WP-Safety

ParrotPoster – Auto Post to Social Media Security & Risk Analysis

wordpress.org/plugins/parrotposter

Auto post or selective post of news and products from the site to social networks (media) Facebook, Instagram, Telegram, VK, OK (autoposting, autopost …

100 active installs v1.0.16 PHP 7.0+ WP 5.0+ Updated Apr 15, 2026
auto-postauto-publishautopostautopublishsocial-media-automation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ParrotPoster – Auto Post to Social Media Safe to Use in 2026?

Generally Safe

Score 100/100

ParrotPoster – Auto Post to Social Media has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "parrotposter" plugin version 1.0.14 exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers, which represent a significant attack surface. While the plugin does not appear to have a history of publicly disclosed vulnerabilities, the static analysis reveals several areas for improvement. The high percentage of unsanitized paths identified in the taint analysis, particularly a single high-severity flow, suggests potential for injection vulnerabilities if user-supplied data is not properly handled. Furthermore, the absence of capability checks on any entry points means that any user, regardless of their role, could potentially trigger these unprotected AJAX actions, increasing the risk of unauthorized operations. The presence of file operations and external HTTP requests, while not inherently problematic, warrants careful scrutiny when combined with other identified weaknesses. In conclusion, while the plugin's lack of known CVEs is a positive sign and the use of prepared statements for SQL is good, the critical issue of numerous unprotected AJAX handlers and the taint analysis findings point to significant security risks that require immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flow
  • No capability checks on entry points
  • Unsanitized paths in taint flows
  • Low rate of output escaping
Vulnerabilities
None known

ParrotPoster – Auto Post to Social Media Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ParrotPoster – Auto Post to Social Media Release Timeline

v1.0.14
v1.0.13
v1.0.11
v1.0.9
v1.0.6
v1.0.5
v1.0.4
v1.0.3
Code Analysis
Analyzed Mar 16, 2026

ParrotPoster – Auto Post to Social Media Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
10 prepared
Unescaped Output
92
198 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

71% prepared14 total queries

Output Escaping

68% escaped290 total outputs
Data Flows · Security
15 unsanitized

Data Flow Analysis

18 flows15 with unsanitized paths
api_list_posts_by_wp_post (src\AdminAjaxPost.php:467)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

