Does MagicPost – WordPress文章管理功能增强插件 have any unpatched vulnerabilities?

No. All known vulnerabilities in MagicPost – WordPress文章管理功能增强插件 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MagicPost – WordPress文章管理功能增强插件 compatible with WordPress 6.8.5?

According to WordPress.org data, MagicPost – WordPress文章管理功能增强插件 2.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is MagicPost – WordPress文章管理功能增强插件 compatible with PHP 7.0.0+?

MagicPost – WordPress文章管理功能增强插件 requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MagicPost – WordPress文章管理功能增强插件 updated?

MagicPost – WordPress文章管理功能增强插件 was last updated on Jul 16, 2025. Frequent updates are generally a positive security signal.

What is MagicPost – WordPress文章管理功能增强插件's security score?

MagicPost – WordPress文章管理功能增强插件 has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MagicPost – WordPress文章管理功能增强插件 Security & Risk Analysis

wordpress.org/plugins/magicpost

MagicPost（中文为魔法文章），如其名，该插件的主要目的是为WordPress的文章管理赋予更多高效，增强的功能。如定时发布管理，文章搬家，文章翻译，HTML代码清洗，下载文件管理，编辑器增强，社交分享小组件和TOC内容目录。

300 active installs v2.0.0 PHP 7.0.0+ WP 6.0+ Updated Jul 16, 2025

autoposthtml-cleanerpost-migrationsocial-widgettoc

A · Safe

CVEs total1

Unpatched0

Last CVEDec 20, 2024

Plugin page Download

Safety Verdict

Is MagicPost – WordPress文章管理功能增强插件 Safe to Use in 2026?

Generally Safe

Score 99/100

MagicPost – WordPress文章管理功能增强插件 has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 20, 2024Updated 8mo ago

Risk Assessment

The 'magicpost' plugin version 2.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for the vast majority of its SQL queries and properly escaping most of its output. The absence of critical or high-severity taint flows suggests that input sanitization for web page generation is generally well-handled. Furthermore, there are no currently unpatched CVEs, indicating that past vulnerabilities have been addressed.

However, significant concerns arise from the attack surface. The plugin exposes 15 AJAX handlers, with a notable 6 of these lacking any authentication checks. This is a substantial number of potential entry points that could be exploited by unauthenticated users, leading to various attacks depending on the functionality of these handlers. While the vulnerability history shows only one medium-severity CVE in the past, this XSS vulnerability, even if patched, highlights a past weakness in output neutralization. The presence of bundled libraries also introduces a potential risk if they are not kept up-to-date, though no specific issues are detailed in the provided data.

In conclusion, while 'magicpost' shows promise with its SQL and output handling, the large number of unprotected AJAX handlers presents a clear and immediate security risk. The past XSS vulnerability, although patched, serves as a reminder of the need for continued vigilance in input validation and output escaping, especially for endpoints accessible without authentication.

Key Concerns

Unprotected AJAX handlers
Medium severity vulnerability history

Vulnerabilities

MagicPost – WordPress文章管理功能增强插件 Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12591medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode

Dec 20, 2024 Patched in 1.2.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

MagicPost – WordPress文章管理功能增强插件 Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

214 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

82% prepared33 total queries

Output Escaping

88% escaped244 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<download> (module\download.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

