WP-Safety

Molongui Post Contributors: Multi-Role Contributor Attribution Security & Risk Analysis

wordpress.org/plugins/molongui-post-contributors

Easily add reviewers, fact-checkers, illustrators, and any other attribution to your WordPress posts and display them towards the post author.

400 active installs v1.7.3 PHP 5.6.20+ WP 5.2+ Updated Nov 25, 2025
acknowledgmentattributionbylinecontributormultiple-contributors
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Molongui Post Contributors: Multi-Role Contributor Attribution Safe to Use in 2026?

Generally Safe

Score 100/100

Molongui Post Contributors: Multi-Role Contributor Attribution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The molongui-post-contributors plugin v1.7.3 exhibits a generally good security posture with several positive indicators. The extensive use of prepared statements for SQL queries and proper output escaping (90%) are strong defensive measures. Furthermore, the plugin has no recorded vulnerability history (CVEs), suggesting a mature and relatively secure codebase.

However, there are areas of concern. The presence of two AJAX handlers without authentication checks presents a notable attack surface. While taint analysis did not reveal any critical or high-severity unsanitized flows, the `unserialize` function is flagged as dangerous, which, if used with user-controlled input without proper sanitization, could lead to critical vulnerabilities. The limited number of flows analyzed in taint analysis might also mean potential issues were not detected.

In conclusion, while the plugin demonstrates good security practices in many areas and lacks a history of public vulnerabilities, the unprotected AJAX endpoints and the potential risks associated with `unserialize` warrant attention. Further analysis of how `unserialize` is implemented and ensuring strict access controls on all AJAX handlers would significantly improve its security.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of dangerous function: unserialize
Vulnerabilities
None known

Molongui Post Contributors: Multi-Role Contributor Attribution Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Molongui Post Contributors: Multi-Role Contributor Attribution Release Timeline

v1.7.3Current
v1.7.2
v1.7.1
v1.7.0
v1.6.2
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.0
v1.3.1
v1.3.0
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Molongui Post Contributors: Multi-Role Contributor Attribution Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
7 prepared
Unescaped Output
75
706 escaped
Nonce Checks
4
Capability Checks
15
File Operations
2
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$response = unserialize( wp_remote_retrieve_body( $response ) );common\utils\helpers.php:155

SQL Query Safety

78% prepared9 total queries

Output Escaping

90% escaped781 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
save (common\modules\settings.php:91)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Molongui Post Contributors: Multi-Role Contributor Attribution Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 4

authwp_ajax_molongui_send_mailcommon\modules\settings.php:27
authwp_ajax_save_wizard_settingscommon\modules\setup-wizard.php:30
authwp_ajax_contributors_ajax_suggestincludes\contributor.php:13
authwp_ajax_mpb__elementor_fetch_posts_for_controlincludes\integrations\plugins\elementor\widgets\bylines\byline-widget.php:16

