Does Headline Analyzer have any unpatched vulnerabilities?

Yes — Headline Analyzer currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Headline Analyzer compatible with WordPress 6.8.5?

According to WordPress.org data, Headline Analyzer 1.3.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Headline Analyzer compatible with PHP 7.0+?

Headline Analyzer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Headline Analyzer updated?

Headline Analyzer was last updated on Oct 7, 2025. Frequent updates are generally a positive security signal.

What is Headline Analyzer's security score?

Headline Analyzer has a WP-Safety security score of 74/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Headline Analyzer Security & Risk Analysis

wordpress.org/plugins/headline-analyzer

Headline Studio WordPress plugin allows you to easily analyze & improve your headlines as you create content in WordPress

1K active installs v1.3.7 PHP 7.0+ WP 5.6+ Updated Oct 7, 2025

analysisheadlineheadline-analyzerseotitle-analyzer

B · Generally Safe

CVEs total3

Unpatched1

Last CVEOct 19, 2025

Plugin page Download

Safety Verdict

Is Headline Analyzer Safe to Use in 2026?

Mostly Safe

Score 74/100

Headline Analyzer is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Oct 19, 2025Updated 5mo ago

Risk Assessment

The "headline-analyzer" v1.3.7 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals good practices such as using prepared statements for all SQL queries and a notable percentage of output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface from these common vectors. Nonce and capability checks are present, indicating an awareness of WordPress security fundamentals.

However, several areas raise concerns. The presence of 3 known CVEs, with one currently unpatched, is a significant risk. The common vulnerability types associated with these CVEs (XSS, CSRF, Missing Authorization) are particularly worrying as they can lead to data compromise, unauthorized actions, and website defacement. While the taint analysis shows no critical or high-severity flows, the presence of "flows with unsanitized paths" is a red flag, suggesting potential for vulnerabilities if inputs are not handled meticulously, especially considering past XSS and authorization issues.

Overall, while the code itself has some good security implementations, the historical vulnerability data, particularly the unpatched CVE and the types of past vulnerabilities, points to a history of security weaknesses. This suggests that despite current efforts, there's a persistent risk of exploitable flaws, requiring vigilant monitoring and prompt patching.

Key Concerns

Currently unpatched CVE
Medium severity historical CVEs (3 total)
Flows with unsanitized paths
Historically common XSS vulnerabilities
Historically common CSRF vulnerabilities
Historically common Missing Authorization vulnerabilities
76% of outputs properly escaped (implies 24% not)

Vulnerabilities

Headline Analyzer Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-62974medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Headline Analyzer <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 19, 2025Unpatched

CVE-2024-32806medium · 4.3Cross-Site Request Forgery (CSRF)

Headline Analyzer <= 1.3.3 - Cross-Site Request Forgery

Apr 22, 2024 Patched in 1.3.4 (8d)

CVE-2023-46195medium · 6.5Missing Authorization

Headline Analyzer <= 1.3.1 - Missing Authorization via REST APIs

Oct 18, 2023 Patched in 1.3.2 (97d)

Code Analysis

Analyzed Mar 16, 2026

Headline Analyzer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

48 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

76% escaped63 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

cos_headlinestudio_handle_account_click_actions (includes\settings-page.php:26)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Headline Analyzer Attack Surface

Entry Points6

Unprotected0

REST API Routes 6

POST/wp-json/cos_headline_studio/v1/set_headline_post_meta/(?P<post_id>\d+)includes\custom-endpoints.php:29

GET/wp-json/cos_headline_studio/v1/disconnect_accountincludes\custom-endpoints.php:42

GET/wp-json/cos_headline_studio/v1/connect_account_handlerincludes\custom-endpoints.php:53

GET/wp-json/cos_headline_studio/v1/get_headline_post_meta/(?P<post_id>\d+)includes\custom-endpoints.php:64

GET/wp-json/cos_headline_studio/v1/set_preferred_editorincludes\custom-endpoints.php:77

