
My Posts List with Offline Browsing Security & Risk Analysis
wordpress.org/plugins/my-post-list-with-offline-readingLet users build a list of their favorite posts/pages from the site and share their list on Facebook, via E-Mail, or download content as a Web-app for …
Is My Posts List with Offline Browsing Safe to Use in 2026?
Generally Safe
Score 85/100My Posts List with Offline Browsing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "my-post-list-with-offline-reading" v2.0 exhibits a mixed security posture. On the positive side, it has a very small attack surface with zero identified entry points (AJAX, REST API, shortcodes, cron events) that lack authentication or permission checks. Furthermore, all its SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The absence of any recorded vulnerability history is also a strong positive indicator.
However, there are significant concerns within the code analysis. The presence of a dangerous function (preg_replace(/e)) is a red flag, as this function can lead to arbitrary code execution if not handled with extreme care. Additionally, a very low percentage of output escaping (8%) suggests that a substantial portion of the plugin's output is not properly sanitized, potentially exposing users to cross-site scripting (XSS) attacks. The taint analysis indicates two flows with unsanitized paths, although thankfully no critical or high severity issues were found there. The complete lack of nonce checks and capability checks on all entry points (even though there are none listed) is a fundamental security oversight that could become a problem if new entry points are added without proper security considerations.
In conclusion, while the plugin currently presents a low external attack surface and has a clean vulnerability history, the identified code-level weaknesses, particularly the dangerous function usage and poor output escaping, introduce significant internal risks. The lack of robust security checks like nonces and capability checks, even on a seemingly secure code base, indicates a lack of defensive programming practices that could be exploited if vulnerabilities are introduced in future updates. The risk is moderate, leaning towards higher due to the potential for XSS and code execution.
Key Concerns
- Dangerous function preg_replace(/e) found
- Low output escaping percentage (8%)
- Flows with unsanitized paths found
- Missing nonce checks
- Missing capability checks
My Posts List with Offline Browsing Security Vulnerabilities
My Posts List with Offline Browsing Release Timeline
My Posts List with Offline Browsing Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
My Posts List with Offline Browsing Attack Surface
WordPress Hooks 6
Maintenance & Trust
My Posts List with Offline Browsing Maintenance & Trust
Maintenance Signals
Community Trust
My Posts List with Offline Browsing Alternatives
Easy Content Lists
easy-content-lists
Shortcodes for easily listing all your pages, posts, taxonomies, and tags.
Recently Updated Pages and Posts
recently-updated-pages-and-posts
Creates a sidebar widget that lists recently updated pages and posts including newly published items.
CC-List-Posts
cc-list-posts
This plugin adds similar to wp_list_pages, missing function and shortcode wp_list_posts with pagination support.
Display Posts Shortcode, Current Page Custom Field Add-On
display-posts-shortcode-current-page-custom-field-add-on
Convert "current" as the current page ID when using the display posts shortcode to query custom fields.
Fast Post Lists
fast-post-lists
Provide shortcodes to display a filtered list of posts, grouped by category/tag, with optional thumbnails.
My Posts List with Offline Browsing Developer Profile
1 plugin · 10 total installs
How We Detect My Posts List with Offline Browsing
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/my-post-list-with-offline-reading/style.css/wp-content/plugins/my-post-list-with-offline-reading/plugin-engine.js/wp-content/plugins/my-post-list-with-offline-reading/plugin-engine.jsmy-post-list-with-offline-reading/style.css?ver=my-post-list-with-offline-reading/plugin-engine.js?ver=HTML / DOM Fingerprints
add-to-post-listmpl-list-action-triggermpl-send-labeldata-postiddata-posttitlelocalObjlocalStorage<div id="view-your-list"><a href="#">View Your List</a></div><div id="your-posts-list-container"><div id="mpl-actions-container"><div id="mpl-about-list-div">