ParrotPoster – Auto Post to Social Media Attack Surface

Entry Points14
Unprotected14

AJAX Handlers 14

authwp_ajax_parrotposter_get_post_htmlsrc\AdminAjaxPost.php:42
authwp_ajax_parrotposter_autoposting_enablesrc\AdminAjaxPost.php:47
authwp_ajax_parrotposter_publish_post_via_templatesrc\AdminAjaxPost.php:48
authwp_ajax_parrotposter_has_post_duplicatessrc\AdminAjaxPost.php:49
authwp_ajax_parrotposter_api_list_postssrc\AdminAjaxPost.php:52
authwp_ajax_parrotposter_api_list_posts_by_wp_postsrc\AdminAjaxPost.php:53
authwp_ajax_parrotposter_api_get_postsrc\AdminAjaxPost.php:54
authwp_ajax_parrotposter_api_delete_postsrc\AdminAjaxPost.php:55
authwp_ajax_parrotposter_api_list_accountssrc\AdminAjaxPost.php:56
authwp_ajax_parrotposter_api_get_connect_urlsrc\AdminAjaxPost.php:57
authwp_ajax_parrotposter_api_connectsrc\AdminAjaxPost.php:58
authwp_ajax_parrotposter_api_delete_accountsrc\AdminAjaxPost.php:59
authwp_ajax_parrotposter_api_get_mesrc\AdminAjaxPost.php:60
authwp_ajax_parrotposter_api_create_transactionsrc\AdminAjaxPost.php:61
WordPress Hooks 23
actionadmin_initincludes\posts_custom_column.php:7
actionadmin_print_footer_scripts-edit.phpincludes\posts_custom_column.php:43
actionadmin_footer-edit.phpincludes\posts_custom_column.php:94
actionadmin_enqueue_scriptsincludes\posts_custom_column.php:100
actionadmin_post_parrotposter_authsrc\AdminAjaxPost.php:30
actionadmin_post_parrotposter_signupsrc\AdminAjaxPost.php:31
actionadmin_post_parrotposter_forgot_passwordsrc\AdminAjaxPost.php:32
actionadmin_post_parrotposter_reset_passwordsrc\AdminAjaxPost.php:33
actionadmin_post_parrotposter_logoutsrc\AdminAjaxPost.php:34
actionadmin_post_parrotposter_set_tariffsrc\AdminAjaxPost.php:37
actionadmin_post_parrotposter_create_transactionsrc\AdminAjaxPost.php:38
actionadmin_post_parrotposter_publish_postsrc\AdminAjaxPost.php:41
actionadmin_post_parrotposter_autoposting_addsrc\AdminAjaxPost.php:45
actionadmin_post_parrotposter_autoposting_editsrc\AdminAjaxPost.php:46
actioninitsrc\Install.php:13
actionplugins_loadedsrc\PP.php:48
actionadmin_enqueue_scriptssrc\PP.php:50
actionadmin_enqueue_scriptssrc\PP.php:51
actionadmin_menusrc\PP.php:53
actionadd_meta_boxessrc\PP.php:55
actionwp_after_insert_postsrc\Scheduler.php:29
actionshutdownsrc\Scheduler.php:30
actionadmin_footersrc\WPListTable.php:169
Maintenance & Trust

ParrotPoster – Auto Post to Social Media Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 15, 2026
PHP min version7.0
Downloads9K

Community Trust

Rating60/100
Number of ratings8
Active installs100
Alternatives

ParrotPoster – Auto Post to Social Media Alternatives

Social Media Auto Poster – Schedule & Publish to Buffer

Social Media Auto Poster – Schedule & Publish to Buffer

wp-to-buffer

A
100

Automatically post and schedule your WordPress content to Facebook, X/Twitter, LinkedIn, Threads, Bluesky, and more social networks using Buffer.

8K 1 CVE
Post to Social Media – WordPress to Hootsuite

Post to Social Media – WordPress to Hootsuite

wp-to-hootsuite

A
99

Automatically share WordPress Pages, Posts or Custom Post Types to Facebook, Twitter and LinkedIn using your Hootsuite (hootsuite.com) account.

300 2 CVEs
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

evergreen-content-poster

A
96

Automatically share your best WordPress content (posts/pages/custom post types) to X (Twitter), Mastodon, Facebook, Instagram, Pinterest, LinkedIn and …

100 6 CVEs
Auto Post to Social Media from Social Champ

Auto Post to Social Media from Social Champ

auto-post-to-social-media-wp-to-social-champ

A
99

It sends WP Pages, Posts or Custom Post Types to your Social Champ (SocialChamp.com) account for immediate or scheduled publishing to social networks.

40 1 CVE
AVIR Social Auto Poster Ultimate

AVIR Social Auto Poster Ultimate

avir-social-auto-poster-ultimate

A
100

Automatically share WordPress posts to Facebook & Instagram with customizable excerpts, images, and hashtags. Boost your social reach!

40 No CVEs
Developer Profile

ParrotPoster – Auto Post to Social Media Developer Profile

ParrotPoster

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ParrotPoster – Auto Post to Social Media

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/parrotposter/css/admin-menu.css/wp-content/plugins/parrotposter/js/post-meta-box.js
Script Paths
/wp-content/plugins/parrotposter/js/post-meta-box.js
Version Parameters
parrotposter/style.css?ver=parrotposter/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
parrotposter-autoposting-list-table
Data Attributes
data-parrotposter-modal
JS Globals
ParrotPoster
FAQ

Frequently Asked Questions about ParrotPoster – Auto Post to Social Media