Does Truncate Recent Posts Titles have any unpatched vulnerabilities?

No. All known vulnerabilities in Truncate Recent Posts Titles have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Truncate Recent Posts Titles compatible with WordPress 4.7.32?

According to WordPress.org data, Truncate Recent Posts Titles 1.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Truncate Recent Posts Titles updated?

Truncate Recent Posts Titles was last updated on Nov 30, 2016. Frequent updates are generally a positive security signal.

What is Truncate Recent Posts Titles's security score?

Truncate Recent Posts Titles has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Truncate Recent Posts Titles Security & Risk Analysis

wordpress.org/plugins/pm-truncated-recent-posts

Recent Posts Widget with truncated post titles.

20 active installs v1.0 PHP + WP 4.3.1+ Updated Nov 30, 2016

recent-posts-widgettruncate

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Truncate Recent Posts Titles Safe to Use in 2026?

Generally Safe

Score 85/100

Truncate Recent Posts Titles has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "pm-truncated-recent-posts" plugin version 1.0 presents a seemingly strong security posture based on the provided static analysis and vulnerability history. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface, and critically, there are no unprotected entry points. The code analysis also reveals a positive trend with no dangerous functions, file operations, or external HTTP requests. Furthermore, all SQL queries are correctly prepared, mitigating SQL injection risks. However, a significant concern arises from the low percentage of properly escaped output (35%). This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as unsanitized data displayed to users could be manipulated to execute malicious scripts. The lack of nonce checks and capability checks further exacerbates this issue, as there are no mechanisms to verify user intent or permissions before processing potentially vulnerable output. The plugin's history of zero known vulnerabilities is a positive indicator, but it doesn't negate the inherent risks identified in the current code.

Key Concerns

Low output escaping percentage
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Truncate Recent Posts Titles Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Truncate Recent Posts Titles Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

35% escaped26 total outputs

Attack Surface

Truncate Recent Posts Titles Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initpm-recent-posts.php:30

Maintenance & Trust

Truncate Recent Posts Titles Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedNov 30, 2016

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Truncate Recent Posts Titles Alternatives

TW Recent Posts Widget

tw-recent-posts-widget

A simple and flexible widget for WordPress which will show recent posts from selected category allowing increased customization to display recent post …

1K No CVEs