WP-Safety

NS Featured Posts Security & Risk Analysis

wordpress.org/plugins/ns-featured-posts

A plugin for making posts, pages, or custom post types featured. Users can enable/disable Featured flags for selected post types.

4K active installs v3.0.1 PHP 7.2+ WP 6.0+ Updated Sep 11, 2025
customfeaturedfeatured-postmetapost
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NS Featured Posts Safe to Use in 2026?

Generally Safe

Score 100/100

NS Featured Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The 'ns-featured-posts' plugin v3.0.1 exhibits a mixed security posture. While it demonstrates good practices in terms of output escaping and avoids dangerous functions or file operations, several critical areas raise concerns. The presence of two unprotected AJAX handlers significantly expands the attack surface without proper authentication or authorization checks, which is a common vector for exploitation. Although no specific critical or high-severity taint flows were identified in this analysis, the single unsanitized path flow warrants attention as it could potentially lead to vulnerabilities if exploited in conjunction with other factors.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator, suggesting that the developers may be responsive to security or that past issues have been effectively addressed. However, a lack of past vulnerabilities does not guarantee future security, especially in light of the identified unprotected entry points. The plugin's strengths lie in its robust output escaping and absence of dangerous code patterns. The primary weaknesses are the unprotected AJAX handlers, which represent a direct risk that needs immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized path flow
  • SQL queries without prepared statements
Vulnerabilities
None known

NS Featured Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

NS Featured Posts Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
9
73 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

89% escaped82 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
custom_table_filtering (includes\classes\class-ns-featured-posts-admin.php:662)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

NS Featured Posts Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_nsfeatured_postsincludes\classes\class-ns-featured-posts-admin.php:85
noprivwp_ajax_nsfp_nsbl_get_postsincludes\classes\class-ns-featured-posts-admin.php:105
authwp_ajax_nsfp_nsbl_get_postsincludes\classes\class-ns-featured-posts-admin.php:106
WordPress Hooks 16
actionadmin_initincludes\classes\class-ns-featured-posts-admin.php:82
actionadmin_enqueue_scriptsincludes\classes\class-ns-featured-posts-admin.php:83
actionadmin_enqueue_scriptsincludes\classes\class-ns-featured-posts-admin.php:84
actionrestrict_manage_postsincludes\classes\class-ns-featured-posts-admin.php:87
filterparse_queryincludes\classes\class-ns-featured-posts-admin.php:88
filterpre_get_postsincludes\classes\class-ns-featured-posts-admin.php:90
actionwidgets_initincludes\classes\class-ns-featured-posts-admin.php:92
actionadmin_noticesincludes\classes\class-ns-featured-posts-admin.php:94
actionadd_meta_boxesincludes\classes\class-ns-featured-posts-admin.php:97
actionsave_postincludes\classes\class-ns-featured-posts-admin.php:98
actionoptioner_admin_initincludes\classes\class-ns-featured-posts-admin.php:101
actionadmin_initincludes\classes\class-ns-featured-posts-admin.php:103
actionwpmu_new_blogincludes\classes\class-ns-featured-posts.php:67
actioninitincludes\classes\class-ns-featured-posts.php:82
actionplugins_loadedns-featured-posts.php:44
actionplugins_loadedns-featured-posts.php:45
Maintenance & Trust

NS Featured Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 11, 2025
PHP min version7.2
Downloads113K

Community Trust

Rating96/100
Number of ratings29
Active installs4K
Alternatives

NS Featured Posts Alternatives

Genesis Featured Widget Amplified

Genesis Featured Widget Amplified

genesis-featured-widget-amplified

A
85

Genesis Featured Posts with support for custom post types, taxonomies, and so much more

2K No CVEs
Featured Post

Featured Post

featured-post

A
85

Featured Post Plugin for Wordpress.

1K No CVEs
CodeFlavors Featured Post

CodeFlavors Featured Post

codeflavors-featured-post

A
85

Featured Post Plugin for WordPress with custom post type support.

30 No CVEs
Featured Custom Posts Widget

Featured Custom Posts Widget

featured-custom-posts-widget

A
85

Widget that allows custom post types and taxonomies to be displayed. Works well with Custom Post Type UI and Taxonomy Images plugins.

20 No CVEs
WP Featured News – Custom Posts Listing Elements

WP Featured News – Custom Posts Listing Elements

wp-featured-news-custom-posts-listing-elements

A
100

WP Featured News plugin allows you to display your posts anywhere of your web-pages with 10 powerful and creatively designed post blocks.

10 No CVEs
Developer Profile

NS Featured Posts Developer Profile

Nilambar Sharma

9 plugins · 9K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
22 days
View full developer profile
Detection Fingerprints

How We Detect NS Featured Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ns-featured-posts/assets/css/ns-featured-posts.css/wp-content/plugins/ns-featured-posts/assets/js/ns-featured-posts.js/wp-content/plugins/ns-featured-posts/assets/css/ns-featured-posts-widget.css/wp-content/plugins/ns-featured-posts/assets/js/ns-featured-posts-widget.js/wp-content/plugins/ns-featured-posts/assets/js/nsfp-featured-posts-admin.js/wp-content/plugins/ns-featured-posts/assets/js/nsfp-featured-posts-widget.js
Script Paths
/wp-content/plugins/ns-featured-posts/assets/js/ns-featured-posts.js/wp-content/plugins/ns-featured-posts/assets/js/ns-featured-posts-widget.js/wp-content/plugins/ns-featured-posts/assets/js/nsfp-featured-posts-admin.js/wp-content/plugins/ns-featured-posts/assets/js/nsfp-featured-posts-widget.js
Version Parameters
ns-featured-posts/assets/css/ns-featured-posts.css?ver=ns-featured-posts/assets/js/ns-featured-posts.js?ver=ns-featured-posts/assets/css/ns-featured-posts-widget.css?ver=ns-featured-posts/assets/js/ns-featured-posts-widget.js?ver=ns-featured-posts/assets/js/nsfp-featured-posts-admin.js?ver=ns-featured-posts/assets/js/nsfp-featured-posts-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
nsfp-featured-postsnsfp-wrappernsfp-slidernsfp-contentnsfp-titlensfp-excerptnsfp-thumbnailnsfp-meta+26 more
HTML Comments
<!-- NS Featured Posts Widget -->
Data Attributes
data-nsfp-post-iddata-nsfp-featured-statusdata-nsfp-toggle-noncedata-nsfp-noncedata-nsfp-post-type
JS Globals
nsfp_featured_posts_paramsnsfp_widget_params
REST Endpoints
/wp-json/nsfp/v1/featured-toggle/wp-json/nsfp/v1/get-posts
Shortcode Output
[ns_featured_posts]
FAQ

Frequently Asked Questions about NS Featured Posts