Feed To Post Security & Risk Analysis

wordpress.org/plugins/feed-to-post

This plugin allows you to transform items from a feed to wordpress's posts.

10 active installs v0.1 PHP + WP 2.1+ Updated May 5, 2009
autofeedpost
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Feed To Post Safe to Use in 2026?

Generally Safe

Score 85/100

Feed To Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago
Risk Assessment

The static analysis of "feed-to-post" v0.1 shows a strong adherence to secure coding practices. The absence of dangerous functions, all SQL queries utilizing prepared statements, and 100% output escaping are commendable. The plugin also demonstrates good security by avoiding external HTTP requests and, importantly, by having no identified taint flows, suggesting a low risk of injection vulnerabilities. However, a significant concern arises from the complete lack of nonce checks and capability checks. This means that all entry points, even though currently zero, would be unprotected if they were to be implemented in future versions or if the plugin's functionality were to expand. The plugin's vulnerability history is clean, which is a positive indicator, but this does not mitigate the inherent risk posed by the absence of authentication checks on potential future entry points.

Key Concerns

  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Feed To Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Feed To Post Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Feed To Post Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries
Attack Surface

Feed To Post Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_menufeed2post.php:23
actiondeleted_postfeed2post.php:24
actionwp_headfeed2post.php:35
Maintenance & Trust

Feed To Post Maintenance & Trust

Maintenance Signals

WordPress version tested2.3
Last updatedMay 5, 2009
PHP min version
Downloads9K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Feed To Post Developer Profile

Himanshu Parashar

3 plugins · 810 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Feed To Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Feed To Post