Does Live Blogging have any unpatched vulnerabilities?

No. All known vulnerabilities in Live Blogging have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Live Blogging compatible with WordPress 3.3.2?

According to WordPress.org data, Live Blogging 2.2.5 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Live Blogging updated?

Live Blogging was last updated on May 2, 2012. Frequent updates are generally a positive security signal.

What is Live Blogging's security score?

Live Blogging has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Live Blogging Security & Risk Analysis

wordpress.org/plugins/live-blogging

Live Blogging is a plugin that allows you to insert micro/live blogs into posts with automatic updating of the content.

100 active installs v2.2.5 PHP + WP 3.0+ Updated May 2, 2012

bloggingeventjavascriptlivemicro

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Live Blogging Safe to Use in 2026?

Generally Safe

Score 85/100

Live Blogging has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The 'live-blogging' plugin version 2.2.5 exhibits a mixed security posture. While it boasts a clean vulnerability history with no known CVEs and good practices like a decent percentage of SQL prepared statements and nonce/capability checks, there are significant concerns regarding its attack surface and data sanitization. The presence of three unprotected AJAX handlers presents a direct entry point for potential unauthenticated attacks. Furthermore, the taint analysis revealing three flows with unsanitized paths, even without critical or high severity, indicates a risk of injection vulnerabilities if these flows interact with sensitive operations. The relatively low percentage of properly escaped outputs also raises concerns about cross-site scripting (XSS) vulnerabilities.

Despite the absence of historical vulnerabilities, the current static analysis highlights potential weaknesses that could be exploited. The plugin's strengths lie in its lack of recorded vulnerabilities and the use of some security measures like prepared statements and nonce checks. However, the unprotected AJAX handlers and unsanitized paths are notable weaknesses that require immediate attention. A balanced conclusion is that while the plugin has not been historically targeted or found to be vulnerable, its current codebase contains elements that expose it to significant risk.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low percentage of properly escaped outputs
SQL queries not using prepared statements

Vulnerabilities

None known

Live Blogging Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Live Blogging Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared8 total queries

Output Escaping

56% escaped48 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

live_blogging_chatbox (live-blogging.php:886)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Live Blogging Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

authwp_ajax_live_blogging_polllive-blogging.php:81

noprivwp_ajax_live_blogging_polllive-blogging.php:82

authwp_ajax_live_blogging_update_chatboxlive-blogging.php:932

Shortcodes 1

[liveblog] live-blogging.php:1113

WordPress Hooks 32

actioninitlive-blogging.php:35

actionadmin_initlive-blogging.php:101

actionadmin_menulive-blogging.php:184

actionsave_postlive-blogging.php:556

actionsave_pagelive-blogging.php:557

actionmedia_buttons_contextlive-blogging.php:601

actionadmin_headlive-blogging.php:612

actionsave_postlive-blogging.php:691

actionadmin_headlive-blogging.php:786

filterpost_updated_messageslive-blogging.php:799

filterwp_insert_post_datalive-blogging.php:825

filterwp_insert_post_datalive-blogging.php:884

filterredirect_post_locationlive-blogging.php:938

filterthe_titlelive-blogging.php:960

actionmanage_posts_custom_columnlive-blogging.php:995

filtermanage_liveblog_entry_posts_columnslive-blogging.php:1010

filterthe_contentlive-blogging.php:1099

actioninitlive-blogging.php:1206

actionpublish_liveblog_entrylive-blogging.php:1229

actiondelete_postlive-blogging.php:1263

actiontrash_postlive-blogging.php:1264

actionedit_commentlive-blogging.php:1296

actioncomment_postlive-blogging.php:1297

actionwp_set_comment_statuslive-blogging.php:1298

actionpublish_liveblog_entrylive-blogging.php:1341

actiondelete_postlive-blogging.php:1390

actiontrash_postlive-blogging.php:1391

actionlive_blogging_check_twitterlive-blogging.php:1411

filtercron_scheduleslive-blogging.php:1473

actiondelete_postlive-blogging.php:1532

actiontrash_postlive-blogging.php:1533

actionpublish_liveblog_entrylive-blogging.php:1547

Scheduled Events 1

live_blogging_check_twitter

Maintenance & Trust

Live Blogging Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedMay 2, 2012

PHP min version

Downloads40K

Community Trust

Rating100/100

Number of ratings5

Active installs100

Alternatives

Live Blogging Alternatives

Live Blogging Plus

live-blogging-plus

Live Blogging is a plugin that allows you to insert micro/live blogs into posts with automatic updating of the content.

60 No CVEs

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs

24liveblog – live blog tool

24liveblog

24liveblog is the most popular live blog tool, trusted by thousands of publishers.

700 No CVEs

Arena.IM – Live Blogging for real-time events

arena-liveblog-and-chat-tool

Arena.im is a powerful FREE live blogging platform for real-time events. Cover sports, news, tech, etc. SEO optimized and mobile ready.

200 2 unpatched

Share on Bluesky

share-on-bluesky

A simple Crossposter for Bluesky (AT Protocol)

200 No CVEs

Developer Profile

Live Blogging Developer Profile

chrisnorthwood

5 plugins · 240 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Live Blogging

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/live-blogging/css/style.css/wp-content/plugins/live-blogging/css/live-blogging.css

Script Paths

/wp-content/plugins/live-blogging/live-blogging.min.js

Version Parameters

live-blogging/live-blogging.min.js?ver=live-blogging/css/live-blogging.css?ver=

HTML / DOM Fingerprints

CSS Classes

live-blogging-entrylive-blogging-update

HTML Comments

+2 more

Data Attributes

data-live-blogging-iddata-live-blogging-update-interval

JS Globals

live_blogging

REST Endpoints

/wp-json/live-blogging/v1/entries

Shortcode Output

[live-blogging][live-blogging-comments]

FAQ