Does Featured Post have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Post have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Post compatible with WordPress 4.0.38?

According to WordPress.org data, Featured Post 3.2.1 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Featured Post updated?

Featured Post was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Featured Post's security score?

Featured Post has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Post Security & Risk Analysis

wordpress.org/plugins/featured-post

Is Featured Post Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'featured-post' plugin version 3.2.1 presents a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and having no recorded vulnerabilities, several concerning findings in the static analysis warrant attention. The plugin exposes a single AJAX handler without authentication checks, creating a significant entry point for potential unauthorized actions. Furthermore, a concerning use of the `create_function` is present, which can lead to security vulnerabilities if not handled with extreme care. The low percentage of properly escaped output is also a notable weakness, increasing the risk of cross-site scripting (XSS) vulnerabilities.

Given the absence of known CVEs and taint flows, the immediate risk from known exploits is low. However, the identified weaknesses in authentication, output escaping, and the use of a dangerous function create potential avenues for novel attacks. The lack of any recorded vulnerabilities in its history could indicate a well-maintained codebase or simply a lack of targeted analysis. The plugin's strengths lie in its secure SQL handling and lack of historical vulnerabilities, but the identified static analysis issues represent clear areas for improvement to strengthen its overall security posture.

Key Concerns

AJAX handler without auth check
Use of dangerous function 'create_function'
Low percentage of properly escaped output
No nonce checks on AJAX

Vulnerabilities

None known

Featured Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Featured Post Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Featured_Post_Widget");') , featured-post.php:295

Output Escaping

15% escaped20 total outputs

Attack Surface

1 unprotected

Featured Post Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_toggle-featured-postfeatured-post.php:43

WordPress Hooks 8

actioninitfeatured-post.php:37

actionadmin_initfeatured-post.php:40

filterquery_varsfeatured-post.php:49

actionpre_get_postsfeatured-post.php:52

filtercurrent_screenfeatured-post.php:57

actionadmin_head-edit.phpfeatured-post.php:61

filterpre_get_postsfeatured-post.php:64

actionwidgets_initfeatured-post.php:295

Maintenance & Trust

Featured Post Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedNov 28, 2017

PHP min version

Downloads40K

Community Trust

Rating92/100

Number of ratings14

Active installs1K

Alternatives

Featured Post Alternatives

Featured Post Creative

featured-post-creative

Display Featured post on your website with 2 shortcode and 1 widget. Also work with Gutenberg shortcode block.

1K 2 CVEs

Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft

relevant

Add related, featured, latest, and popular posts to your WordPress website. Connect your blog readers with a relevant content.

900 2 CVEs

Recent & Featured Posts Widget

recent-featured-posts-widget

Display recent posts or manually selected posts with thumbnail images. Show the excerpt directly on the page or as a dropdown.

600 No CVEs

AK Featured Post Widget

akfeatured-post-widget

A widget that you can use to display your blog posts, custom post types, or woocommerce products!

400 No CVEs

Nelio Featured Posts

nelio-featured-posts

Select the featured posts you want to show at any time and include them in your theme using a widget.

400 No CVEs

Developer Profile

Featured Post Developer Profile

Sovit Tamrakar

2 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Featured Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

featured-post-toggle

Data Attributes

data-post-id

FAQ