WP-Safety

GN Publisher: Google News Compatible RSS Feeds Security & Risk Analysis

wordpress.org/plugins/gn-publisher

GN Publisher makes RSS feeds that comply with the Google News RSS Feed Technical Requirements for including your site in the Google News.

20K active installs v1.5.26 PHP 5.4+ WP 3.5+ Updated Jan 5, 2026
feedfeedsgoogle-newsnewsrss
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 27, 2023
Plugin page Download
Safety Verdict

Is GN Publisher: Google News Compatible RSS Feeds Safe to Use in 2026?

Generally Safe

Score 100/100

GN Publisher: Google News Compatible RSS Feeds has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 27, 2023Updated 2mo ago
Risk Assessment

The "gn-publisher" plugin v1.5.26 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries and performing a substantial number of nonce and capability checks for its entry points. Taint analysis reveals no critical or high severity vulnerabilities related to unsanitized paths, indicating a good effort in preventing direct code execution or manipulation through untrusted input. The absence of currently unpatched CVEs is also a strong positive signal, suggesting a responsible approach to security updates.

However, several concerns warrant attention. The presence of one AJAX handler without authentication checks creates a significant attack vector. While the total number of entry points is relatively low, this single unprotected handler could be exploited to perform unauthorized actions. The use of the `unserialize` function, even if not directly exploited in taint flows in this analysis, is inherently risky and can lead to deserialization vulnerabilities if not handled with extreme caution and input validation. Furthermore, the output escaping rate of 63% suggests that a portion of the plugin's output is not properly sanitized, potentially exposing it to Cross-Site Scripting (XSS) attacks.

The plugin's vulnerability history shows one past medium severity CVE related to XSS, which was resolved. This indicates a past vulnerability that was fixed, but it also highlights the potential for XSS if output escaping is not consistently applied. The overall conclusion is that while the plugin has some strong security foundations, the unprotected AJAX handler and the partial output escaping are significant weaknesses that require immediate attention to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function: unserialize used
  • Low output escaping rate (63%)
  • Bundled library: Guzzle
Vulnerabilities
1

GN Publisher: Google News Compatible RSS Feeds Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-1080medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting

Feb 27, 2023 Patched in 1.5.6 (330d)
Code Analysis
Analyzed Mar 16, 2026

GN Publisher: Google News Compatible RSS Feeds Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
210
354 escaped
Nonce Checks
11
Capability Checks
11
File Operations
1
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$options = unserialize( $options_data );controllers\admin\class-gnpub-sitemap.php:59
unserialize$sitemap_options = unserialize( $sitemap_options );templates\admin\setup-wizard\template-wizard-sitemap.php:14
unserialize$options = unserialize($options_data);xml\gnpub-news-sitemap-single.php:3
unserialize$options = unserialize($options_data);xml\gnpub-news-sitemap.php:3

Bundled Libraries

Guzzle

Output Escaping

63% escaped564 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
gnpub_save_index_settings_data (controllers\admin\class-gnpub-indexing.php:215)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

GN Publisher: Google News Compatible RSS Feeds Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 7

authwp_ajax_gnpub_apple_news_publishcontrollers\admin\class-gnpub-apple-news.php:19
authwp_ajax_gnpub_ociaifs_giapicontrollers\admin\class-gnpub-indexing.php:18
authwp_ajax_gnpub_subscribe_to_news_lettercontrollers\admin\class-gnpub-newsletter.php:19
authwp_ajax_gnpub_setup_wizard_checklist_ajaxcontrollers\admin\class-gnpub-setup-wizard.php:27
authwp_ajax_gnpub_save_optionscontrollers\admin\class-gnpub-sitemap.php:16
authwp_ajax_gn_send_query_messagegn-publisher.php:83
authwp_ajax_gnpub_send_feedbackincludes\mb-helper-function.php:141

