Does LH Posse have any unpatched vulnerabilities?

No. All known vulnerabilities in LH Posse have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LH Posse compatible with WordPress 4.9.29?

According to WordPress.org data, LH Posse 1.03 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is LH Posse updated?

LH Posse was last updated on Dec 16, 2017. Frequent updates are generally a positive security signal.

What is LH Posse's security score?

LH Posse has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LH Posse Security & Risk Analysis

wordpress.org/plugins/lh-posse

A flexible way to syndicate your content to Facebook, Twitter, or anywhere via IFTTT using customised feeds.

10 active installs v1.03 PHP + WP 3.0+ Updated Dec 16, 2017

facebookfeedfeedsrsstwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LH Posse Safe to Use in 2026?

Generally Safe

Score 85/100

LH Posse has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "lh-posse" plugin v1.03 exhibits a concerning security posture despite the absence of known vulnerabilities or critical findings in static and taint analysis. The most significant weakness lies in the complete lack of output escaping, meaning all 44 identified output points are potentially vulnerable to cross-site scripting (XSS) attacks. This widespread vulnerability, coupled with the absence of nonce and capability checks, exposes the plugin to various client-side attacks if an attacker can inject malicious input that is later rendered without sanitization. While the plugin shows good practice by using prepared statements for its single SQL query and has no recorded history of CVEs, these strengths are significantly overshadowed by the critical flaw in output handling and the absence of essential security checks for its attack surface, which is currently zero but could easily increase if functionality is added without proper security considerations. The plugin's current lack of an attack surface is a positive sign, but it's crucial to address the output escaping issue immediately to prevent future vulnerabilities.

Key Concerns

0% of outputs properly escaped
0 Nonce checks present
0 Capability checks present

Vulnerabilities

None known

LH Posse Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

LH Posse Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped44 total outputs

Attack Surface

LH Posse Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

filterwp_insert_postincludes\hashtags.php:21

filterthe_contentincludes\hashtags.php:33

filterthe_contentincludes\rel-syndication.php:32

actioninitlh-posse.php:166

actionpre_get_postslh-posse.php:175

Maintenance & Trust

LH Posse Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 16, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

LH Posse Alternatives

Metro Style Social Widget

metro-style-social-widget

Metro Style Social Network Widget

300 No CVEs

Feeder Ninja: Create and add RSS & Social feeds to your website on-the-fly

feeder-ninja-feed

The best tool for adding RSS & Social media feeds to your Wordpress website. Powered by Common Ninja.

50 No CVEs

Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds

facebook-pagelike-widget

Floating Social Media Icons, Sticky Share Buttons, Facebook Feeds, & Popup builder. Also, create Call, Email, SMS, & Contact buttons to increa …

50K 2 CVEs

Disable Feeds

disable-feeds

Disables all RSS/Atom/RDF feeds on your WordPress site.

30K No CVEs

GN Publisher: Google News Compatible RSS Feeds

gn-publisher

100

GN Publisher makes RSS feeds that comply with the Google News RSS Feed Technical Requirements for including your site in the Google News.

20K 1 CVE

Developer Profile

LH Posse Developer Profile

shawfactor

77 plugins · 15K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect LH Posse

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

usyndicationu-syndication

FAQ