Does Podcast Subscribe Buttons have any unpatched vulnerabilities?

No. All known vulnerabilities in Podcast Subscribe Buttons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Podcast Subscribe Buttons compatible with WordPress 6.8.5?

According to WordPress.org data, Podcast Subscribe Buttons 1.5.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Podcast Subscribe Buttons compatible with PHP 7.0+?

Podcast Subscribe Buttons requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Podcast Subscribe Buttons updated?

Podcast Subscribe Buttons was last updated on Oct 13, 2025. Frequent updates are generally a positive security signal.

What is Podcast Subscribe Buttons's security score?

Podcast Subscribe Buttons has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Podcast Subscribe Buttons Security & Risk Analysis

wordpress.org/plugins/podcast-subscribe-buttons

Add beautiful podcast subscribe buttons anywhere.

5K active installs v1.5.5 PHP 7.0+ WP 3.8+ Updated Oct 13, 2025

appleiconspodcastspotifysubscribe

A · Safe

CVEs total2

Unpatched0

Last CVEOct 3, 2023

Download

Safety Verdict

Is Podcast Subscribe Buttons Safe to Use in 2026?

Generally Safe

Score 99/100

Podcast Subscribe Buttons has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 3, 2023Updated 5mo ago

Risk Assessment

The "podcast-subscribe-buttons" plugin v1.5.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, performing nonce and capability checks on its entry points, and having no file operations or external HTTP requests. The attack surface is relatively small with no identified unprotected entry points.

However, concerns arise from the presence of the `unserialize` function, which is notoriously dangerous when handling user-supplied input and could lead to Remote Code Execution if not properly sanitized. While the static analysis did not find any direct taint flows related to this, it remains a significant potential risk. The plugin's vulnerability history, with two past medium-severity Cross-site Scripting (XSS) vulnerabilities, indicates a recurring pattern of input sanitization issues, even though there are currently no unpatched CVEs.

The plugin has a decent number of properly escaped outputs (79%), but the remaining 21% could still pose an XSS risk. The lack of taint analysis flows in this specific scan is also notable, potentially indicating a limitation in the analysis tools or a superficial examination of dynamic execution paths. Overall, while the current version appears to have addressed past issues and implemented some good security practices, the presence of `unserialize` and past XSS vulnerabilities warrants careful monitoring and potential further investigation.

Key Concerns

Use of dangerous function: unserialize
Past medium severity XSS vulnerabilities
21% of outputs not properly escaped

Vulnerabilities

Podcast Subscribe Buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-5308medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 3, 2023 Patched in 1.4.9 (112d)

CVE-2021-24743medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting

Sep 15, 2021 Patched in 1.4.2 (860d)

Code Analysis

Analyzed Mar 16, 2026

Podcast Subscribe Buttons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

257 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$datetime = @unserialize( trim( $date_value ), array( 'allowed_classes' => array( 'DateTime' ) ) );includes\CMB2\cmb2-plugin\includes\CMB2_Utils.php:571

unserialize$atts[ SECONDLINE_PSB_PREFIX . 'repeat_subscribe' ] = unserialize( $atts[ SECONDLINE_PSB_PREFIX . 'rpodcast-subscribe-buttons.php:210

Output Escaping

79% escaped324 total outputs

Attack Surface

Podcast Subscribe Buttons Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 3

authwp_ajax_cmb2_oembed_handlerincludes\CMB2\cmb2-plugin\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handlerincludes\CMB2\cmb2-plugin\includes\CMB2_Ajax.php:52

authwp_ajax_dismiss_admin_noticeincludes\dismiss-notices\dismiss-notices.php:44

Shortcodes 1

[podcast_subscribe] podcast-subscribe-buttons.php:181

WordPress Hooks 61

actioncmb2_admin_initincludes\CMB2\cmb2-init.php:11

actionadmin_footerincludes\CMB2\cmb2-init.php:245

actioncmb2_admin_initincludes\CMB2\cmb2-plugin\example-functions.php:105

actioncmb2_admin_initincludes\CMB2\cmb2-plugin\example-functions.php:470

actioncmb2_admin_initincludes\CMB2\cmb2-plugin\example-functions.php:500

actioncmb2_admin_initincludes\CMB2\cmb2-plugin\example-functions.php:564

actioncmb2_admin_initincludes\CMB2\cmb2-plugin\example-functions.php:633

actioncmb2_admin_initincludes\CMB2\cmb2-plugin\example-functions.php:674

actioncmb2_initincludes\CMB2\cmb2-plugin\example-functions.php:777

actioncmb2_save_options-page_fieldsincludes\CMB2\cmb2-plugin\includes\CMB2_Ajax.php:54

