Does Force Delete Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Force Delete Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Force Delete Posts compatible with WordPress 6.9.4?

According to WordPress.org data, Force Delete Posts 2.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Force Delete Posts compatible with PHP 5.6+?

Force Delete Posts requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Force Delete Posts updated?

Force Delete Posts was last updated on Dec 23, 2025. Frequent updates are generally a positive security signal.

What is Force Delete Posts's security score?

Force Delete Posts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Force Delete Posts Security & Risk Analysis

wordpress.org/plugins/force-delete-posts

Deleting Posts has never been so fast! This lightweight plugin adds the ability for administrators to instantly delete posts by adding a Force Delete …

300 active installs v2.1.1 PHP 5.6+ WP 4.0.0+ Updated Dec 23, 2025

deleteforcepostpoststrash

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Force Delete Posts Safe to Use in 2026?

Generally Safe

Score 100/100

Force Delete Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "force-delete-posts" v2.1.1 plugin exhibits a strong security posture based on the provided static analysis. The complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the lack of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for all SQL queries indicate robust coding practices. The plugin also demonstrates some security awareness with a capability check present.

However, a significant concern arises from the output escaping. With one output detected and 0% properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data or dynamic content is reflected directly in the output. While the taint analysis shows no critical or high severity flows, this is likely due to the very limited attack surface. The clean vulnerability history is positive, suggesting the plugin has historically been well-maintained or has not attracted malicious attention, but it doesn't negate the identified coding issues.

In conclusion, while the plugin's architecture is secure and its vulnerability history is clean, the unescaped output is a critical flaw that needs immediate attention. Addressing this XSS risk is paramount to ensuring the plugin's overall security.

Key Concerns

Output not properly escaped

Vulnerabilities

None known

Force Delete Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Force Delete Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Force Delete Posts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_enqueue_scriptsadmin\forceDeletePosts.php:11

filtermanage_pages_columnsadmin\forceDeletePosts.php:14

actionmanage_pages_custom_columnadmin\forceDeletePosts.php:15

filtermanage_posts_columnsadmin\forceDeletePosts.php:18

actionmanage_posts_custom_columnadmin\forceDeletePosts.php:19

actionbefore_delete_postadmin\forceDeletePosts.php:22

Maintenance & Trust

Force Delete Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 23, 2025

PHP min version5.6

Downloads9K

Community Trust

Rating88/100

Number of ratings7

Active installs300

Alternatives

Force Delete Posts Alternatives

Post Lockdown

post-lockdown

Allows admins to protect selected posts and pages so they cannot be trashed or deleted by non-admin users.

1K 1 CVE

Bulk Trash by URL

bulk-trash-by-url

100

Bulk‑trash posts, pages and custom post types from pasted URLs. Fast URL mapping, batched processing with pause/resume, and an optional summary.

10 No CVEs

Delete Duplicate Posts

delete-duplicate-posts

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K 2 CVEs

WOLF – WordPress Posts Bulk Editor and Manager Professional

bulk-editor

WOLF (formerly WPBE) - a WordPress plugin for managing posts, pages, and custom types easily. Perfect for real estate, cars, etc.

4K 12 CVEs

Delete Posts automatically

delete-old-posts-programmatically

100

The Delete Posts Automatically plugin keeps your website clean by programmatically deleting posts using a wide range of powerful filters.

1K No CVEs

Developer Profile

Force Delete Posts Developer Profile

Liam Stewart

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Force Delete Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/force-delete-posts/styles.css

Version Parameters

force-delete-posts/styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

ls_fd_label

FAQ