GET/wp-json/cos_headline_studio/v1/set_onboardedincludes\custom-endpoints.php:88

WordPress Hooks 20

actioninitheadline-analyzer.php:67

actionregister_activation_hookheadline-analyzer.php:68

actionrest_api_initheadline-analyzer.php:69

actionpost_submitbox_misc_actionsheadline-analyzer.php:146

actionadmin_noticesheadline-analyzer.php:176

actionadd_meta_boxesheadline-analyzer.php:238

actionload-post.phpheadline-analyzer.php:246

actionload-post-new.phpheadline-analyzer.php:247

actionload-page.phpheadline-analyzer.php:248

actionload-page-new.phpheadline-analyzer.php:249

actionsave_postheadline-analyzer.php:257

actionadmin_enqueue_scriptsheadline-analyzer.php:316

filtermanage_post_posts_columnsincludes\custom-posts-columns.php:26

filtermanage_pages_columnsincludes\custom-posts-columns.php:27

actionmanage_post_posts_custom_columnincludes\custom-posts-columns.php:95

actionmanage_pages_custom_columnincludes\custom-posts-columns.php:96

actionadmin_enqueue_scriptsincludes\custom-posts-columns.php:135

actionadmin_menuincludes\settings-page.php:21

actionadmin_footerincludes\settings-page.php:134

actionadmin_enqueue_scriptsincludes\settings-page.php:220

Maintenance & Trust

Headline Analyzer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 7, 2025

PHP min version7.0

Downloads34K

Community Trust

Rating86/100

Number of ratings14

Active installs1K

Alternatives

Headline Analyzer Alternatives

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 18 CVEs

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

BoldGrid Easy SEO – Simple and Effective SEO

boldgrid-easy-seo

Easy SEO helps you easily create keyword rich content and rank higher in the search engines.

50K 2 CVEs

Semrush SEO Writing Assistant

semrush-seo-writing-assistant

100

The Semrush SEO Writing Assistant provides instant recommendations for content optimization based on the best-performing articles in Google's top 10.

10K No CVEs

SEOKEY – Powerful SEO plugin with Expert Insights and SEO Audit

seo-key

100

Improve SEO rankings with a powerful SEO Audit, automatic optimizations and Expert Insights. SEOKEY is the easiest and most powerful SEO plugin!

1K No CVEs

Developer Profile

Headline Analyzer Developer Profile

CoSchedule

3 plugins · 6K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

81 days

View full developer profile

Detection Fingerprints

How We Detect Headline Analyzer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/headline-analyzer/build/classic-editor-app.css/wp-content/plugins/headline-analyzer/build/classic-editor-app.js/wp-content/plugins/headline-analyzer/build/gutenberg-sidebar.css/wp-content/plugins/headline-analyzer/build/gutenberg-sidebar.js

Script Paths

/wp-content/plugins/headline-analyzer/build/classic-editor-app.js/wp-content/plugins/headline-analyzer/build/gutenberg-sidebar.js

Version Parameters

headline-analyzer/build/classic-editor-app.css?ver=headline-analyzer/build/classic-editor-app.js?ver=headline-analyzer/build/gutenberg-sidebar.css?ver=headline-analyzer/build/gutenberg-sidebar.js?ver=

HTML / DOM Fingerprints

CSS Classes

misc-pub-section-headline-studioheadlinestudio-gutenberg-sidebar-not-connectedhs-wp-button

Data Attributes

data-meta-key="cos_headlinestudio_analysis"data-meta-key="cos_headline_score"data-meta-key="cos_seo_score"

JS Globals

window.coscheduleHeadlineStudio.classicEditorApp.triggerAnalyzeFromPostMetaBoxwindow.coscheduleHeadlineStudio.currentPostId

REST Endpoints

/wp-json/headline-analyzer/v1/analyze/wp-json/headline-analyzer/v1/options/wp-json/headline-analyzer/v1/publish

FAQ