WP-Safety

Native Content Relationships Security & Risk Analysis

wordpress.org/plugins/native-content-relationships

Add first-class relationships between posts, users, and terms using a fast, structured, and scalable architecture.

0 active installs v1.0.29 PHP 7.4+ WP 5.0+ Updated Feb 21, 2026
contentpostsrelationshipstermsusers
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Native Content Relationships Safe to Use in 2026?

Generally Safe

Score 100/100

Native Content Relationships has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The native-content-relationships plugin v1.0.29 exhibits a generally strong security posture, with a high percentage of properly escaped output, consistent use of prepared statements for SQL queries, and a notable absence of dangerous functions, file operations, and external HTTP requests. The plugin also demonstrates a good number of nonce and capability checks, indicating an awareness of WordPress security best practices.

However, a significant concern lies within the attack surface, specifically the presence of one AJAX handler that lacks authentication checks. While taint analysis shows no immediate critical or high-severity issues, an unprotected AJAX endpoint represents a potential entry point for attackers to exploit if other security measures are bypassed or if new vulnerabilities are introduced. The plugin's vulnerability history being completely clean is a positive indicator of past security diligence, but it doesn't negate the risk posed by the identified unprotected endpoint.

In conclusion, native-content-relationships is largely well-secured, but the single unprotected AJAX handler is a clear weakness that requires immediate attention. Addressing this single point of failure is crucial to maintaining its otherwise robust security.

Key Concerns

  • AJAX handler without auth check
Vulnerabilities
None known

Native Content Relationships Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Native Content Relationships Code Analysis

Dangerous Functions
0
Raw SQL Queries
43
107 prepared
Unescaped Output
25
554 escaped
Nonce Checks
16
Capability Checks
17
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

71% prepared150 total queries

Output Escaping

96% escaped579 total outputs
Attack Surface
1 unprotected

Native Content Relationships Attack Surface

Entry Points22
Unprotected1

AJAX Handlers 12

authwp_ajax_naticore_search_contentincludes\core\class-admin.php:40
authwp_ajax_naticore_search_productsincludes\core\class-admin.php:41
authwp_ajax_naticore_suggest_relatedincludes\core\class-admin.php:42
authwp_ajax_naticore_add_relationincludes\core\class-admin.php:43
authwp_ajax_naticore_remove_relationincludes\core\class-admin.php:44
authwp_ajax_naticore_get_relationship_typesincludes\elementor\class-ajax-handler.php:46
noprivwp_ajax_naticore_get_relationship_typesincludes\elementor\class-ajax-handler.php:47
authwp_ajax_naticore_migrate_acfincludes\integrations\class-acf.php:283
authwp_ajax_naticore_add_user_relationincludes\user\class-user-relations-ajax.php:48
authwp_ajax_naticore_remove_user_relationincludes\user\class-user-relations-ajax.php:51
authwp_ajax_naticore_search_usersincludes\user\class-user-relations.php:58
authwp_ajax_naticore_search_posts_for_userincludes\user\class-user-relations.php:59

REST API Routes 6

GET/wp-json/naticore/v1/post/(?P<id>\d+)includes\core\class-rest-api.php:44
GET/wp-json/naticore/v1/typesincludes\core\class-rest-api.php:105
POST/wp-json/naticore/v1/relationshipsincludes\core\class-rest-api.php:116
DELETE/wp-json/naticore/v1/relationshipsincludes\core\class-rest-api.php:152
POST/wp-json/naticore/v1/relationships/bulkincludes\core\class-rest-api.php:188
GET/wp-json/naticore/v1/relationships/existsincludes\core\class-rest-api.php:214

