NeverDrafts Security & Risk Analysis
wordpress.org/plugins/neverdraftsAutomatically sync blog posts from NeverDrafts.com to your WordPress site with seamless integration and powerful customization options.
Is NeverDrafts Safe to Use in 2026?
Generally Safe
Score 100/100NeverDrafts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "neverdrafts" v1.0.0 plugin exhibits a generally strong security posture with good coding practices observed in static analysis. The majority of SQL queries utilize prepared statements, and a very high percentage of outputs are properly escaped, indicating a proactive approach to preventing common web vulnerabilities. The absence of dangerous functions, file operations, external HTTP requests, and bundled libraries further contributes to a reduced attack surface. Furthermore, the plugin has no known vulnerability history, which is a positive indicator of its past security performance.
However, a significant concern arises from the static analysis revealing one unprotected REST API route. This represents a potential entry point for unauthorized access or manipulation if sensitive data or functionality is exposed. The absence of nonce checks and capability checks across all entry points is also a notable weakness, as these are fundamental WordPress security mechanisms for ensuring that actions are performed by legitimate users with the correct permissions. While taint analysis showed no critical or high-severity issues, the lack of such analysis is itself a limitation, as it might not capture all potential vulnerabilities, especially those involving complex data flows.
In conclusion, "neverdrafts" v1.0.0 demonstrates good technical implementation in many areas, particularly regarding SQL and output handling. The lack of vulnerability history is reassuring. The primary areas for improvement are the critical need to secure the exposed REST API route and to implement appropriate nonce and capability checks on all entry points to align with WordPress security best practices and mitigate potential risks.
Key Concerns
- REST API route without permission callback
- No nonce checks on entry points
- No capability checks on entry points
NeverDrafts Security Vulnerabilities
NeverDrafts Code Analysis
SQL Query Safety
Output Escaping
NeverDrafts Attack Surface
REST API Routes 4
WordPress Hooks 5
Maintenance & Trust
NeverDrafts Maintenance & Trust
Maintenance Signals
Community Trust
NeverDrafts Alternatives
Outrank
outrank
Outrank automatically creates and publishes SEO-optimized articles to your WordPress site as blog posts or drafts.
Craftify AI Content Publisher
craftify-ai-content-publisher
Publish blog posts directly from Craftify AI to your WordPress site.
RankPeak
rankpeak
RankPeak automatically creates and publishes SEO-optimized articles to your WordPress site as blog posts or drafts.
UpAmp Connector
upamp-connector
Connect your WordPress site to UpAmp for seamless blog publishing without browser automation.
ContentStudio
contentstudio
Streamline Your Social Media and Content Marketing
NeverDrafts Developer Profile
1 plugin · 0 total installs
How We Detect NeverDrafts
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/neverdrafts/css/admin.css/wp-content/plugins/neverdrafts/js/admin.js/wp-content/plugins/neverdrafts/js/admin.jsneverdrafts/css/admin.css?ver=neverdrafts/js/admin.js?ver=HTML / DOM Fingerprints
fv-connection-statusfv-status-indicatorfv-status-connectedfv-status-disconnectedfv-status-textfv-connection-instructionsfv-settings-inputfv-select-wrapper+3 more<!-- NeverDrafts Settings Page --><!-- Connection Settings Section --><!-- Post Settings Section --><!-- Sync Logs Section -->+1 moredata-sync-iddata-sync-statusdata-post-idneverdrafts_admin_params/wp-json/neverdrafts/v1/sync-status/wp-json/neverdrafts/v1/sync-log