Does NewsPage have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is NewsPage compatible with WordPress 3.4.2?

According to WordPress.org data, NewsPage 3.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is NewsPage updated?

NewsPage was last updated on Jul 3, 2012. Frequent updates are generally a positive security signal.

What is NewsPage's security score?

NewsPage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NewsPage Security & Risk Analysis

wordpress.org/plugins/newspage

newsPage is an easy to use plugin that allows you to have a headline aggregation page on your blog.

10 active installs v3.0 PHP + WP 2.5+ Updated Jul 3, 2012

newspagerss-feeds

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is NewsPage Safe to Use in 2026?

Generally Safe

Score 85/100

NewsPage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The newspage v3.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no identified AJAX handlers or REST API routes that lack authentication. Furthermore, there are no recorded CVEs for this plugin, and it does not appear to bundle any third-party libraries, reducing the risk of known vulnerabilities in external components. However, significant concerns arise from the static code analysis. The absence of any output escaping is a critical flaw, meaning any data displayed to users could potentially be manipulated for cross-site scripting (XSS) attacks. The taint analysis also revealed flows with unsanitized paths, including one of high severity, suggesting potential for injection vulnerabilities if this data is not handled with extreme care. The lack of nonce and capability checks further exacerbates these risks, as these are fundamental security mechanisms for preventing unauthorized actions and ensuring data integrity.

Key Concerns

All outputs are unescaped
High severity taint flow with unsanitized path
No nonce checks
No capability checks
SQL queries not always prepared

Vulnerabilities

None known

NewsPage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

NewsPage Release Timeline

v3.0Current

v2.0

v1.9

v1.8

v1.7

v1.6

v1.5

v1.4

v1.3

v1.2.1

v1.2

v1.01b

v1.1

v1.0.1

v1.0

Code Analysis

Analyzed Mar 17, 2026

NewsPage Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

58% prepared12 total queries

Output Escaping

0% escaped22 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<newspage.settings> (newspage.settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

NewsPage Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[newspage] newspage.php:46

[newstopics] newspage.php:47

WordPress Hooks 5

actionwp_headnewspage.php:42

actionadmin_headnewspage.php:43

actionadmin_menunewspage.php:44

filterthe_contentnewspage.php:45

actioninitnewspage.php:49

Maintenance & Trust

NewsPage Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedJul 3, 2012

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings4

Active installs10

Alternatives

NewsPage Alternatives

Disable Feeds and Comments

disable-rss-feeds-and-comments

This WordPress plugin, "Disable RSS Feeds and Comments," gives you the ability to turn off both the RSS feeds and comments on pages and/or p …

400 No CVEs

WP RSS Fetcher ShortCode

wp-rss-fetcher-shortcode

Easily fetches RSS feeds from external sources and embed them into posts or pages with a shortcode.

30 No CVEs

Ebay Affiliate System for WordPress

linekal-ebay-affiliate-system

Ebay affiliate system is a simple and easy to use plugin which allows you to display ebay affiliate products on your wordpress blog or website using e …

20 No CVEs

FeedTune

feedtune

Take full control of WordPress default feeds. Enable or disable feeds, manage redirection to parent URLs, homepage, or a custom 404 slug.

10 No CVEs

GloDer RSS

gloder-rss

A plugin to add a sidebar widget for RSS feeds of the current site.

10 No CVEs

Developer Profile

NewsPage Developer Profile

freekrai

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NewsPage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/newspage/newspage.css

HTML / DOM Fingerprints

CSS Classes

feedfeedtitle

HTML Comments

START of newsPage outputEND of newsPage output - Powered by newsPage (http://www.rogerstringer.com/projects/newspage/)No posts found. //

Data Attributes

data-items

Shortcode Output

<div class="feed"><div class="feedtitle"><ul><li><a href='

FAQ