ratings13

Active installs1K

Alternatives

Export Post Info Alternatives

Export All URLs

export-all-urls

This plugin enables you to extract information such as Title, URL, Categories, Tags, Author, as well as Published and Modified dates for built-in post …

50K 5 CVEs

Developer Profile

Export Post Info Developer Profile

apasionados

28 plugins · 61K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

326 days

View full developer profile

Detection Fingerprints

How We Detect Export Post Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/export-post-info/css/style.css

Version Parameters

export-post-info/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

wrappostbox-containermetabox-holderpostboxform-table

Data Attributes

id="epi_random_string_filename"

FAQ