WP-Safety

Featured Item Metabox Security & Risk Analysis

wordpress.org/plugins/featured-item-metabox

Quickly add a metabox to any post type for marking a post as featured. Toggle featured status even more quickly from the posts lists/ quick edit scre …

90 active installs v1.3.2 PHP + WP 3.8+ Updated Feb 17, 2020
featuredmetabox
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Featured Item Metabox Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Item Metabox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "featured-item-metabox" plugin version 1.3.2 presents a generally good security posture based on the static analysis. The plugin demonstrates strong adherence to secure coding practices by having no SQL queries that are not prepared, and it implements a healthy number of nonce and capability checks. Furthermore, the absence of known vulnerabilities in its history is a significant positive indicator of its security.

However, a notable concern arises from the output escaping. With 100% of its observed outputs unescaped, this plugin is susceptible to Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users, if not properly sanitized, could be manipulated by an attacker to inject malicious scripts. While there are no critical taint flows or dangerous functions identified, the lack of output escaping represents a significant and immediate risk that needs to be addressed.

In conclusion, the "featured-item-metabox" plugin benefits from robust input validation and a clean vulnerability history. Nevertheless, the complete absence of output escaping is a critical weakness that significantly elevates its risk profile. Addressing this specific issue should be the highest priority to improve its overall security.

Key Concerns

  • 0% of outputs properly escaped
Vulnerabilities
None known

Featured Item Metabox Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Featured Item Metabox Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
0 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped5 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class.Featured_Item_Metabox> (inc\class.Featured_Item_Metabox.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Featured Item Metabox Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_featured_items_quickeditinc\class.Featured_Item_Metabox.php:40
WordPress Hooks 15
actionplugins_loadedfeatured-item-metabox.php:100
actionadmin_initfeatured-item-metabox.php:111
actionadmin_menufeatured-item-metabox.php:114
filterplugin_action_linksfeatured-item-metabox.php:117
actionwp_loadedinc\class.Featured_Item_Metabox.php:34
actionadd_meta_boxesinc\class.Featured_Item_Metabox.php:37
filteradmin_initinc\class.Featured_Item_Metabox.php:43
actionsave_postinc\class.Featured_Item_Metabox.php:46
actionedit_attachmentinc\class.Featured_Item_Metabox.php:47
actionquick_edit_custom_boxinc\class.Featured_Item_Metabox.php:50
actionadmin_enqueue_scriptsinc\class.Featured_Item_Metabox.php:53
filtermanage_media_columnsinc\class.Featured_Item_Metabox.php:232
actionmanage_media_custom_columninc\class.Featured_Item_Metabox.php:233
filtermanage_upload_sortable_columnsinc\class.Featured_Item_Metabox.php:234
filterrequestinc\class.Featured_Item_Metabox.php:241
Maintenance & Trust

Featured Item Metabox Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedFeb 17, 2020
PHP min version
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs90
Alternatives

Featured Item Metabox Alternatives

Custom Featured Image Metabox

Custom Featured Image Metabox

custom-featured-image-metabox

A
85

Custom the title, content and set / remove link text in the Featured Image metabox.

70 No CVEs
Drag & Drop Featured Image Improved

Drag & Drop Featured Image Improved

drag-drop-featured-image-improved

A
100

Drag and Drop Featured Image Improved replaces the default featured image box with a drag and drop zone for faster and more convenient uploads.

50 No CVEs
Ocean Extra

Ocean Extra

ocean-extra

A
91

Ocean Extra adds extra features and flexibility to the OceanWP theme for a turbocharged experience.

500K 17 CVEs
CMB2

CMB2

cmb2

B
84

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE
Featured Image from URL (FIFU)

Featured Image from URL (FIFU)

featured-image-from-url

A
89

Use remote media as the featured image and beyond.

70K 13 CVEs
Developer Profile

Featured Item Metabox Developer Profile

HelgaTheViking

6 plugins · 99K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
657 days
View full developer profile
Detection Fingerprints

How We Detect Featured Item Metabox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/featured-item-metabox/css/admin.css/wp-content/plugins/featured-item-metabox/js/admin.js
Script Paths
/wp-content/plugins/featured-item-metabox/js/admin.js
Version Parameters
featured-item-metabox/css/admin.css?ver=featured-item-metabox/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
featured-item-metabox-wrap
Data Attributes
data-featured-item-metabox-nonce
JS Globals
FeaturedItemMetabox
FAQ

Frequently Asked Questions about Featured Item Metabox