Shortcodes 1

[gnpub_google_news_follow] controllers\admin\class-gnpub-google-news-follow.php:20
WordPress Hooks 51
actionplugins_loadedclass-gnpub-compat.php:12
filtercategory_rewrite_rulesclass-gnpub-compat.php:72
actionpre_get_postsclass-gnpub-rss-url.php:10
actiondo_feed_rdfclass-gnpub-rss-url.php:12
actiondo_feed_rssclass-gnpub-rss-url.php:13
actiondo_feed_rss2class-gnpub-rss-url.php:14
actiondo_feed_atomclass-gnpub-rss-url.php:15
actionadd_meta_boxescontrollers\admin\class-gnpub-apple-news.php:17
actionadmin_enqueue_scriptscontrollers\admin\class-gnpub-apple-news.php:18
actiongnpub_render_apple_news_compatibilitycontrollers\admin\class-gnpub-apple-news.php:20
actionadmin_enqueue_scriptscontrollers\admin\class-gnpub-google-news-follow.php:16
actionwp_enqueue_scriptscontrollers\admin\class-gnpub-google-news-follow.php:17
actionadmin_enqueue_scriptscontrollers\admin\class-gnpub-google-news-follow.php:18
actiongnpub_render_google_news_followcontrollers\admin\class-gnpub-google-news-follow.php:19
actionadmin_post_gnpub_save_gnfollowcontrollers\admin\class-gnpub-google-news-follow.php:21
actionwp_footercontrollers\admin\class-gnpub-google-news-follow.php:22
actionadmin_enqueue_scriptscontrollers\admin\class-gnpub-indexing.php:16
actionadmin_initcontrollers\admin\class-gnpub-indexing.php:17
actiontrashed_postcontrollers\admin\class-gnpub-indexing.php:21
actionadmin_menucontrollers\admin\class-gnpub-menu.php:22
actionadmin_noticescontrollers\admin\class-gnpub-menu.php:23
filtergnpub_localize_filtercontrollers\admin\class-gnpub-newsletter.php:18
actionadmin_initcontrollers\admin\class-gnpub-settings.php:22
actionadmin_enqueue_scriptscontrollers\admin\class-gnpub-setup-wizard.php:24
actionadmin_menucontrollers\admin\class-gnpub-setup-wizard.php:25
actionadmin_post_gnpub_save_setup_wizardcontrollers\admin\class-gnpub-setup-wizard.php:26
actiongnpub_sitemap_formcontrollers\admin\class-gnpub-sitemap.php:14
actionadmin_enqueue_scriptscontrollers\admin\class-gnpub-sitemap.php:15
actioninitcontrollers\admin\class-gnpub-sitemap.php:17
filtertemplate_includecontrollers\admin\class-gnpub-sitemap.php:18
filterquery_varscontrollers\admin\class-gnpub-sitemap.php:221
actioninitcontrollers\class-gnpub-feed.php:29
actionwpcontrollers\class-gnpub-feed.php:30
actionparse_querycontrollers\class-gnpub-feed.php:33
filterthe_content_feedcontrollers\class-gnpub-feed.php:36
filterthe_content_feedcontrollers\class-gnpub-feed.php:37
filterthe_content_feedcontrollers\class-gnpub-feed.php:38
filterdefault_feedcontrollers\class-gnpub-feed.php:41
filterget_the_generator_rss2controllers\class-gnpub-feed.php:48
actionpre_post_updatecontrollers\class-gnpub-posts.php:15
filterembed_oembed_htmlcontrollers\class-gnpub-posts.php:16
actionsave_postcontrollers\class-gnpub-websub.php:18
actionshutdowncontrollers\class-gnpub-websub.php:19
actionplugins_loadedgn-publisher.php:48
actionadmin_enqueue_scriptsgn-publisher.php:121
actionadmin_enqueue_scriptsgn-publisher.php:159
actionadmin_initgn-publisher.php:164
actionwp_headgn-publisher.php:344
actionadmin_enqueue_scriptsincludes\mb-helper-function.php:143
filteradmin_footerincludes\mb-helper-function.php:161
filterwpoutput\schema-output.php:306
Maintenance & Trust

GN Publisher: Google News Compatible RSS Feeds Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 5, 2026
PHP min version5.4
Downloads703K

Community Trust

Rating98/100
Number of ratings29
Active installs20K
Alternatives

GN Publisher: Google News Compatible RSS Feeds Alternatives

Newsworthy Feed

Newsworthy Feed

newsworthy-feed

A
92

Newsworthy Feed enables you to get content from Newsworthy RSS feeds & save them as WP Posts.

20 No CVEs
Periscopio

Periscopio

periscopio

A
100

Replace the default WordPress News widget with your own customizable RSS feeds and events.

20 No CVEs
Auto Google news poster

Auto Google news poster

auto-google-news-poster

A
85

"Auto Google news poster" posts news from Google news feed in one click.

10 No CVEs
NewsPage

NewsPage

newspage

A
85

newsPage is an easy to use plugin that allows you to have a headline aggregation page on your blog.

10 No CVEs
RSS News Scroller

RSS News Scroller

rss-news-scroller-by-pierpaolo-romanelli

A
85

RSS News Scroller is a simple news scroller which you can use by just activating it.

10 No CVEs
Developer Profile

GN Publisher: Google News Compatible RSS Feeds Developer Profile

GNPublisher

1 plugin · 20K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
330 days
View full developer profile
Detection Fingerprints

How We Detect GN Publisher: Google News Compatible RSS Feeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gn-publisher/assets/css/gn-admin.css/wp-content/plugins/gn-publisher/assets/css/promotional-popup.css/wp-content/plugins/gn-publisher/assets/js/gn-admin.js/wp-content/plugins/gn-publisher/assets/js/promotional-popup.js/wp-content/plugins/gn-publisher/assets/js/gn-admin-newsletter.js
Script Paths
/wp-content/plugins/gn-publisher/assets/js/gn-admin.js/wp-content/plugins/gn-publisher/assets/js/promotional-popup.js/wp-content/plugins/gn-publisher/assets/js/gn-admin-newsletter.js
Version Parameters
gn-publisher/assets/css/gn-admin.css?ver=gn-publisher/assets/css/promotional-popup.css?ver=gn-publisher/assets/js/gn-admin.js?ver=gn-publisher/assets/js/promotional-popup.js?ver=gn-publisher/assets/js/gn-admin-newsletter.js?ver=

HTML / DOM Fingerprints

CSS Classes
gnpub-admin-wrap
HTML Comments
<!-- GN Publisher -->
Data Attributes
data-gnpub-id
JS Globals
gn_script_varsgnpub_localize_data
REST Endpoints
/wp-json/gnpublisher/v1/settings/wp-json/gnpublisher/v1/posts
Shortcode Output
[gn_publisher_feed][gn_publisher_posts]
FAQ

Frequently Asked Questions about GN Publisher: Google News Compatible RSS Feeds