Does In This Article have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is In This Article compatible with WordPress 6.6.5?

According to WordPress.org data, In This Article 1.1.3 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is In This Article compatible with PHP 7.4+?

In This Article requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is In This Article updated?

In This Article was last updated on Feb 20, 2025. Frequent updates are generally a positive security signal.

What is In This Article's security score?

In This Article has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

In This Article Security & Risk Analysis

wordpress.org/plugins/in-this-article

Fetches all H2 and H3 tags from post content and allows displaying them in a clickable list using a shortcode.

0 active installs v1.1.3 PHP 7.4+ WP 6.6+ Updated Feb 20, 2025

h2h3headingspost-contentshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is In This Article Safe to Use in 2026?

Generally Safe

Score 92/100

In This Article has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "in-this-article" plugin v1.1.3 exhibits a strong security posture based on the static analysis and vulnerability history provided. The code demonstrates good practices by using prepared statements for all SQL queries and properly escaping all output. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its security. There are no recorded vulnerabilities or CVEs, and the taint analysis found no critical or high-severity issues, indicating a low likelihood of exploitable code flaws. However, a notable area for improvement is the complete lack of nonce checks and capability checks. While the attack surface is small with only one shortcode and no unprotected entry points detected, these missing checks could potentially become a concern if the plugin's functionality evolves or if new vulnerabilities are discovered in WordPress core that could be leveraged by unauthenticated users accessing the shortcode. Overall, the plugin appears secure for its current functionality, but the absence of authorization checks is a weakness that could be addressed to enhance its resilience.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

In This Article Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

In This Article Release Timeline

v1.1.3Current

v1.1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 17, 2026

In This Article Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped10 total outputs

Attack Surface

In This Article Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[itah_in_this_article] in-this-article.php:151

WordPress Hooks 4

actionwp_enqueue_scriptsin-this-article.php:25

actionadmin_enqueue_scriptsin-this-article.php:36

actionadmin_menuin-this-article.php:54

filterthe_contentin-this-article.php:184

Maintenance & Trust

In This Article Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedFeb 20, 2025

PHP min version7.4

Downloads624

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

In This Article Alternatives

Post Content Shortcodes

post-content-shortcodes

Adds shortcodes to display the content of a post or a list of posts.

2K No CVEs

Custom ShortCode Creator

custom-shortcode-creator

This Custom Shotcode Creator plugin allows you to quickly define custom shortcodes via admin dashboard without any hassle.

200 No CVEs

Notice Boxes with Shortcodes

notice-boxes-with-shortcodes

This plugin allows you to make notice boxes (styled content boxes of different colors) to display different messages via shortcodes.

80 No CVEs

Post Content Shortcode

post-content-shortcode

100

Embed the content of another post using a simple shortcode. Useful for reusing content across pages or posts.

30 No CVEs

Wpautop Mask

wpautop-mask

Toggle wpautop with shortcodes.

10 No CVEs

Developer Profile

In This Article Developer Profile

Infinite Uploads

6 plugins · 101K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

18 days

View full developer profile

Detection Fingerprints

How We Detect In This Article

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/in-this-article/assets/css/itah-style.css/wp-content/plugins/in-this-article/assets/js/itah-script.js/wp-content/plugins/in-this-article/assets/admin/js/itah-admin-script.js/wp-content/plugins/in-this-article/assets/admin/css/itah-admin-style.css

Script Paths

/wp-content/plugins/in-this-article/assets/js/itah-script.js/wp-content/plugins/in-this-article/assets/admin/js/itah-admin-script.js

HTML / DOM Fingerprints

CSS Classes

ita_in_this_article_wrapperitah_guideitah_headingitah_description

Data Attributes

id="itah-shortcode"

Shortcode Output

<div class="ita_in_this_article_wrapper"><h4>In this article</h4><ul>

FAQ