WP-Safety

Multiple Post Passwords Security & Risk Analysis

wordpress.org/plugins/multiple-post-passwords

Set multiple passwords for your protected pages so you can give them to different users.

2K active installs v1.1.4 PHP 5.6+ WP 4.7.0+ Updated Jan 17, 2026
multiplepagepasswordpostprotected
100
A · Safe
CVEs total1
Unpatched0
Last CVENov 28, 2023
Plugin page Download
Safety Verdict

Is Multiple Post Passwords Safe to Use in 2026?

Generally Safe

Score 100/100

Multiple Post Passwords has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 28, 2023Updated 2mo ago
Risk Assessment

The 'multiple-post-passwords' plugin version 1.1.4 exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests are positive indicators. The presence of nonce and capability checks further bolster its defenses. However, a notable concern is the output escaping, where 35% of outputs are not properly escaped, presenting a potential Cross-Site Scripting (XSS) risk if user-supplied data is directly reflected in the output without sufficient sanitization. The vulnerability history reveals one past medium severity CVE related to XSS, which aligns with the static analysis findings regarding output escaping. This suggests a recurring pattern that warrants attention. While the plugin has no currently unpatched CVEs, the past XSS vulnerability and the static analysis finding on output escaping indicate a potential for such issues to arise if not diligently addressed. The plugin's strengths lie in its lack of critical attack vectors and its use of prepared statements, but the identified output escaping deficiency is a weakness that needs remediation.

Key Concerns

  • Improper output escaping identified
  • Past medium severity CVE related to XSS
Vulnerabilities
1

Multiple Post Passwords Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-49157medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple Post Passwords <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 28, 2023 Patched in 1.1.2 (56d)
Code Analysis
Analyzed Mar 16, 2026

Multiple Post Passwords Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
11 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

65% escaped17 total outputs
Attack Surface

Multiple Post Passwords Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadd_meta_boxesadmin\metabox.php:36
actionsave_postadmin\metabox.php:38
actioninitadmin\settings-page.php:17
actionadmin_menuadmin\settings-page.php:51
actionadmin_initadmin\settings-page.php:54
filterpost_password_expiresfrontend\alternative-password-check.php:42
actioninitfrontend\alternative-password-check.php:45
filterpost_password_requiredfrontend\password-check.php:36
filtercron_schedulesinc\cronjobs.php:42
Maintenance & Trust

Multiple Post Passwords Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 17, 2026
PHP min version5.6
Downloads24K

Community Trust

Rating100/100
Number of ratings11
Active installs2K
Alternatives

Multiple Post Passwords Alternatives

Password Passthrough

Password Passthrough

password-passthrough

A
100

This plugin allows passwords for password-protected pages/posts to be passed directly through the URL.

600 No CVEs
Advanced Post Password

Advanced Post Password

advanced-post-password

A
92

Enhance the security of password-protected posts/pages with this plugin.

0 No CVEs
Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form

Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form

wp-edit-password-protected

A
98

Create easily Password protected page or posts in your WordPress website with conditional display options.

3K 2 CVEs
Protected Posts Logout Button

Protected Posts Logout Button

protected-posts-logout-button

B
84

Automatically adds a logout button to your password protected content.

1K 3 CVEs
WP Create Multiple Posts & Pages

WP Create Multiple Posts & Pages

wp-create-multiple-posts-pages

A
100

Easily Create Multiple WordPress Posts & Pages At Once With a Single Click.

1K No CVEs
Developer Profile

Multiple Post Passwords Developer Profile

Andreas Münch

3 plugins · 11K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
56 days
View full developer profile
Detection Fingerprints

How We Detect Multiple Post Passwords

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multiple-post-passwords/admin/css/metabox.css/wp-content/plugins/multiple-post-passwords/admin/js/metabox.js/wp-content/plugins/multiple-post-passwords/frontend/css/password-form.css/wp-content/plugins/multiple-post-passwords/frontend/js/password-form.js
Script Paths
/wp-content/plugins/multiple-post-passwords/admin/js/metabox.js/wp-content/plugins/multiple-post-passwords/frontend/js/password-form.js
Version Parameters
multiple-post-passwords/admin/css/metabox.css?ver=multiple-post-passwords/admin/js/metabox.js?ver=multiple-post-passwords/frontend/css/password-form.css?ver=multiple-post-passwords/frontend/js/password-form.js?ver=

HTML / DOM Fingerprints

CSS Classes
mpp-password-form-wrappermpp-password-formmpp-password-form-labelmpp-password-form-inputmpp-password-form-submitmpp-password-form-error
HTML Comments
<!-- add for all public post types --><!-- Add a nonce field so we can check for it later. --><!-- if our nonce is set --><!-- Verify that the nonce is valid. -->+3 more
Data Attributes
id="mpp-passwords-metabox"data-mpp-post-iddata-mpp-password-check-urldata-mpp-password-error-message
JS Globals
mpp_password_form_params
FAQ

Frequently Asked Questions about Multiple Post Passwords