Does Posts by Search Query have any unpatched vulnerabilities?

No. All known vulnerabilities in Posts by Search Query have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Posts by Search Query compatible with WordPress 6.4.8?

According to WordPress.org data, Posts by Search Query 1.0.9 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Posts by Search Query compatible with PHP 7.4+?

Posts by Search Query requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Posts by Search Query updated?

Posts by Search Query was last updated on Feb 7, 2024. Frequent updates are generally a positive security signal.

What is Posts by Search Query's security score?

Posts by Search Query has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Posts by Search Query Security & Risk Analysis

wordpress.org/plugins/fcp-posts-by-search-query

Implement a list of relevant posts to particular pages with a search query or exact list of posts. Easy pick and add. Print with the shortcode [fcppbk …

0 active installs v1.0.9 PHP 7.4+ WP 5.8+ Updated Feb 7, 2024

list-postsposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Posts by Search Query Safe to Use in 2026?

Generally Safe

Score 85/100

Posts by Search Query has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The plugin "fcp-posts-by-search-query" version 1.0.9 exhibits a generally strong security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with exposed entry points significantly limits the potential attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements, over 99% of output properly escaped, and the presence of nonce and capability checks. The vulnerability history is clean, with no known CVEs, indicating a history of secure development or effective patching.

Despite these positive aspects, the use of the `unserialize` function is a notable concern. While not flagged by taint analysis in this specific scan (potentially due to limited flows analyzed or sanitization upstream), `unserialize` is inherently risky as it can lead to Remote Code Execution if untrusted data is processed. The presence of file operations, although not directly linked to vulnerabilities here, warrants careful review in the context of how they are implemented and what data they interact with. Overall, the plugin is commendably secure with a minimal attack surface and robust coding practices, but the `unserialize` function presents a specific, albeit currently theoretical, risk.

Key Concerns

Use of unserialize function

Vulnerabilities

None known

Posts by Search Query Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Posts by Search Query Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$ids = unserialize( $metas[ FCPPBK_PREF.'posts' ] ?? 'a:0:{}' );inc\shortcode.php:77

Output Escaping

99% escaped103 total outputs

Attack Surface

Posts by Search Query Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadd_meta_boxesinc\meta-boxes.php:9

actionadmin_enqueue_scriptsinc\meta-boxes.php:23

actionrest_api_initinc\meta-boxes.php:70

actionsave_postinc\meta-boxes.php:236

actionadmin_menuinc\settings-page.php:71

actionadmin_initinc\settings-page.php:95

Maintenance & Trust

Posts by Search Query Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedFeb 7, 2024

PHP min version7.4

Downloads963

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Posts by Search Query Alternatives

Unlist Posts & Pages

unlist-posts

100

Hide posts, pages or custom items from your site and make them accessible only with the direct link.

10K No CVEs

A-Z Indexing startup

a-z-indexing-startup

This is a simple plugin that provides an A-Z index of the posts displayed on a particular page based on the post title.

60 No CVEs

Latest Posts Widget

raw-latest-posts-widget

List the lastest posts from a category.

40 No CVEs

list-posts WordPress Plugin

list-posts

This is a a plugin that lists the latest posts on any page (or post). It does not use an iframe. It is extremely simple, and honors permissions and pa …

30 No CVEs

List Posts Alphabetically

list-posts-alphabetically

Lists posts alphabetically by category.

30 No CVEs

Developer Profile

Posts by Search Query Developer Profile

FirmCatalyst

4 plugins · 120 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Posts by Search Query

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fcp-posts-by-search-query/assets/metabox.css/wp-content/plugins/fcp-posts-by-search-query/assets/metabox.js/wp-content/plugins/fcp-posts-by-search-query/assets/advisor.css/wp-content/plugins/fcp-posts-by-search-query/assets/advisor.js/wp-content/plugins/fcp-posts-by-search-query/assets/settings.css/wp-content/plugins/fcp-posts-by-search-query/assets/settings.js/wp-content/plugins/fcp-posts-by-search-query/assets/color.css/wp-content/plugins/fcp-posts-by-search-query/assets/color.js+4 more

Script Paths

/wp-content/plugins/fcp-posts-by-search-query/assets/metabox.js/wp-content/plugins/fcp-posts-by-search-query/assets/advisor.js/wp-content/plugins/fcp-posts-by-search-query/assets/settings.js/wp-content/plugins/fcp-posts-by-search-query/assets/color.js/wp-content/plugins/fcp-posts-by-search-query/assets/media.js/wp-content/plugins/fcp-posts-by-search-query/assets/codemirror.js

Version Parameters

fcp-posts-by-search-query/assets/metabox.css?ver=fcp-posts-by-search-query/assets/metabox.js?ver=fcp-posts-by-search-query/assets/advisor.css?ver=fcp-posts-by-search-query/assets/advisor.js?ver=fcp-posts-by-search-query/assets/settings.css?ver=fcp-posts-by-search-query/assets/settings.js?ver=fcp-posts-by-search-query/assets/color.css?ver=fcp-posts-by-search-query/assets/color.js?ver=fcp-posts-by-search-query/assets/media.css?ver=fcp-posts-by-search-query/assets/media.js?ver=fcp-posts-by-search-query/assets/codemirror.css?ver=fcp-posts-by-search-query/assets/codemirror.js?ver=

HTML / DOM Fingerprints

CSS Classes

fcpbk-metabox-query-wrapperfcpbk-metabox-query-formfcpbk-metabox-query-inputfcpbk-metabox-query-buttonfcpbk-metabox-query-list-containerfcpbk-metabox-query-list-itemfcpbk-metabox-query-post-titlefcpbk-metabox-query-post-date+1 more

HTML Comments

meta-boxes, on-page interfaceadmin interface for postsstyle meta boxes && settingsapi to fetch the posts by search query or by id-s+26 more

Data Attributes

data-fcpbk-post-iddata-fcpbk-post-title

JS Globals

FCPPBK_DEVFCPPBK_VERFCPPBK_URLFCPPBK_DIRFCPPBK_BSNFCPPBK_SETT+2 more

REST Endpoints

/wp-json/fcp-posts-by-query/v1/search

Shortcode Output

[fcppbk]

FAQ