Does MSN Partner Hub have any unpatched vulnerabilities?

Yes — MSN Partner Hub currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is MSN Partner Hub compatible with WordPress 6.9.4?

According to WordPress.org data, MSN Partner Hub 2.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MSN Partner Hub compatible with PHP 7.3+?

MSN Partner Hub requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MSN Partner Hub updated?

MSN Partner Hub was last updated on Feb 4, 2026. Frequent updates are generally a positive security signal.

What is MSN Partner Hub's security score?

MSN Partner Hub has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MSN Partner Hub Security & Risk Analysis

wordpress.org/plugins/microsoft-start

MSN Partner Hub WordPress plugin is developed by Microsoft. It helps WordPress content creators to share content to MSN directly from their sites.

1K active installs v2.9 PHP 7.3+ WP 5.4+ Updated Feb 4, 2026

microsoftmsnmsn-partner-hub

B · Generally Safe

CVEs total1

Unpatched1

Last CVEOct 6, 2025

Plugin page Download

Safety Verdict

Is MSN Partner Hub Safe to Use in 2026?

Mostly Safe

Score 78/100

MSN Partner Hub is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Oct 6, 2025Updated 2mo ago

Risk Assessment

The "microsoft-start" plugin v2.9 exhibits a mixed security posture. On the positive side, static analysis reveals no dangerous functions and all SQL queries utilize prepared statements, indicating good practices in these areas. The plugin also demonstrates a strong emphasis on capability checks, with 33 identified. However, significant concerns arise from the complete absence of nonce checks, which is a critical oversight for securing AJAX endpoints, even though there are currently no unprotected AJAX handlers.

The plugin's vulnerability history is a major red flag, with one known medium-severity CVE that remains unpatched. This indicates a pattern of potential authorization issues, as noted by the common vulnerability type. The presence of an unpatched vulnerability, regardless of its current severity, significantly elevates the risk profile. While taint analysis found no issues, this does not negate the risks identified by other signals.

In conclusion, while the plugin employs some secure coding practices like prepared statements and capability checks, the lack of nonce checks on its entry points and, most importantly, the existence of an unpatched medium-severity vulnerability with a history of authorization problems, present significant security risks. The plugin's security posture is therefore precarious and requires immediate attention, particularly regarding the unpatched CVE.

Key Concerns

Unpatched medium severity CVE
No nonce checks on any entry points
1 total output not properly escaped

Vulnerabilities

MSN Partner Hub Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-62931medium · 4.3Missing Authorization

MSN Partner Hub <= 2.8.7 - Missing Authorization

Oct 6, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

MSN Partner Hub Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared7 total queries

