Does FeedWordPress Advanced Filters have any unpatched vulnerabilities?

Yes — FeedWordPress Advanced Filters currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is FeedWordPress Advanced Filters compatible with WordPress 4.0.38?

According to WordPress.org data, FeedWordPress Advanced Filters 0.6.2 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is FeedWordPress Advanced Filters updated?

FeedWordPress Advanced Filters was last updated on Dec 16, 2014. Frequent updates are generally a positive security signal.

What is FeedWordPress Advanced Filters's security score?

FeedWordPress Advanced Filters has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FeedWordPress Advanced Filters Security & Risk Analysis

wordpress.org/plugins/faf

Author: Bas Schuiling

200 active installs v0.6.2 PHP + WP 3.0+ Updated Dec 16, 2014

aggregationatomfeedrsssyndication

C · Use Caution

CVEs total1

Unpatched1

Last CVEJan 27, 2026

Plugin page Download

Safety Verdict

Is FeedWordPress Advanced Filters Safe to Use in 2026?

Use With Caution

Score 63/100

FeedWordPress Advanced Filters has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 27, 2026Updated 11yr ago

Risk Assessment

The faf plugin version 0.6.2 presents a concerning security posture, primarily due to its significant attack surface exposed without proper authentication. With two unprotected AJAX handlers, there's a direct avenue for unauthorized actions. The static analysis also reveals a critical flaw in the use of the `unserialize` function, which, without proper sanitization of its input, can lead to Remote Code Execution vulnerabilities. Furthermore, only a meager 6% of outputs are properly escaped, increasing the risk of Cross-Site Scripting (XSS) attacks. The vulnerability history, including a currently unpatched medium-severity CVE related to XSS, reinforces these concerns and suggests a pattern of security weaknesses in the plugin. While the use of prepared statements for SQL queries is a positive, it is overshadowed by the critical issues in authentication, input sanitization, and output escaping, making this plugin a high-risk component.

Key Concerns

Unprotected AJAX handlers (2)
Dangerous function: unserialize
Low output escaping percentage (6%)
Missing nonce checks
Missing capability checks
Currently unpatched CVE (medium)

Vulnerabilities

FeedWordPress Advanced Filters Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68843medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FeedWordPress Advanced Filters <= 0.6.2 - Reflected Cross-Site Scripting

Jan 27, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

FeedWordPress Advanced Filters Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize{ $filter_array = unserialize($filter_array[$page_type]);feedwordpress_advanced_filters.php:514

SQL Query Safety

100% prepared6 total queries

Output Escaping

6% escaped50 total outputs

Attack Surface

2 unprotected

FeedWordPress Advanced Filters Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_faf_new_filterfeedwordpress_advanced_filters.php:79

authwp_ajax_faf_help_textfeedwordpress_advanced_filters.php:80

WordPress Hooks 10

actionfeedwordpress_admin_page_posts_meta_boxesfeedwordpress_advanced_filters.php:41

actionfeedwordpress_admin_page_categories_meta_boxesfeedwordpress_advanced_filters.php:47

actionfeedwordpress_admin_page_posts_savefeedwordpress_advanced_filters.php:53

actionfeedwordpress_admin_page_categories_savefeedwordpress_advanced_filters.php:59

filtersyndicated_postfeedwordpress_advanced_filters.php:66

actionfeedwordpress_update_completefeedwordpress_advanced_filters.php:72

actioninitfeedwordpress_advanced_filters.php:99

actionadmin_menufeedwordpress_advanced_filters.php:775

actionadmin_enqueue_scriptsfeedwordpress_advanced_filters.php:776

actioninitfeedwordpress_advanced_filters.php:777

Maintenance & Trust

FeedWordPress Advanced Filters Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedDec 16, 2014

PHP min version

Downloads27K

Community Trust

Rating50/100

Number of ratings8

Active installs200

Alternatives

FeedWordPress Advanced Filters Alternatives

FeedWordPress

feedwordpress

FeedWordPress syndicates content from feeds you choose into your WordPress weblog.

10K 5 CVEs

YD BuddyPress Feed Syndication

yd-buddypress-feed-syndication

Syndicate RSS feeds into your user or group Activity stream

10 No CVEs

Disable Feeds

disable-feeds

Disables all RSS/Atom/RDF feeds on your WordPress site.

30K No CVEs

Disable Feeds WP

disable-feeds-wp

100

Disables all RSS/Atom/RDF feeds on your WordPress site.

10K No CVEs

RSS Just Better

rss-just-better

Displays a list of RSS/Atom feed items given the feed URL and other parameters (optionals). Highly customizable.

400 No CVEs

Developer Profile

FeedWordPress Advanced Filters Developer Profile

Bas Schuiling

3 plugins · 320 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FeedWordPress Advanced Filters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/faf/faf_style.css/wp-content/plugins/faf/faf.js

Script Paths

/wp-content/plugins/faf/faf.js

Version Parameters

faf_stylefaf-js

HTML / DOM Fingerprints

CSS Classes

fafFilter

Data Attributes

data-faf-nonce

JS Globals

ajax_object

REST Endpoints

/wp-json/faf/

FAQ