My Posts List with Offline Browsing Security & Risk Analysis

wordpress.org/plugins/my-post-list-with-offline-reading

Let users build a list of their favorite posts/pages from the site and share their list on Facebook, via E-Mail, or download content as a Web-app for …

10 active installs v2.0 PHP + WP 3.0.1+ Updated Jun 11, 2013
html5listmobilepagesposts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is My Posts List with Offline Browsing Safe to Use in 2026?

Generally Safe

Score 85/100

My Posts List with Offline Browsing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The plugin "my-post-list-with-offline-reading" v2.0 exhibits a mixed security posture. On the positive side, it has a very small attack surface with zero identified entry points (AJAX, REST API, shortcodes, cron events) that lack authentication or permission checks. Furthermore, all its SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The absence of any recorded vulnerability history is also a strong positive indicator.

However, there are significant concerns within the code analysis. The presence of a dangerous function (preg_replace(/e)) is a red flag, as this function can lead to arbitrary code execution if not handled with extreme care. Additionally, a very low percentage of output escaping (8%) suggests that a substantial portion of the plugin's output is not properly sanitized, potentially exposing users to cross-site scripting (XSS) attacks. The taint analysis indicates two flows with unsanitized paths, although thankfully no critical or high severity issues were found there. The complete lack of nonce checks and capability checks on all entry points (even though there are none listed) is a fundamental security oversight that could become a problem if new entry points are added without proper security considerations.

In conclusion, while the plugin currently presents a low external attack surface and has a clean vulnerability history, the identified code-level weaknesses, particularly the dangerous function usage and poor output escaping, introduce significant internal risks. The lack of robust security checks like nonces and capability checks, even on a seemingly secure code base, indicates a lack of defensive programming practices that could be exploited if vulnerabilities are introduced in future updates. The risk is moderate, leaning towards higher due to the potential for XSS and code execution.

Key Concerns

  • Dangerous function preg_replace(/e) found
  • Low output escaping percentage (8%)
  • Flows with unsanitized paths found
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

My Posts List with Offline Browsing Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

My Posts List with Offline Browsing Release Timeline

v2.0Current
v1.0
Code Analysis
Analyzed Apr 16, 2026

My Posts List with Offline Browsing Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
35
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

preg_replace(/e)preg_replace ("/\[(\S+)\]/e"mobile/mobile_post_list.php:10

Output Escaping

8% escaped38 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
mpl_options_page_create (option-page.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

My Posts List with Offline Browsing Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
filterwp_mail_content_typeemail_post_list.php:84
actionwp_enqueue_scriptsmy-posts-list.php:37
actionwp_footermy-posts-list.php:195
filterthe_contentmy-posts-list.php:216
actionwp_loadedmy-posts-list.php:221
actionadmin_menuoption-page.php:3
Maintenance & Trust

My Posts List with Offline Browsing Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedJun 11, 2013
PHP min version
Downloads10K

Community Trust

Rating92/100
Number of ratings5
Active installs10
Developer Profile

My Posts List with Offline Browsing Developer Profile

rioloft

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect My Posts List with Offline Browsing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/my-post-list-with-offline-reading/style.css/wp-content/plugins/my-post-list-with-offline-reading/plugin-engine.js
Script Paths
/wp-content/plugins/my-post-list-with-offline-reading/plugin-engine.js
Version Parameters
my-post-list-with-offline-reading/style.css?ver=my-post-list-with-offline-reading/plugin-engine.js?ver=

HTML / DOM Fingerprints

CSS Classes
add-to-post-listmpl-list-action-triggermpl-send-label
Data Attributes
data-postiddata-posttitle
JS Globals
localObjlocalStorage
Shortcode Output
<div id="view-your-list"><a href="#">View Your List</a></div><div id="your-posts-list-container"><div id="mpl-actions-container"><div id="mpl-about-list-div">
FAQ

Frequently Asked Questions about My Posts List with Offline Browsing