Shortcodes 4

[naticore_related_posts] developer-guide.php:594
[naticore_related_posts] includes\frontend\class-shortcodes.php:59
[naticore_related_users] includes\frontend\class-shortcodes.php:60
[naticore_related_terms] includes\frontend\class-shortcodes.php:61
WordPress Hooks 80
actionnaticore_register_relation_typesdeveloper-guide.php:243
actionnaticore_register_relation_typesdeveloper-guide.php:262
filternaticore_relation_is_alloweddeveloper-guide.php:296
actionnaticore_relation_addeddeveloper-guide.php:320
filternaticore_get_related_argsdeveloper-guide.php:347
actionadd_meta_boxesincludes\core\class-admin.php:37
actionsave_postincludes\core\class-admin.php:38
actionadmin_enqueue_scriptsincludes\core\class-admin.php:39
actionadmin_noticesincludes\core\class-admin.php:46
filterposts_whereincludes\core\class-admin.php:288
filtermap_meta_capincludes\core\class-capabilities.php:38
actionbefore_delete_postincludes\core\class-cleanup.php:37
actionwp_trash_postincludes\core\class-cleanup.php:42
filterquery_varsincludes\core\class-query.php:58
filterposts_joinincludes\core\class-query.php:59
filterposts_whereincludes\core\class-query.php:60
filterposts_distinctincludes\core\class-query.php:61
filterposts_requestincludes\core\class-query.php:65
actionwp_footerincludes\core\class-query.php:66
actionadmin_footerincludes\core\class-query.php:67
actioninitincludes\core\class-relation-types.php:159
actioninitincludes\core\class-relation-types.php:430
actionrest_api_initincludes\core\class-rest-api.php:34
actionrest_api_initincludes\core\class-rest-api.php:35
filterrest_prepare_userincludes\core\class-rest-api.php:623
actionadmin_menuincludes\core\class-settings.php:56
actionadmin_initincludes\core\class-settings.php:57
actionadmin_initincludes\core\class-settings.php:61
actionadmin_enqueue_scriptsincludes\core\class-settings.php:64
actionelementor/dynamic_tags/register_tagsincludes\elementor\class-elementor-integration.php:50
actionelementor/dynamic_tags/registerincludes\elementor\class-elementor-integration.php:53
actionelementor/controls/registerincludes\elementor\class-elementor-integration.php:56
actioninitincludes\frontend\class-shortcodes.php:45
actionnaticore_settings_tabsincludes\integrations\class-acf.php:54
actionacf/update_value/type=relationshipincludes\integrations\class-acf.php:59
actiondp_duplicate_postincludes\integrations\class-duplicate-post.php:32
actiondp_duplicate_pageincludes\integrations\class-duplicate-post.php:33
actionmtphr_post_duplicator_createdincludes\integrations\class-duplicate-post.php:36
actionadded_post_metaincludes\integrations\class-duplicate-post.php:39
actioninitincludes\integrations\class-editors.php:50
actionelementor/dynamic_tags/register_tagsincludes\integrations\class-editors.php:54
filterthe_contentincludes\integrations\class-seo.php:67
filterwpseo_schema_graph_piecesincludes\integrations\class-seo.php:71
filterrank_math/schema/validatedincludes\integrations\class-seo.php:73
filternaticore_seo_internal_linksincludes\integrations\class-seo.php:77
actioninitincludes\integrations\class-woocommerce.php:59
actionadd_meta_boxesincludes\integrations\class-woocommerce.php:62
actionnaticore_settings_tabsincludes\integrations\class-woocommerce.php:65
actionwoocommerce_update_productincludes\integrations\class-woocommerce.php:70
actionwoocommerce_update_productincludes\integrations\class-woocommerce.php:71
actionwoocommerce_new_orderincludes\integrations\class-woocommerce.php:75
filternaticore_query_helpersincludes\integrations\class-woocommerce.php:78
actionnaticore_relation_addedincludes\integrations\class-wpml.php:89
actionnaticore_relation_removedincludes\integrations\class-wpml.php:90
actionnaticore_settings_tabsincludes\integrations\class-wpml.php:94
actionadmin_initincludes\tools\class-import-export.php:38
actionadmin_initincludes\tools\class-import-export.php:39
actionadmin_noticesincludes\tools\class-import-export.php:168
actionadmin_noticesincludes\tools\class-import-export.php:180
actionadmin_noticesincludes\tools\class-import-export.php:205
actionadmin_noticesincludes\tools\class-import-export.php:255
actionadmin_initincludes\tools\class-integrity.php:66
actionadmin_noticesincludes\tools\class-integrity.php:333
actionadmin_initincludes\tools\class-orphaned.php:38
actionadmin_noticesincludes\tools\class-orphaned.php:39
actionadmin_menuincludes\tools\class-overview.php:320
filterset-screen-optionincludes\tools\class-overview.php:321
actionadmin_menuincludes\tools\class-settings-old.php:48
actionadmin_initincludes\tools\class-settings-old.php:49
actionadmin_initincludes\tools\class-settings-old.php:53
filtersite_status_testsincludes\tools\class-site-health.php:35
actionshow_user_profileincludes\user\class-user-relations.php:48
actionedit_user_profileincludes\user\class-user-relations.php:49
actionpersonal_options_updateincludes\user\class-user-relations.php:50
actionedit_user_profile_updateincludes\user\class-user-relations.php:51
actionadd_meta_boxesincludes\user\class-user-relations.php:54
actionsave_postincludes\user\class-user-relations.php:55
actionadmin_enqueue_scriptsincludes\user\class-user-relations.php:62
actionplugins_loadednative-content-relationships.php:72
actionwidgets_initnative-content-relationships.php:105
Maintenance & Trust

