Does JMB Post Feeds have any unpatched vulnerabilities?

No. All known vulnerabilities in JMB Post Feeds have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is JMB Post Feeds compatible with WordPress 4.8.28?

According to WordPress.org data, JMB Post Feeds 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is JMB Post Feeds updated?

JMB Post Feeds was last updated on Jul 19, 2017. Frequent updates are generally a positive security signal.

What is JMB Post Feeds's security score?

JMB Post Feeds has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

JMB Post Feeds Security & Risk Analysis

wordpress.org/plugins/jmb-post-feeds

Create post feeds in CSV, XML, RSS, Google RSS, Text & Custom formats.

0 active installs v1.0 PHP + WP 4.0+ Updated Jul 19, 2017

csvfeedpost-feedrssxml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is JMB Post Feeds Safe to Use in 2026?

Generally Safe

Score 85/100

JMB Post Feeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "jmb-post-feeds" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with open attack surfaces, coupled with the use of prepared statements for all SQL queries, indicates good development practices and a limited potential for common web vulnerabilities. The presence of nonce and capability checks, although only one of each, is also a positive sign.

However, the primary concern lies in the output escaping. With 46% of outputs not properly escaped, this plugin introduces a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts through data that is displayed on the frontend, leading to session hijacking or other harmful actions. The plugin's clean vulnerability history and lack of critical taint analysis findings are strengths, but the high percentage of unescaped output remains a critical weakness that needs immediate attention.

Key Concerns

Significant portion of output not escaped

Vulnerabilities

None known

JMB Post Feeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

JMB Post Feeds Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

43 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

46% escaped94 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

__construct (includes\download-feed.php:61)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

JMB Post Feeds Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

filtermanage_jmb_post_feed_posts_columnsincludes\feeds-table.php:62

actionmanage_posts_custom_columnincludes\feeds-table.php:63

actionadd_meta_boxesincludes\meta-boxes.php:62

actionsave_postincludes\meta-boxes.php:63

actionadmin_menuincludes\test-page.php:62

actioninitjmb-post-feeds.php:93

actionadmin_enqueue_scriptsjmb-post-feeds.php:94

actionbefore_delete_postjmb-post-feeds.php:95

Maintenance & Trust

JMB Post Feeds Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJul 19, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

JMB Post Feeds Alternatives

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es …

100K 22 CVEs

WPeMatico RSS Feed Fetcher

wpematico

WPeMatico is autoblogging in the blink of an eye! On complete autopilot, WPeMatico delivers fresh content to your site regularly!

10K 6 CVEs

Import WP – Export and Import CSV and XML files to WordPress

jc-importer

Import WP, a simple, fast and powerful XML and CSV import solution, Making it easy to import posts, pages, categories, tags, users and attachments.

5K 5 CVEs

Import XML and RSS Feeds

import-xml-feed

Import content from any XML or RSS file or URL. Very useful for importing content from Wix websites.

2K 4 CVEs

GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels

gg-woo-feed

No #1 WooCommerce Feed Generator Creates product feed for marketing channel Google Shopping Merchant, Meta Remarketing, Printerest and Others Channels

1K 2 CVEs

Developer Profile

JMB Post Feeds Developer Profile

jmb272

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect JMB Post Feeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jmb-post-feeds/assets/js/admin.js/wp-content/plugins/jmb-post-feeds/assets/css/admin.css

Script Paths

/wp-content/plugins/jmb-post-feeds/assets/js/admin.js

Version Parameters

jmb-post-feed-admin

HTML / DOM Fingerprints

CSS Classes

jmb-pf

JS Globals

data_obj

FAQ