Shortcodes 5

[molongui_post_meta] includes\shortcodes\bylines.php:9
[molongui_post_info] includes\shortcodes\bylines.php:10
[molongui_post_bylines] includes\shortcodes\bylines.php:109
[molongui_post_byline] includes\shortcodes\bylines.php:110
[molongui_bylines] includes\shortcodes\bylines.php:111
WordPress Hooks 210
actionadmin_enqueue_scriptscommon\hooks.php:8
actionadmin_enqueue_scriptscommon\hooks.php:9
actionadmin_initcommon\hooks.php:10
actionadmin_initcommon\hooks.php:11
actionadmin_initcommon\hooks.php:12
actionadmin_initcommon\hooks.php:13
actionadmin_initcommon\hooks.php:14
actionadmin_initcommon\hooks.php:15
actionadmin_initcommon\hooks.php:16
actioninitcommon\hooks.php:17
actionadmin_noticescommon\modules\notice.php:26
actioncurrent_screencommon\modules\pointerplus.php:23
actionadmin_enqueue_scriptscommon\modules\pointerplus.php:96
actionadmin_noticescommon\modules\pointerplus.php:100
actioncurrent_screencommon\modules\pointerplus.php:117
filtermpb/options/inline_scriptcommon\modules\settings\settings-page.php:129
actionadmin_enqueue_scriptscommon\modules\settings.php:19
filtermolongui_contributors/options_script_paramscommon\modules\settings.php:20
actionadmin_enqueue_scriptscommon\modules\settings.php:21
filtermolongui_contributors/options_extra_stylescommon\modules\settings.php:22
actionmolongui_contributors/optionscommon\modules\settings.php:23
filtermolongui_contributors/sanitize_optioncommon\modules\settings.php:24
actionplugins_loadedcommon\modules\settings.php:28
actionwp_mail_failedcommon\modules\settings.php:193
actionadmin_initcommon\modules\setup-wizard.php:26
actionadmin_initcommon\modules\setup-wizard.php:27
actionadmin_menucommon\modules\setup-wizard.php:28
filter_molongui_contributors/force_inline_dumpcommon\utils\debug.php:95
actionadmin_noticescommon\utils\debug.php:108
actioninitincludes\contributor-role.php:14
actioncontributor_role_add_form_fieldsincludes\contributor-role.php:15
actioncontributor_role_edit_form_fieldsincludes\contributor-role.php:16
actioncreated_contributor_roleincludes\contributor-role.php:17
actionedited_contributor_roleincludes\contributor-role.php:18
filterpre_insert_termincludes\contributor-role.php:19
filtermanage_edit-contributor_role_columnsincludes\contributor-role.php:20
filtermanage_contributor_role_custom_columnincludes\contributor-role.php:21
actioninitincludes\contributor-role.php:22
filterterms_clausesincludes\contributor.php:98
filterthe_contentincludes\integrations\block.php:19
filterrender_blockincludes\integrations\block.php:20
actionsetup_themeincludes\integrations\function-override.php:14
actionwp_headincludes\integrations\javascript.php:15
actionwp_footerincludes\integrations\javascript.php:16
actionelementor/widgets/widgets_registeredincludes\integrations\plugins\elementor\widgets\bylines\byline-widget.php:14
actionelementor/editor/after_enqueue_scriptsincludes\integrations\plugins\elementor\widgets\bylines\byline-widget.php:15
actionelementor/initincludes\integrations\plugins\elementor\widgets\bylines\byline-widget.php:83
filtermolongui_contributors/byline_generatorincludes\integrations\plugins\elementor\widgets\bylines\byline-widget.php:480
actioninitincludes\integrations\plugins\gutenberg\blocks\bylines\byline-block.php:14
actionenqueue_block_editor_assetsincludes\integrations\plugins\gutenberg\blocks\bylines\byline-block.php:15
actionenqueue_block_assetsincludes\integrations\plugins\gutenberg\blocks\bylines\byline-block.php:16
filtermolongui_contributors/byline_generatorincludes\integrations\plugins\gutenberg\blocks\bylines\byline-block.php:111
filtermolongui_authorship/author_box_profilesincludes\integrations\plugins\molongui-authorship.php:29
filtermolongui_contributors/before_begin_contributor_roleincludes\integrations\theme.php:156
filtermolongui_contributors/open_tag_contributor_roleincludes\integrations\theme.php:157
filtermolongui_contributors/after_begin_contributor_roleincludes\integrations\theme.php:158
filtermolongui_contributors/before_end_contributor_roleincludes\integrations\theme.php:159
filtermolongui_contributors/close_tag_contributor_roleincludes\integrations\theme.php:160
filtermolongui_contributors/after_end_contributor_roleincludes\integrations\theme.php:161
filtermolongui_contributors/before_begin_contributor_nameincludes\integrations\theme.php:163
filtermolongui_contributors/open_tag_contributor_nameincludes\integrations\theme.php:164
filtermolongui_contributors/before_contributor_nameincludes\integrations\theme.php:165
filtermolongui_contributors/before_end_contributor_nameincludes\integrations\theme.php:166
filtermolongui_contributors/close_tag_contributor_nameincludes\integrations\theme.php:167
filtermolongui_contributors/after_end_contributor_nameincludes\integrations\theme.php:168
filtermolongui_contributors/before_begin_the_contributorincludes\integrations\theme.php:170
filtermolongui_contributors/open_tag_the_contributorincludes\integrations\theme.php:171
