Does New Post Notification have any unpatched vulnerabilities?

No. All known vulnerabilities in New Post Notification have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is New Post Notification compatible with WordPress 4.0.38?

According to WordPress.org data, New Post Notification 1.0.10 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is New Post Notification updated?

New Post Notification was last updated on Nov 23, 2014. Frequent updates are generally a positive security signal.

What is New Post Notification's security score?

New Post Notification has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

New Post Notification Security & Risk Analysis

wordpress.org/plugins/new-post-notification

Simply notifies users if a new post has been published. This can also be used as an addon for User-Access-Manager. Users will only be notified if they …

100 active installs v1.0.10 PHP + WP 3.0.1+ Updated Nov 23, 2014

emailnotificationpostssubscriptionuser-access-manager

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is New Post Notification Safe to Use in 2026?

Generally Safe

Score 85/100

New Post Notification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "new-post-notification" plugin version 1.0.10 presents a mixed security profile. On one hand, the absence of any recorded CVEs, a zero-day vulnerability history, and a seemingly limited attack surface (no AJAX, REST API, shortcodes, or cron events directly exposed) are positive indicators. The plugin also includes at least one capability check, suggesting some level of authorization awareness.

However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a major red flag, as it can be exploited for code injection under certain circumstances. Furthermore, all SQL queries are executed without prepared statements, making them susceptible to SQL injection attacks. The lack of output escaping for all identified output points indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks is also concerning, as it leaves any potential entry points vulnerable to CSRF attacks.

Given the absence of historical vulnerabilities, it's possible these issues have not been actively exploited or discovered. However, the identified code signals represent fundamental security weaknesses that require immediate attention. The plugin's security posture is currently weak due to these critical code-level vulnerabilities, despite the lack of historical exploit evidence.

Key Concerns

Raw SQL queries without prepared statements
All outputs not properly escaped
Dangerous function 'create_function' used
No nonce checks detected

Vulnerabilities

None known

New Post Notification Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

New Post Notification Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter('wp_mail_content_type',create_function('', 'return "text/html"; '));npn_plugin.php:36

create_functionadd_filter('wp_mail_content_type',create_function('', 'return "text/plain"; '));npn_plugin.php:69

SQL Query Safety

0% prepared2 total queries

Output Escaping

0% escaped7 total outputs

Attack Surface

New Post Notification Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

filterpublish_postnpn_plugin.php:16

filterwp_mail_content_typenpn_plugin.php:36

filterwp_mail_content_typenpn_plugin.php:69

actionshow_user_profilenpn_plugin.php:168

actionedit_user_profilenpn_plugin.php:169

actionpersonal_options_updatenpn_plugin.php:171

actionedit_user_profile_updatenpn_plugin.php:172

actionuser_registernpn_plugin.php:175

filtermanage_users_columnsnpn_plugin.php:182

actionmanage_users_custom_columnnpn_plugin.php:188

Maintenance & Trust

New Post Notification Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedNov 23, 2014

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings5

Active installs100

Alternatives

New Post Notification Alternatives

Subscribe2 – Form, Email Subscribers & Newsletters

subscribe2

Sends a list of subscribers an email notification when you publish new posts.

20K 8 CVEs

Post Notification by Email

notify-users-e-mail

Send an email to all users whenever a new post is published on your WordPress.

2K No CVEs

AsynCRONous bbPress Subscriptions

asyncronous-bbpress-subscriptions

Email notifications done right. No BCC lists, no added page load time, better performance.

100 No CVEs

Subscribe To Comments Checkbox

comments-subscribe-checkbox

100

This plugin will allow you to add subscribe notification checkbox to comments on your site.

100 No CVEs

Contributor Notifications

contributor-notifications

100

An incredibly simple and lightweight solution for alerting you of new pending posts from contributors and alerting contributors when their submissions …

80 No CVEs

Developer Profile

New Post Notification Developer Profile

kilozwo

2 plugins · 700 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect New Post Notification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/new-post-notification/style.css

Version Parameters

new-post-notification/style.css?ver=

HTML / DOM Fingerprints

Data Attributes

npn_mailnotifynpn_mailnotify_category

FAQ