Does Latest Post Shortcode have any unpatched vulnerabilities?

No. All known vulnerabilities in Latest Post Shortcode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Latest Post Shortcode compatible with WordPress 6.9.4?

According to WordPress.org data, Latest Post Shortcode 14.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Latest Post Shortcode compatible with PHP 7.3.5+?

Latest Post Shortcode requires PHP 7.3.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Latest Post Shortcode updated?

Latest Post Shortcode was last updated on Feb 9, 2026. Frequent updates are generally a positive security signal.

What is Latest Post Shortcode's security score?

Latest Post Shortcode has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Latest Post Shortcode Security & Risk Analysis

wordpress.org/plugins/latest-post-shortcode

The "Latest Post Shortcode" allows you to create a dynamic content selection from your posts by combining, limiting, and filtering what you need.

4K active installs v14.2.2 PHP 7.3.5+ WP 5.5.0+ Updated Feb 9, 2026

configurable-shortcode-with-uigutenberg-blockpaginated-postsposts-gridposts-shortcode

A · Safe

CVEs total2

Unpatched0

Last CVEJan 24, 2026

Plugin page Download

Safety Verdict

Is Latest Post Shortcode Safe to Use in 2026?

Generally Safe

Score 98/100

Latest Post Shortcode has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 24, 2026Updated 1mo ago

Risk Assessment

The "latest-post-shortcode" plugin exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. The presence of three unprotected AJAX handlers presents a substantial risk, as these can be directly accessed by unauthenticated users, potentially leading to unauthorized actions or information disclosure. The lack of nonce checks on these AJAX endpoints further exacerbates this issue.

The vulnerability history is particularly noteworthy, with two past medium-severity CVEs related to Missing Authorization and Cross-Site Scripting. Although currently unpatched vulnerabilities are zero, the historical pattern of these specific vulnerability types suggests recurring issues with input validation and access control within the plugin. The fact that the last vulnerability was in 2026, while the current date is likely before that, could indicate a future unpatched vulnerability or an error in the provided data.

Key Concerns

3 unprotected AJAX handlers present
Missing nonce checks on AJAX
2 historical medium CVEs
Missing capability checks

Vulnerabilities

Latest Post Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2026-24995medium · 4.3Missing Authorization

Latest Post Shortcode <= 14.2.0 - Missing Authorization

Jan 24, 2026 Patched in 14.2.1 (10d)

CVE-2025-58609medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Latest Post Shortcode <= 14.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2025 Patched in 14.10 (8d)

Code Analysis

Analyzed Mar 16, 2026

Latest Post Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

428 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped449 total outputs

Attack Surface

3 unprotected

Latest Post Shortcode Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 4

noprivwp_ajax_lps_navigate_to_pagelatest-post-shortcode.php:221

authwp_ajax_lps_navigate_to_pagelatest-post-shortcode.php:222

authwp_ajax_lps_reset_cachelatest-post-shortcode.php:223

authwp_ajax_plugin-deactivate-notice-lpslatest-post-shortcode.php:226

Shortcodes 1

[latest-selected-content] latest-post-shortcode.php:205

WordPress Hooks 32

actionadmin_noticesincs\deprecated-extension.php:18

actionplugins_loadedincs\elementor\class-elementor-lps-extension.php:65

actionadmin_noticesincs\elementor\class-elementor-lps-extension.php:76

actionadmin_noticesincs\elementor\class-elementor-lps-extension.php:82

actionadmin_noticesincs\elementor\class-elementor-lps-extension.php:88

actionelementor/editor/before_enqueue_scriptsincs\elementor\class-elementor-lps-extension.php:94

filterlps/load_assets_on_pageincs\elementor\class-elementor-lps-extension.php:97

actionelementor/editor/before_enqueue_scriptsincs\elementor\class-elementor-lps-extension.php:100

actionelementor/editor/before_enqueue_scriptsincs\elementor\class-elementor-lps-extension.php:101

actionelementor/editor/before_enqueue_scriptsincs\elementor\class-elementor-lps-extension.php:102

actionelementor/editor/before_enqueue_scriptsincs\elementor\class-elementor-lps-extension.php:103

actionelementor/widgets/widgets_registeredincs\elementor\class-elementor-lps-extension.php:106

actionelementor/controls/controls_registeredincs\elementor\class-elementor-lps-extension.php:107

actioninitlatest-post-shortcode.php:204

actionadmin_footerlatest-post-shortcode.php:208

actionadmin_enqueue_scriptslatest-post-shortcode.php:209

actionwp_enqueue_scriptslatest-post-shortcode.php:212

actionwp_enqueue_scriptslatest-post-shortcode.php:213

actionwp_insert_postlatest-post-shortcode.php:216

actionpost_updatedlatest-post-shortcode.php:217

actionwp_trash_postlatest-post-shortcode.php:218

actionbefore_delete_postlatest-post-shortcode.php:219

actionadmin_noticeslatest-post-shortcode.php:225

actionplugins_loadedlatest-post-shortcode.php:227

actionadmin_initlatest-post-shortcode.php:230

actionwp_enqueue_scriptslatest-post-shortcode.php:231

actionparse_querylatest-post-shortcode.php:234

filterposts_wherelatest-post-shortcode.php:2020

filterposts_joinlatest-post-shortcode.php:2021

filterprepend_attachmentlatest-post-shortcode.php:2643

filterredirect_canonicallatest-post-shortcode.php:3840

filterwidget_textlatest-post-shortcode.php:3854

Maintenance & Trust

Latest Post Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 9, 2026

PHP min version7.3.5

Downloads160K

Community Trust

Rating96/100

Number of ratings46

Active installs4K

Alternatives

Latest Post Shortcode Alternatives

Bokez – WordPress 5 Blocks

bokez-awesome-gutenberg-blocks

Build a beautiful website in minutes with best 15 essential Wordpress blocks. Customizable and super easy to use.

90 No CVEs

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Page Builder Gutenberg Blocks – CoBlocks

coblocks

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K 1 unpatched

Developer Profile

Latest Post Shortcode Developer Profile

Iulia Cazan

8 plugins · 21K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

84 days

View full developer profile

Detection Fingerprints

How We Detect Latest Post Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/latest-post-shortcode/assets/css/frontend.css/wp-content/plugins/latest-post-shortcode/assets/css/slick.css/wp-content/plugins/latest-post-shortcode/assets/css/slick-theme.css/wp-content/plugins/latest-post-shortcode/assets/js/frontend.js/wp-content/plugins/latest-post-shortcode/assets/js/slick.min.js/wp-content/plugins/latest-post-shortcode/assets/js/frontend-admin.js

Script Paths

/wp-content/plugins/latest-post-shortcode/assets/js/frontend.js/wp-content/plugins/latest-post-shortcode/assets/js/slick.min.js/wp-content/plugins/latest-post-shortcode/assets/js/frontend-admin.js

Version Parameters

ver=14.22ver=lps_asset_version

HTML / DOM Fingerprints

CSS Classes

lps-shortcode-wrapperlps-cardlps-card-image-leftlps-card-image-rightlps-card-no-imagelps-tile-contentlps-slick-slider-wrapperlps-slick-wrapper+14 more

HTML Comments

+9 more

Data Attributes

data-lps-post-iddata-lps-target-blankdata-lps-read-more-textdata-lps-image-sizedata-lps-show-categoriesdata-lps-show-tags+21 more

JS Globals

LPSFrontendLPSAdminlps_vars

REST Endpoints

/wp-json/lps/v1/settings/wp-json/lps/v1/posts

Shortcode Output

[latest-selected-content]

FAQ