filtermolongui_contributors/after_begin_the_contributorincludes\integrations\theme.php:172
filtermolongui_contributors/before_end_the_contributorincludes\integrations\theme.php:173
filtermolongui_contributors/close_tag_the_contributorincludes\integrations\theme.php:174
filtermolongui_contributors/after_end_the_contributorincludes\integrations\theme.php:175
filtermolongui_contributors/separator_between_role_and_nameincludes\integrations\theme.php:176
filtermolongui_contributors/separatorincludes\integrations\theme.php:178
filtermolongui_contributors_pro/before_contributors_groupincludes\integrations\theme.php:180
filtermolongui_contributors_pro/after_contributors_groupincludes\integrations\theme.php:181
filtermolongui_contributors_pro/before_name_separatorincludes\integrations\theme.php:182
filtermolongui_contributors_pro/after_name_separatorincludes\integrations\theme.php:183
filtermolongui_contributors_pro/separator_autospaceincludes\integrations\theme.php:184
actionagama_blog_post_metaincludes\integrations\themes\agama.php:12
actionafter_setup_themeincludes\integrations\themes\agama.php:100
filterastra_get_option_ast-dynamic-single-post-metadataincludes\integrations\themes\astra.php:42
filterastra_meta_case_contributorincludes\integrations\themes\astra.php:43
actionafter_setup_themeincludes\integrations\themes\astra.php:155
filterfusion_post_metadata_markupincludes\integrations\themes\avada.php:12
actionafter_setup_themeincludes\integrations\themes\avada.php:138
actionafter_setup_themeincludes\integrations\themes\betheme.php:90
actionwp_headincludes\integrations\themes\blocksy.php:13
filterblocksy:post-meta:itemsincludes\integrations\themes\blocksy.php:14
actionafter_setup_themeincludes\integrations\themes\blocksy.php:137
actionafter_setup_themeincludes\integrations\themes\blogus.php:139
actionafter_setup_themeincludes\integrations\themes\botiga.php:90
actionafter_setup_themeincludes\integrations\themes\bridge.php:90
actionafter_setup_themeincludes\integrations\themes\buddyboss-theme.php:106
actionafter_setup_themeincludes\integrations\themes\colibri-wp.php:99
actionafter_setup_themeincludes\integrations\themes\customify.php:90
actionmolongui_contributors/initincludes\integrations\themes\divi.php:15
actionafter_setup_themeincludes\integrations\themes\enfold.php:90
filtermolongui_contributors/block_theme_before_adding_the_contributorincludes\integrations\themes\extendable.php:14
actionafter_setup_themeincludes\integrations\themes\extendable.php:118
actionafter_setup_themeincludes\integrations\themes\extra.php:90
actionafter_setup_themeincludes\integrations\themes\flatsome.php:89
filtergenerate_header_entry_meta_itemsincludes\integrations\themes\generatepress.php:12
actiongenerate_post_meta_itemsincludes\integrations\themes\generatepress.php:13
actionafter_setup_themeincludes\integrations\themes\generatepress.php:105
actionafter_setup_themeincludes\integrations\themes\go.php:111
filterhestia_single_post_metaincludes\integrations\themes\hestia.php:12
actionafter_setup_themeincludes\integrations\themes\hestia.php:102
actionafter_setup_themeincludes\integrations\themes\inspiro.php:114
actionwp_headincludes\integrations\themes\jnews.php:14
actionjnews_render_after_meta_leftincludes\integrations\themes\jnews.php:15
actionafter_setup_themeincludes\integrations\themes\jnews.php:122
filterjupiterx_post_meta_elementsincludes\integrations\themes\jupiterx.php:13
filterjupiterx_post_meta_itemsincludes\integrations\themes\jupiterx.php:14
actionjupiterx_post_meta_contributorincludes\integrations\themes\jupiterx.php:15
actionafter_setup_themeincludes\integrations\themes\jupiterx.php:123
actionwp_headincludes\integrations\themes\kadence.php:14
filterkadence_author_meta_outputincludes\integrations\themes\kadence.php:15
actionafter_setup_themeincludes\integrations\themes\kadence.php:128
actionafter_setup_themeincludes\integrations\themes\kubio.php:116
actionwp_headincludes\integrations\themes\neve.php:14
filterneve_filter_author_meta_markupincludes\integrations\themes\neve.php:15
actionafter_setup_themeincludes\integrations\themes\neve.php:124
actionafter_setup_themeincludes\integrations\themes\news-portal.php:116
actionafter_setup_themeincludes\integrations\themes\newspaper.php:130
actionafter_setup_themeincludes\integrations\themes\oceanwp.php:116
actionafter_setup_themeincludes\integrations\themes\onepress.php:89
actionafter_setup_themeincludes\integrations\themes\phlox.php:115
actionmolongui_contributors/initincludes\integrations\themes\popularfx.php:12
actionafter_setup_themeincludes\integrations\themes\salient.php:118
actionmolongui_contributors/initincludes\integrations\themes\storefront.php:16
actionafter_setup_themeincludes\integrations\themes\sydney.php:114
actionwp_headincludes\integrations\themes\the7.php:14
filterpresscore_posted_on_htmlincludes\integrations\themes\the7.php:15
actionafter_setup_themeincludes\integrations\themes\the7.php:144
actionafter_setup_themeincludes\integrations\themes\total.php:106
