WP-Safety

Pinecast WordPress Sync Security & Risk Analysis

wordpress.org/plugins/pinecast-wp-sync

This plugin allows you to sync your Pinecast podcast (or any JSONFeed-compatible podcast) with your WordPress blog.

60 active installs v2.0.2 PHP 7.0+ WP 5.2+ Updated Sep 3, 2025
jsonfeedpinecastpodcastsync
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pinecast WordPress Sync Safe to Use in 2026?

Generally Safe

Score 100/100

Pinecast WordPress Sync has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "pinecast-wp-sync" v2.0.2 plugin presents a mixed security posture. On the positive side, it demonstrates strong practices in output escaping and largely avoids dangerous functions or direct file operations. The absence of recorded vulnerabilities and CVEs is also a favorable indicator of its past security. However, a significant concern arises from its attack surface, where all four identified AJAX handlers lack proper authentication checks. This creates a substantial risk, as any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure if the handlers perform sensitive operations.

While the plugin shows good coding practices in areas like SQL prepared statements and output escaping, the unprotected AJAX endpoints are a glaring weakness. The taint analysis returning zero flows is encouraging, suggesting that currently, there are no identifiable paths where unsanitized data could lead to critical vulnerabilities. The lack of vulnerability history is positive but does not guarantee future security, especially given the identified unprotected entry points. In conclusion, while the plugin has several strong security practices, the unprotected AJAX handlers represent a notable risk that needs immediate attention to improve its overall security.

Key Concerns

  • 4 AJAX handlers without auth checks
  • 5 out of 7 SQL queries not using prepared statements
  • 2 AJAX handlers missing nonce checks
  • 2 AJAX handlers missing capability checks
  • Total entry points: 4, Unprotected: 4
Vulnerabilities
None known

Pinecast WordPress Sync Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pinecast WordPress Sync Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
4 prepared
Unescaped Output
7
127 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

57% prepared7 total queries

Output Escaping

95% escaped134 total outputs
Attack Surface
4 unprotected

Pinecast WordPress Sync Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_pinecast_sync_podcastincludes\ajax-functions.php:38
authwp_ajax_pinecast_delete_podcastincludes\ajax-functions.php:62
authwp_ajax_pinecast_sync_podcastpinecast\includes\ajax-functions.php:43
authwp_ajax_pinecast_delete_podcastpinecast\includes\ajax-functions.php:67
WordPress Hooks 14
actionadmin_enqueue_scriptsincludes\admin\admin-functions.php:44
actionadmin_noticesincludes\admin\admin-functions.php:62
actionadmin_initincludes\admin\settings.php:22
actionadmin_menuincludes\admin\settings.php:25
actioninitincludes\cron-functions.php:17
actionpinecast/feed_syncincludes\cron-functions.php:52
actionadmin_enqueue_scriptspinecast\includes\admin\admin-functions.php:45
actionadmin_noticespinecast\includes\admin\admin-functions.php:61
actionadmin_initpinecast\includes\admin\settings.php:22
actionadmin_menupinecast\includes\admin\settings.php:25
actioninitpinecast\includes\cron-functions.php:16
actionpinecast/feed_syncpinecast\includes\cron-functions.php:35
actionadmin_noticespinecast\plugin.php:51
actionadmin_noticesplugin.php:51

Scheduled Events 2

pinecast/feed_sync
pinecast/feed_sync
Maintenance & Trust

Pinecast WordPress Sync Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 3, 2025
PHP min version7.0
Downloads10K

Community Trust

Rating100/100
Number of ratings1
Active installs60
Alternatives

Pinecast WordPress Sync Alternatives

Auto podcast import

Auto podcast import

auto-podcast-import

A
100

Import your podcast feed, automatically from any supported podcast provider.

100 No CVEs
Meta for WooCommerce

Meta for WooCommerce

facebook-for-woocommerce

A
93

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs
Async JavaScript

Async JavaScript

async-javascript

B
84

Async Javascript lets you add 'async' or 'defer' attribute to scripts to exclude to help increase the performance of your WordPres …

80K 2 CVEs
WooCommerce Square

WooCommerce Square

woocommerce-square

A
96

Securely accept payments, synchronize sales, and seamlessly manage inventory and product data between WooCommerce and Square POS.

80K 2 CVEs
PowerPress Podcasting plugin by Blubrry

PowerPress Podcasting plugin by Blubrry

powerpress

A
88

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs
Developer Profile

Pinecast WordPress Sync Developer Profile

Pinecast

1 plugin · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pinecast WordPress Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pinecast-wp-sync/dist/admin/js/jquery.repeater.min.js/wp-content/plugins/pinecast-wp-sync/dist/admin/js/pinecast.min.js/wp-content/plugins/pinecast-wp-sync/dist/admin/css/pinecast.min.css
Script Paths
/wp-content/plugins/pinecast-wp-sync/dist/admin/js/jquery.repeater.min.js/wp-content/plugins/pinecast-wp-sync/dist/admin/js/pinecast.min.js
Version Parameters
pinecast.min.js?ver=pinecast.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
pinecast
Data Attributes
data-nonce="pinecast-security"
JS Globals
pinecast
FAQ

Frequently Asked Questions about Pinecast WordPress Sync