Output Escaping

0% escaped1 total outputs

Attack Surface

MSN Partner Hub Attack Surface

Entry Points25

Unprotected0

REST API Routes 25

POST/wp-json/microsoft/v1/redeemCoderoutes\authenticationApi.php:19

GET/wp-json/microsoft/v1/tokenroutes\authenticationApi.php:64

POST/wp-json/microsoft/v1/delete-tokenroutes\authenticationApi.php:74

GET/wp-json/microsoft/v1/onboarding-inforoutes\authenticationApi.php:85

GET/wp-json/microsoft/v1/health-checkroutes\helpCenterApi.php:35

GET/wp-json/microsoft/v1/help-listroutes\helpCenterApi.php:76

POST/wp-json/microsoft/v1/logroutes\logApi.php:14

GET/wp-json/microsoft/v1/notificationroutes\notificationApi.php:19

POST/wp-json/microsoft/v1/dismiss-wp-notificationroutes\notificationApi.php:31

POST/wp-json/microsoft/v1/dismiss-msph-notificationroutes\notificationApi.php:48

POST/wp-json/microsoft/v1/msn-retrievalroutes\postApi.php:55

GET/wp-json/microsoft/v1/post-detail/(?P<postId>[0-9_]+)routes\postApi.php:77

GET/wp-json/microsoft/v1/msn-id/(?P<postId>[0-9_]+)routes\postApi.php:94

GET/wp-json/microsoft/v1/unpublished-to-msph-postsroutes\postApi.php:105

POST/wp-json/microsoft/v1/batch-submit-postsroutes\postApi.php:119

POST/wp-json/microsoft/v1/stop-batch-submissionroutes\postApi.php:178

GET/wp-json/microsoft/v1/batch-submit-progressroutes\postApi.php:197

POST/wp-json/microsoft/v1/clear-batch-submit-progressroutes\postApi.php:242

POST/wp-json/microsoft/v1/get-post-by-idsroutes\postApi.php:252

GET/wp-json/microsoft/v1/msn-post-detail/(?P<postId>[0-9_]+)routes\postApi.php:267

POST/wp-json/microsoft/v1/submit-appeal/(?P<postId>[0-9_]+)routes\postApi.php:285

POST/wp-json/microsoft/v1/publish-settingsroutes\settingsApi.php:42

GET/wp-json/microsoft/v1/publish-settingsroutes\settingsApi.php:82

GET/wp-json/microsoft/v1/get-marketroutes\settingsApi.php:102

GET/wp-json/microsoft/v1/get-profileroutes\settingsApi.php:116

WordPress Hooks 14

actionwpcron\BackgroundTasks.php:16

actionmsnPublishTaskcron\BackgroundTasks.php:29

actionplugins_loadedcron\Task.php:67

actioninitincludes\postEditor.php:13

actionenqueue_block_editor_assetsincludes\postEditor.php:14

filtermanage_post_posts_columnsincludes\posts.php:28

actionmanage_post_posts_custom_columnincludes\posts.php:29

actiontransition_post_statusincludes\posts.php:30

actionadmin_enqueue_scriptsincludes\posts.php:31

actionrest_api_initinfrastructure\ApiController.php:10

actionadmin_menuinfrastructure\Page.php:13

actionadmin_enqueue_scriptsinfrastructure\Util.php:33

actionmsphLogTaskservices\LogService.php:36

filteroption_rss_use_excerptservices\MSPostConvertService.php:117

Scheduled Events 2

msnPublishTask

msphLogTask

Maintenance & Trust

MSN Partner Hub Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 4, 2026

PHP min version7.3

Downloads45K

Community Trust

Rating40/100

Number of ratings2

Active installs1K

Alternatives

MSN Partner Hub Alternatives

Microsoft Clarity

microsoft-clarity

How do you make your website great? Clarity can help you quickly see what's working on your site and where people get stuck. And it's free.

100K 2 CVEs

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams

eroom-zoom-meetings-webinar

eRoom is the best WordPress Zoom Meeting and Webinar Plugin. eRoom Zoom WordPress plugin enables integration with Zoom, Google Meet, Microsoft Teams.

10K 7 CVEs

WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)

wpo365-login

WordPress + Microsoft Entra | Ext. ID | B2C | M365 Integration for your Digital Workplace. For SSO, Mail, Roles, Access, Profiles, SharePoint, PowerBI …

10K 4 CVEs

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE

Microsoft Advertising Universal Event Tracking (UET)

microsoft-advertising-universal-event-tracking-uet

100

The official plugin for setting up Microsoft Advertising UET

4K 1 CVE

Developer Profile

MSN Partner Hub Developer Profile

microsoftstart

1 plugin · 1K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MSN Partner Hub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/microsoft-start/assets/js/editorSidebar.js/wp-content/plugins/microsoft-start/assets/js/editorSidebar.css

Script Paths

/wp-content/plugins/microsoft-start/assets/js/editorSidebar.js

Version Parameters

microsoft-start/assets/js/editorSidebar.js?ver=microsoft-start/assets/js/editorSidebar.css?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-msn-iddata-post-iddata-post-statusdata-post-is-emptydata-post-is-local-newsdata-post-is-aiac-included+2 more

JS Globals

msn_sidebar_settingsmsn_dashboard_render_statusMSPH_PLUGIN_VERSIONMSPH_WP_LANGmicrosoft_start\pages\Dashboardmicrosoft_start\pages\Callback+2 more

REST Endpoints

/wp-json/microsoft-start/

FAQ