actionafter_setup_themeincludes\integrations\themes\twenty-eleven.php:110
actionafter_setup_themeincludes\integrations\themes\twenty-fifteen.php:125
actionafter_setup_themeincludes\integrations\themes\twenty-fourteen.php:133
actionafter_setup_themeincludes\integrations\themes\twenty-nineteen.php:112
actionmolongui_contributors/initincludes\integrations\themes\twenty-seventeen.php:88
actionafter_setup_themeincludes\integrations\themes\twenty-sixteen.php:119
actionafter_setup_themeincludes\integrations\themes\twenty-ten.php:109
actionafter_setup_themeincludes\integrations\themes\twenty-thirteen.php:127
actionafter_setup_themeincludes\integrations\themes\twenty-twelve.php:110
actionafter_setup_themeincludes\integrations\themes\twenty-twenty-four.php:100
actionmolongui_contributors/initincludes\integrations\themes\twenty-twenty-one.php:12
actionafter_setup_themeincludes\integrations\themes\twenty-twenty-three.php:100
actionafter_setup_themeincludes\integrations\themes\twenty-twenty-two.php:108
actionafter_setup_themeincludes\integrations\themes\twenty-twenty.php:115
actionafter_setup_themeincludes\integrations\themes\uncode.php:118
actionafter_setup_themeincludes\integrations\themes\yith-wonder.php:68
actionafter_setup_themeincludes\integrations\themes\zakra.php:106
filtermolongui-contributors-pointerplus_listincludes\pointers.php:14
actionadd_meta_boxesincludes\post.php:18
actionadmin_enqueue_scriptsincludes\post.php:19
filtermolongui_contributors/contributors_metabox_script_paramsincludes\post.php:20
actionsave_postincludes\post.php:21
actioninitincludes\post.php:22
actionwp_enqueue_scriptsincludes\post.php:23
actionadmin_enqueue_scriptsincludes\post.php:24
filtermolongui_contributors/byline_extra_stylesincludes\post.php:25
filtermolongui_contributors/byline_extra_stylesincludes\post.php:26
filtermolongui_contributors/custom_cssincludes\post.php:27
filterthe_contentincludes\post.php:192
filtermolongui_contributors/is_edit_modeincludes\post.php:491
filtermolongui_contributors/default_optionsincludes\settings.php:14
actionadmin_menuincludes\settings.php:15
filtermolongui_contributors/plugin_settingsincludes\settings.php:16
filtermolongui_contributors/validate_optionsincludes\settings.php:17
filtermolongui_contributors/validate_optionsincludes\settings.php:18
filtermolongui_contributors/sanitize_optionincludes\settings.php:19
actionadmin_initincludes\settings.php:21
actioninitincludes\settings.php:22
filtermolongui_contributors/options/scriptincludes\settings.php:23
actionmolongui_contributors/options/enqueue_required_depsincludes\settings.php:27
filtermolongui_contributors/options/script_paramsincludes\settings.php:32
filtermolongui_contributors/assets/load_remoteincludes\settings.php:2210
filter_bylines/doing_shortcodeincludes\shortcodes\bylines.php:25
filter_bylines/doing_shortcode/post_metaincludes\shortcodes\bylines.php:26
filtermolongui_contributors/is_edit_modeincludes\shortcodes\bylines.php:77
filtermolongui_contributors/byline_generatorincludes\shortcodes\bylines.php:84
filtermolongui_contributors/void_post_meta_shortcodeincludes\shortcodes\bylines.php:100
filtertemplate_includeincludes\template.php:14
filterbody_classincludes\template.php:15
actionwp_headincludes\template.php:16
filtermolongui_contributors/link_author_name_to_archiveincludes\template.php:18
filtermolongui_contributors/link_contributor_name_to_archiveincludes\template.php:19
actionmolongui_contributors/after_post_contentincludes\template.php:21
actionmolongui_contributors/after_post_contentincludes\template.php:22
actionmolongui_contributors/after_post_contentincludes\template.php:23
actionmolongui_contributors/after_post_contentincludes\template.php:24
actionmolongui_contributors/after_post_contentincludes\template.php:25
actionmolongui_contributors/the_postincludes\template.php:74
filtermolongui_authorship/link_names_in_post_bylineincludes\template.php:303
filtermolongui_contributors/byline_settingsincludes\template.php:500
filterwp_kses_allowed_htmlincludes\template.php:629
filtermolongui_contributors/wizard_fallbackincludes\wizard.php:13
filtermolongui_contributors/wizard_settingsincludes\wizard.php:14
filtermolongui_contributors/wizard_stepsincludes\wizard.php:15
actionplugins_loadedmolongui-post-contributors.php:66
actionwpmu_new_blogmolongui-post-contributors.php:75
actionplugin_loadedmolongui-post-contributors.php:76
actionplugins_loadedmolongui-post-contributors.php:77
actionadmin_noticesmolongui-post-contributors.php:88
actionadmin_noticesmolongui-post-contributors.php:93
filtermolongui_contributors/debugmolongui-post-contributors.php:206
filtermolongui_contributors/leading_phrasetemplates\byline\parts\contributor.php:27
filterthe_tagstemplates\byline\parts\tags.php:11
filtermolongui_contributors/svg_icon_filltemplates\post\parts\social-share\layout-1.php:47
filtermolongui_contributors/single_contenttemplates\post\single-content-2.php:5
Maintenance & Trust

