Just Post Preview Widget Security & Risk Analysis
wordpress.org/plugins/just-post-previewWidget to easy add any post content preview blocks with different layouts, specified in the theme.
Is Just Post Preview Widget Safe to Use in 2026?
Use With Caution
Score 62/100Just Post Preview Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The 'just-post-preview' plugin exhibits a concerning security posture, despite some positive code signals. While the static analysis found no direct evidence of dangerous functions or SQL injection vulnerabilities due to prepared statements, the plugin has a significant attack surface with an unprotected AJAX handler. This lack of authentication on an entry point is a major weakness. Furthermore, the output escaping is extremely poor, with only 12% of outputs being properly escaped, leaving the plugin highly susceptible to Cross-Site Scripting (XSS) attacks. The vulnerability history is also alarming; a high-severity Remote File Inclusion (RFI) vulnerability was discovered and remains unpatched, indicating a significant ongoing risk. The plugin's previous high-severity RFI vulnerability suggests a pattern of insecure coding practices related to file handling and input validation, which directly contributes to the current lack of proper output escaping and the unprotected AJAX handler.
Key Concerns
- Unpatched high severity CVE
- Unprotected AJAX handler
- Low percentage of properly escaped output
- Missing nonce checks on AJAX
- Missing capability checks on AJAX
Just Post Preview Widget Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Just Post Preview Widget <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion
Just Post Preview Widget Release Timeline
Just Post Preview Widget Code Analysis
SQL Query Safety
Output Escaping
Just Post Preview Widget Attack Surface
AJAX Handlers 1
WordPress Hooks 2
Maintenance & Trust
Just Post Preview Widget Maintenance & Trust
Maintenance Signals
Community Trust
Just Post Preview Widget Alternatives
SimpleTwit
simpletwit
Everything a developer or designer needs to pull in a Twitter feed. All in a slim package that won't get in the way of your creativity.
WP Dash Support
wp-dash-support
A plugin that adds a contact form on the dashboard for developers to use to give clients an easier way to contact them.
Deen Post Layouts Addon for Elementor
deen-post-layouts-addon-for-elementor
Are you looking for a best post layouts addon for elementor wordpress plugin? Then Deen is the best and perfect post layouts addon for your WordPress …
K-Dev Widget Shortcode
k-dev-widget-shortcode
You can use Shortcode In Widget and you can use [widget_shortcode_test] for test in this plugin.
Classic Widgets
classic-widgets
Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.
Just Post Preview Widget Developer Profile
5 plugins · 2K total installs
How We Detect Just Post Preview Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/just-post-preview/assets/post_preview_widget.css/wp-content/plugins/just-post-preview/assets/post_preview_widget.js/wp-content/plugins/just-post-preview/assets/post_preview_widget.jsjust-post-preview/assets/post_preview_widget.css?ver=just-post-preview/assets/post_preview_widget.js?ver=HTML / DOM Fingerprints
jpp_widgetjpp_post_previewjpp_post_preview_{postid}jpp_layout_{layout}data-jpp_post_previewjpp_post_preview_widget_params/wp-json/jpp/v1/posts