filterget_post_metadataincludes\CMB2\cmb2-plugin\includes\CMB2_Ajax.php:147

filterupdate_post_metadataincludes\CMB2\cmb2-plugin\includes\CMB2_Ajax.php:150

filtercmb2_show_onincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:79

actionedit_form_topincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:118

actionedit_form_before_permalinkincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:122

actionedit_form_after_titleincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:126

actionedit_form_after_editorincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:130

actionadd_meta_boxesincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:134

actionadd_meta_boxesincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:137

actionadd_attachmentincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:138

actionedit_attachmentincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:139

actionsave_postincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:140

actionpre_get_postsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:147

actionadd_meta_boxes_commentincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:155

actionedit_commentincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:156

filtermanage_edit-comments_columnsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:159

actionmanage_comments_custom_columnincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:160

filtermanage_edit-comments_sortable_columnsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:161

actionpre_get_postsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:162

actionshow_user_profileincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:171

actionedit_user_profileincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:172

actionuser_new_formincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:173

actionpersonal_options_updateincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:175

actionedit_user_profile_updateincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:176

actionuser_registerincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:177

filtermanage_users_columnsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:180

filtermanage_users_custom_columnincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:181

filtermanage_users_sortable_columnsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:182

actionpre_get_postsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:183

actionpre_get_postsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:229

actioncreated_termincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:233

actionedited_termsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:234

actiondelete_termincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup.php:235

filterwp_prepare_attachment_for_jsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup_Field.php:54

actionadmin_enqueue_scriptsincludes\CMB2\cmb2-plugin\includes\CMB2_Hookup_Field.php:71

actioncmb2_do_oembedincludes\CMB2\cmb2-plugin\includes\helper-functions.php:131

filteris_protected_metaincludes\CMB2\cmb2-plugin\includes\rest-api\CMB2_REST.php:144

actioninitincludes\CMB2\cmb2-plugin\init.php:131

actionadmin_enqueue_scriptsincludes\dismiss-notices\dismiss-notices.php:43

filterpand_dismiss_notice_js_urlincludes\dismiss-notices\dismiss-notices.php:54

actionplugins_loadedpodcast-subscribe-buttons.php:23

filterkses_allowed_protocolspodcast-subscribe-buttons.php:63

actioninitpodcast-subscribe-buttons.php:70

actionadmin_menupodcast-subscribe-buttons.php:158

actioninitpodcast-subscribe-buttons.php:183

filtermanage_edit-secondline_psb_post_columnspodcast-subscribe-buttons.php:248

actionmanage_posts_custom_columnpodcast-subscribe-buttons.php:254

actionedit_form_after_titlepodcast-subscribe-buttons.php:266

actionwp_enqueue_scriptspodcast-subscribe-buttons.php:281

actionadmin_noticespodcast-subscribe-buttons.php:303

actionadmin_initpodcast-subscribe-buttons.php:304

Maintenance & Trust

Podcast Subscribe Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 13, 2025

PHP min version7.0

Downloads152K

Community Trust

Rating100/100

Number of ratings11

Active installs5K

Alternatives

Podcast Subscribe Buttons Alternatives

PowerPress Podcasting plugin by Blubrry

powerpress

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs

WP Podcasts Manager

wp-podcasts-manager

Short Description: Import and display podcast episodes from RSS feeds including Spotify support.

50 1 CVE

Podlove Subscribe button

podlove-subscribe-button

Podlove Subscribe button allows your users to easily select a podcast feed and pass it along to their favorite podcast app.

2K 4 CVEs

Anchor Episodes Index (Spotify for Podcasters)

anchor-episodes-index

A lightweight plugin that allows you to output an anchor.fm podcast player on your site that includes an episode index. Just add two URL's on the …

1K 2 CVEs

Simple Podcasting

simple-podcasting

100

Set up multiple podcast feeds using built-in WordPress posts. Includes a podcast block and podcast transcript block for the WordPress block editor.

100 No CVEs

Developer Profile

Podcast Subscribe Buttons Developer Profile

SecondLineThemes

3 plugins · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

603 days

View full developer profile

Detection Fingerprints

How We Detect Podcast Subscribe Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/podcast-subscribe-buttons/assets/css/secondline-psb-styles.css/wp-content/plugins/podcast-subscribe-buttons/build/index.js

Script Paths

/wp-content/plugins/podcast-subscribe-buttons/build/index.js

Version Parameters

secondline-themes-psb-block-scriptsecondline-psb-subscribe-button-stylespodcast-subscribe-button

HTML / DOM Fingerprints

Data Attributes

data-block="secondline-themes/podcast-subscribe-button"

JS Globals

secondline_psb_custom_buttons_editor_assets

FAQ