Save and Close Security & Risk Analysis
wordpress.org/plugins/lightbulb-save-and-closeAdds a Save and Close button to the admin post edit screen which allows you to return to the post listing page after editing.
Is Save and Close Safe to Use in 2026?
Generally Safe
Score 85/100Save and Close has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "lightbulb-save-and-close" plugin v1.2.1 exhibits a seemingly low risk profile based on the provided static analysis and vulnerability history. The absence of any recorded CVEs and the lack of identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events suggest a minimal attack surface. Furthermore, the code signals indicate no dangerous functions, file operations, or external HTTP requests, and all SQL queries utilize prepared statements.
However, a significant concern arises from the output escaping. With two total outputs analyzed and 0% properly escaped, there is a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also reveals two flows with unsanitized paths, although they are not classified as critical or high severity. This, combined with the complete lack of nonce and capability checks, means that even if an attacker can trigger these unsanitized flows, there's no built-in protection mechanism within the plugin to prevent unauthorized actions or data manipulation. The vulnerability history being clean is positive, but it doesn't mitigate the risks identified in the current code analysis.
In conclusion, while the plugin's small attack surface and the absence of known historical vulnerabilities are strengths, the critical deficiency in output escaping and the lack of authorization checks (capability/nonce) present clear and exploitable security weaknesses. These issues, if triggered, could lead to XSS attacks and potentially other vulnerabilities depending on the nature of the unsanitized data.
Key Concerns
- Output escaping: 0% properly escaped
- Taint analysis: Flows with unsanitized paths
- Nonce checks: 0
- Capability checks: 0
Save and Close Security Vulnerabilities
Save and Close Code Analysis
Output Escaping
Data Flow Analysis
Save and Close Attack Surface
WordPress Hooks 4
Maintenance & Trust
Save and Close Maintenance & Trust
Maintenance Signals
Community Trust
Save and Close Alternatives
Improved Save Button
improved-save-button
Improve your productivity with this "2-in-1" save button! It saves the post and immediately takes you to your next action.
eAngel.me Proofread your content. Grammar, Spelling, Punctuation And Proper Use Of Words.
eangel
eAngel provides a 24/7 professional proofreading services to WordPress users.
editnpublish.com Easy English Editing
editnpublishcom-easy-english-editing
Editnpublish can help all non-native writers write clear and grammatically correct English.
Post Lock
post-lock
Post Lock prevents accidental updating or publishing of content by requiring a password to do either.
Custom Fonts – Host Your Fonts Locally
custom-fonts
Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …
Save and Close Developer Profile
1 plugin · 500 total installs
How We Detect Save and Close
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
name="save-close"name="saveclose_referer"<input type="hidden" name="saveclose_referer" value="<input type="submit" tabindex="5" value="" class="button-primary" id="custom" name="save-close"><div class="updated">
<p>Post saved</p>
</div>