Molongui Post Contributors: Multi-Role Contributor Attribution Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 25, 2025
PHP min version5.6.20
Downloads7K

Community Trust

Rating100/100
Number of ratings2
Active installs400
Alternatives

Molongui Post Contributors: Multi-Role Contributor Attribution Alternatives

Wpi Multiple Contributors

Wpi Multiple Contributors

wpi-multiple-contributors

A
85

This plugin facilitates in assigning and displaying more than one author on a post.

10 No CVEs
Coopso Contributors

Coopso Contributors

coopso-contributors

A
92

WordPress contributors plugin. The user(admin, author, and editor) can select the multiple users who contribute to the post and at the front end after …

0 No CVEs
WooCommerce Analytics

WooCommerce Analytics

woocommerce-analytics

A
100

Boost sales and maximize ROI with WooCommerce Analytics. Access order attribution data to optimize performance and drive business growth effectively.

20K No CVEs
CallTrackingMetrics

CallTrackingMetrics

call-tracking-metrics

A
100

CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.

3K No CVEs
Image Source Control Lite – Show Image Credits and Captions

Image Source Control Lite – Show Image Credits and Captions

image-source-control-isc

A
95

Show image credits, image captions, and copyrights. Manage image sources and warn if they are missing. The original plugin since 2012.

3K 5 CVEs
Developer Profile

Molongui Post Contributors: Multi-Role Contributor Attribution Developer Profile

Molongui

3 plugins · 11K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
79 days
View full developer profile
Detection Fingerprints

How We Detect Molongui Post Contributors: Multi-Role Contributor Attribution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/molongui-post-contributors/assets/css/admin-style.css/wp-content/plugins/molongui-post-contributors/assets/css/contributors-editor-style.css/wp-content/plugins/molongui-post-contributors/assets/css/contributors-style.css/wp-content/plugins/molongui-post-contributors/assets/css/editor.css/wp-content/plugins/molongui-post-contributors/assets/js/admin-script.js/wp-content/plugins/molongui-post-contributors/assets/js/contributors.js/wp-content/plugins/molongui-post-contributors/assets/js/editor.js/wp-content/plugins/molongui-post-contributors/assets/js/post-contributors-block.js+1 more
Script Paths
/wp-content/plugins/molongui-post-contributors/assets/js/admin-script.js/wp-content/plugins/molongui-post-contributors/assets/js/contributors.js/wp-content/plugins/molongui-post-contributors/assets/js/editor.js/wp-content/plugins/molongui-post-contributors/assets/js/post-contributors-block.js/wp-content/plugins/molongui-post-contributors/assets/js/post-contributors-editor.js
Version Parameters
molongui-post-contributors/assets/css/admin-style.css?ver=molongui-post-contributors/assets/css/contributors-editor-style.css?ver=molongui-post-contributors/assets/css/contributors-style.css?ver=molongui-post-contributors/assets/css/editor.css?ver=molongui-post-contributors/assets/js/admin-script.js?ver=molongui-post-contributors/assets/js/contributors.js?ver=molongui-post-contributors/assets/js/editor.js?ver=molongui-post-contributors/assets/js/post-contributors-block.js?ver=molongui-post-contributors/assets/js/post-contributors-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
molongui-contributors-wrappermolongui-post-contributors-backendmolongui-post-contributors-frontendmolongui-post-contributors-blockmolongui-post-contributors-editormolongui-contributors-listmolongui-contributor-itemmolongui-contributor-avatar+11 more
HTML Comments
Molongui Post ContributorsMolongui Post Contributors Pro
Data Attributes
data-molongui-contributors
JS Globals
molonguiContributorsMolonguiContributorsSettings
REST Endpoints
/wp-json/molongui-contributors/v1/search-users/wp-json/molongui-contributors/v1/get-user-data
Shortcode Output
[molongui_post_contributors][molongui_post_contributors_block]
FAQ

Frequently Asked Questions about Molongui Post Contributors: Multi-Role Contributor Attribution