MagicPost – WordPress文章管理功能增强插件 Attack Surface

Entry Points17

Unprotected6

AJAX Handlers 15

authwp_ajax_magicpostmodule\clean.php:28

authwp_ajax_magicpostmodule\download.php:24

authwp_ajax_wb_mpdl_frontmodule\download.php:48

noprivwp_ajax_wb_mpdl_frontmodule\download.php:49

authwp_ajax_magicpostmodule\enhance.php:16

authwp_ajax_magicpostmodule\magicpost.php:44

authwp_ajax_wb_magicpost_localizemodule\magicpost.php:52

noprivwp_ajax_wb_magicpost_localizemodule\magicpost.php:53

authwp_ajax_magicpostmodule\move.php:15

authwp_ajax_magicpostmodule\schedule.php:36

authwp_ajax_magicpostmodule\share.php:15

authwp_ajax_dwqr_ajaxmodule\share.php:27

noprivwp_ajax_dwqr_ajaxmodule\share.php:28

authwp_ajax_magicpostmodule\toc.php:18

authwp_ajax_magicpostmodule\translate.php:34

Shortcodes 2

[wb_share_social] module\share.php:29

[magicpost_toc_items] module\toc.php:34

WordPress Hooks 49

actionwp_enqueue_scriptsclasses\front.class.php:14

actionadmin_head-post.phpmodule\clean.php:19

actionadmin_head-post-new.phpmodule\clean.php:20

actionmedia_buttonsmodule\clean.php:21

filteruse_block_editor_for_post_typemodule\clean.php:24

actionadd_meta_boxesmodule\download.php:37

actionsave_postmodule\download.php:38

filterthe_contentmodule\download.php:40

actionwp_enqueue_scriptsmodule\download.php:41

actionwp_footermodule\download.php:42

actionwidgets_initmodule\download.php:44

filterwb_dlip_htmlmodule\download.php:45

filtercomment_form_field_cookiesmodule\download.php:169

actionset_comment_cookiesmodule\download.php:170

filterbody_classmodule\download.php:175

actionpost_submitbox_misc_actionsmodule\enhance.php:26

filterwp_insert_post_datamodule\enhance.php:27

filterpost_row_actionsmodule\enhance.php:31

actionsave_postmodule\enhance.php:37

actionmedia_buttonsmodule\enhance.php:42

actionadmin_enqueue_scriptsmodule\enhance.php:43

actionplugins_loadedmodule\magicpost.php:12

filterall_pluginsmodule\magicpost.php:17

actionadmin_menumodule\magicpost.php:34

filterplugin_row_metamodule\magicpost.php:36

filterplugin_action_linksmodule\magicpost.php:37

actionadmin_enqueue_scriptsmodule\magicpost.php:39

actionadmin_head-post.phpmodule\magicpost.php:40

actionadmin_head-post-new.phpmodule\magicpost.php:41

actionadmin_noticesmodule\magicpost.php:42

actionwp_footermodule\magicpost.php:49

actionmagic_post_schedule_postmodule\schedule.php:19

filterthe_contentmodule\share.php:24

actionplugins_loadedmodule\share.php:31

filterthe_contentmodule\toc.php:27

actionwp_enqueue_scriptsmodule\toc.php:28

actionadmin_head-post.phpmodule\toc.php:30

actionadmin_head-post-new.phpmodule\toc.php:31

actionwidgets_initmodule\toc.php:35

filtermce_external_pluginsmodule\toc.php:414

filtermce_buttonsmodule\toc.php:415

filtermagicpost_front_inline_cssmodule\toc.php:439

actiontranslate_single_postmodule\translate.php:24

actionmagic_post_translate_postmodule\translate.php:25

actionmagic_post_baidu_translate_get_docmodule\translate.php:30

actionadmin_initmodule\translate.php:36

filterpost_row_actionsmodule\translate.php:37

actionrestrict_manage_postsmodule\translate.php:39

actionparse_querymodule\translate.php:40

Scheduled Events 4

magic_post_schedule_post

magic_post_translate_post

translate_single_post

magic_post_baidu_translate_get_doc

Maintenance & Trust

MagicPost – WordPress文章管理功能增强插件 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 16, 2025

PHP min version7.0.0

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

MagicPost – WordPress文章管理功能增强插件 Alternatives

Easy Table of Contents

easy-table-of-contents

Adds a user friendly and fully automatic way to create and display a table of contents generated from the page content.

600K 5 CVEs

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

Table of Contents Plus

table-of-contents-plus

A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.

200K 5 CVEs

LuckyWP Table of Contents

luckywp-table-of-contents

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs

Open Graph and Twitter Card Tags

wonderm00ns-simple-facebook-open-graph-tags

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K 2 CVEs

Developer Profile

MagicPost – WordPress文章管理功能增强插件 Developer Profile

wbolt.com

11 plugins · 17K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

202 days

View full developer profile

Detection Fingerprints

How We Detect MagicPost – WordPress文章管理功能增强插件

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/magicpost/assets/wbp_magicpost.css/wp-content/plugins/magicpost/assets/wbp_magicpost.js

Script Paths

/wp-content/plugins/magicpost/assets/wbp_magicpost.js

Version Parameters

magicpost/assets/wbp_magicpost.css?ver=magicpost/assets/wbp_magicpost.js?ver=

HTML / DOM Fingerprints

CSS Classes

wbp-magicpost-content

Data Attributes

data-magicpost-download-iddata-magicpost-download-type

JS Globals

wb_magicpost_cnf

REST Endpoints

/wp-json/magicpost/v1/settings

Shortcode Output

[magicpost_download_button][magicpost_download_link]

FAQ