Does External Content have any unpatched vulnerabilities?

No. All known vulnerabilities in External Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is External Content compatible with WordPress 4.4.34?

According to WordPress.org data, External Content 1.4.0 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is External Content updated?

External Content was last updated on Jan 3, 2016. Frequent updates are generally a positive security signal.

What is External Content's security score?

External Content has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

External Content Security & Risk Analysis

wordpress.org/plugins/external-content

This plugin registers a custom post type to handle external content like any other post. The post permalink is replaced by a custom post meta that hol …

70 active installs v1.4.0 PHP + WP 2.9.0+ Updated Jan 3, 2016

contentexternalurl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is External Content Safe to Use in 2026?

Generally Safe

Score 85/100

External Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "external-content" plugin v1.4.0 demonstrates a strong security posture based on the provided static analysis. It has no identified entry points such as AJAX handlers, REST API routes, or shortcodes, which significantly reduces its attack surface. The code also shows good practices with 100% of SQL queries using prepared statements and the presence of nonce and capability checks, indicating an effort to prevent common WordPress vulnerabilities. There are no reported vulnerabilities in its history, which is a positive indicator.

However, the static analysis does reveal a minor concern regarding output escaping, with 40% of outputs not being properly escaped. While there are no critical or high-severity taint flows identified, and no dangerous functions are used, this unescaped output could potentially lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is not handled correctly. The absence of external HTTP requests and file operations further strengthens its security profile. Overall, the plugin is well-secured due to its limited attack surface and adherence to good coding practices, but the unescaped output warrants attention to ensure complete protection against potential XSS attacks.

Key Concerns

Unescaped output detected (40%)

Vulnerabilities

None known

External Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

External Content Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

60% escaped5 total outputs

Attack Surface

External Content Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionplugins_loadedexternal-content.php:24

actionadd_meta_boxesinc\Controllers\MetaBox.php:45

actionsave_postinc\Controllers\MetaBox.php:47

filterpost_type_linkinc\Controllers\Post.php:36

filterpre_get_shortlinkinc\Controllers\Post.php:38

actionwp_loadedinc\Controllers\PostType.php:36

Maintenance & Trust

External Content Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedJan 3, 2016

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings1

Active installs70

Alternatives

External Content Alternatives

Custom URL Replacer

custom-url-replacer

100

Short Description: Replaces anchor text matching an external URL with custom text and can force external links to open in a new tab.

0 No CVEs

External Thumbnail

external-thumbnail

Using external images from anywhere to make thumbnail

10K No CVEs

EXMAGE – WordPress Image Links

exmage-wp-image-links

Add images using external links - Save your storage with EXMAGE effortlessly

7K 1 CVE

Root Relative URLs

root-relative-urls

Converts all URLs to root-relative URLs for hosting the same site on multiple IPs, easier production migration and better mobile device testing.

6K No CVEs

Advance Canonical URL

advance-canonical-url

100

Advanced Canonical URL is a powerful WordPress plugin designed to enhance your website’s SEO by preventing duplicate content issues.

2K No CVEs

Developer Profile

External Content Developer Profile

Thorsten Frommen

6 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect External Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