Native Content Relationships Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 21, 2026
PHP min version7.4
Downloads351

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Native Content Relationships Alternatives

RIS Related Post

RIS Related Post

ris-related-post

A
92

Easily display related posts with thumbnails below your content, boosting engagement and SEO.

0 No CVEs
Posts 2 Posts

Posts 2 Posts

posts-to-posts

A
100

Efficient many-to-many connections between posts, pages, custom post types, users.

10K No CVEs
WP Dummy Content Generator

WP Dummy Content Generator

wp-dummy-content-generator

A
91

Generate realistic dummy content for WordPress quickly. Ideal for developers and designers to populate sites for testing and development.

7K 5 CVEs
Related Posts By PickPlugins

Related Posts By PickPlugins

related-post

A
98

Display Related Post under post by taxonomy and terms.

4K 3 CVEs
Auto Affiliate Links

Auto Affiliate Links

wp-auto-affiliate-links

A
91

Automatically display affiliate links in your website content so you can make more money. It is also working well for internal linking.

3K 10 CVEs
Developer Profile

Native Content Relationships Developer Profile

Chetan Upare

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Native Content Relationships

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/native-content-relationships/assets/css/style.css/wp-content/plugins/native-content-relationships/assets/js/admin.js/wp-content/plugins/native-content-relationships/assets/js/ncr-editor.js/wp-content/plugins/native-content-relationships/assets/js/ncr-frontend.js
Script Paths
/wp-content/plugins/native-content-relationships/assets/js/admin.js/wp-content/plugins/native-content-relationships/assets/js/ncr-editor.js/wp-content/plugins/native-content-relationships/assets/js/ncr-frontend.js
Version Parameters
native-content-relationships/assets/css/style.css?ver=native-content-relationships/assets/js/admin.js?ver=native-content-relationships/assets/js/ncr-editor.js?ver=native-content-relationships/assets/js/ncr-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
ncr-editorncr-frontendncr-admin-wrap
Data Attributes
data-ncr-post-iddata-ncr-relation-type
JS Globals
NATICORE_AJAX_URLNATICORE_Admin_ConfigNATICORE_Editor_ConfigNATICORE_Frontend_ConfigNATICORE_REST_API_URL
REST Endpoints
/wp-json/native-content-relationships/v1
FAQ

Frequently Asked Questions about Native Content Relationships