Does Future have any unpatched vulnerabilities?

No. All known vulnerabilities in Future have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Future compatible with WordPress 4.0.38?

According to WordPress.org data, Future 1.2.4 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Future updated?

Future was last updated on Oct 18, 2014. Frequent updates are generally a positive security signal.

What is Future's security score?

Future has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Future Security & Risk Analysis

wordpress.org/plugins/future

Integrates future-dated posts into your blog. Adds future posts and category selection to Wordpress's built-in calendar widget.

200 active installs v1.2.4 PHP + WP 3.6.0+ Updated Oct 18, 2014

futurefuture-postsmsudvargschedulescheduled

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Future Safe to Use in 2026?

Generally Safe

Score 85/100

Future has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "future" plugin v1.2.4 exhibits a generally good security posture in terms of its attack surface, with no identified entry points that are unprotected by authentication. The absence of known CVEs and historical vulnerabilities further strengthens this perception, indicating a well-maintained and secure codebase.

However, the static analysis reveals areas for improvement. A significant concern is the low percentage of SQL queries using prepared statements. While there are no critical taint flows or dangerous functions, the presence of 7 SQL queries where only 14% are prepared suggests a potential risk of SQL injection vulnerabilities, especially if the data processed by these queries is user-controlled and not adequately sanitized beforehand. The output escaping, with only 47% properly escaped, also presents a risk of Cross-Site Scripting (XSS) vulnerabilities.

Despite these identified concerns, the plugin's strengths lie in its minimal attack surface and lack of historical security issues. The absence of external HTTP requests and file operations simplifies the security landscape. The overall recommendation is to prioritize addressing the SQL query preparation and output escaping to further harden the plugin.

Key Concerns

Low percentage of prepared SQL statements
Low percentage of properly escaped output

Vulnerabilities

None known

Future Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Future Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

14% prepared7 total queries

Output Escaping

47% escaped110 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

start_el (future.php:495)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Future Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

filterthe_postsfuture.php:46

actionwidgets_initfuture.php:116

filterget_calendarfuture.php:349

filterpost_linkfuture.php:392

actionpre_get_postsfuture.php:394

filterget_next_post_wherefuture.php:395

filterget_previous_post_wherefuture.php:396

actionpre_get_postsfuture.php:399

filterget_next_post_wherefuture.php:400

filterget_previous_post_wherefuture.php:401

filterpaginate_linksfuture.php:417

actionwp_update_nav_menu_itemfuture.php:421

filterwp_setup_nav_menu_itemfuture.php:436

filterwp_edit_nav_menu_walkerfuture.php:442

filternav_menu_link_attributesfuture.php:715

Maintenance & Trust

Future Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedOct 18, 2014

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings7

Active installs200

Alternatives

Future Alternatives

WP Missed Schedule Posts

wp-missed-schedule-posts

Auto publish future/scheduled posts missed by WordPress cron

10K No CVEs

Scheduled Post Guardian

scheduled-post-guardian

Watches over scheduled posts, and makes sure they don't miss their scheduled time

70 No CVEs

Linked Future Posts Widget

linked-future-posts-widget

A widget that displays a list of scheduled posts with links to the posts.

10 No CVEs

Scheduled Posts Showcase

scheduled-posts-showcase

100

Display your scheduled and future posts on the frontend without generating 404 links. Show visitors what's coming next.

10 No CVEs

MY Missed Schedule

my-missed-schedule

重发定时失败的文章。Find missed schedule posts and it republish them correctly. Once every five minutes.

100 No CVEs

Developer Profile

Future Developer Profile

msudvarg

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Future

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/future/future.css/wp-content/plugins/future/future.js

Script Paths

/wp-content/plugins/future/future.js

Version Parameters

future/style.css?ver=future/future.js?ver=

HTML / DOM Fingerprints

CSS Classes

widget_calendar

Data Attributes

id="calendar_wrap"id="wp-calendar"

JS Globals

futurems_get_calendar

FAQ