Livejournal Crossposter Remix Security & Risk Analysis
wordpress.org/plugins/livejournal-crossposter-remixAutomatically copies all posts to a LiveJournal or other LiveJournal-based blog (exclude text in shortcode [nocrosspost]smth[/nocrosspost] - buttons f …
Is Livejournal Crossposter Remix Safe to Use in 2026?
Generally Safe
Score 85/100Livejournal Crossposter Remix has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "livejournal-crossposter-remix" v2.3 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a commendably small attack surface with no direct AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. Furthermore, the absence of known CVEs and a clean vulnerability history suggests a generally stable and well-maintained codebase.
However, significant concerns arise from the code signals. The presence of the `create_function` is a notable risk, as it can be a vector for code injection if used with user-supplied input. While the majority of SQL queries use prepared statements, the 7 total queries still represent potential interaction points. The most critical finding is the lack of output escaping for any of the 8 outputs analyzed, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities if any output is derived from user input. The taint analysis, while limited in scope, did identify one flow with an unsanitized path, which could indicate a potential for path traversal vulnerabilities, though its severity was not classified as critical or high.
In conclusion, while the plugin benefits from a limited attack surface and no known historical vulnerabilities, the identified code signals, particularly the unescaped output and the use of `create_function`, introduce substantial security risks. The taint analysis, even with a low severity classification, warrants attention due to the unsanitized path. Addressing these specific code-level issues should be a priority to improve the plugin's overall security.
Key Concerns
- Unescaped output found
- Use of dangerous function 'create_function'
- Flow with unsanitized path found
- SQL queries without prepared statements (2/7)
- No nonce checks on potential entry points
Livejournal Crossposter Remix Security Vulnerabilities
Livejournal Crossposter Remix Code Analysis
Dangerous Functions Found
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Livejournal Crossposter Remix Attack Surface
WordPress Hooks 16
Maintenance & Trust
Livejournal Crossposter Remix Maintenance & Trust
Maintenance Signals
Community Trust
Livejournal Crossposter Remix Alternatives
LiveJournal Crossposter
lj-xp
Automatically crossposts your WP entries to your LiveJournal or LJ-based clone.
YARPP – Yet Another Related Posts Plugin
yet-another-related-posts-plugin
The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.
Contextual Related Posts
contextual-related-posts
Keep visitors on your site longer with intelligent, fast-loading, contextually related posts. Block, shortcode, custom post type and widget ready.
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
wp-rss-aggregator
The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
feedzy-rss-feeds
The most powerful WordPress RSS aggregator, helping you curate content, autoblog, import RSS & display unlimited RSS feeds within a few minutes.
Livejournal Crossposter Remix Developer Profile
6 plugins · 8K total installs
How We Detect Livejournal Crossposter Remix
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
[nocrosspost][/nocrosspost]