Podigee WordPress Quick Publish – now with Gutenberg support! Security & Risk Analysis
wordpress.org/plugins/podigeeLet's you import metadata from your Podigee podcast feed right into the Wordpress post editor. Finally (since 1.0) compatible to Gutenberg.
Is Podigee WordPress Quick Publish – now with Gutenberg support! Safe to Use in 2026?
Use With Caution
Score 60/100Podigee WordPress Quick Publish – now with Gutenberg support! has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "podigee" v1.4.0 plugin presents a mixed security posture. On the positive side, it boasts no known historical vulnerabilities and demonstrates good practices regarding SQL queries, exclusively using prepared statements. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, is also a strength. However, significant concerns arise from the static analysis. The plugin exhibits a concerningly low output escaping rate (7%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, particularly given the presence of 14 output points. Furthermore, all three analyzed taint flows resulted in unsanitized paths, suggesting potential vulnerabilities for exploiting file operations or other sensitive functions, despite the lack of critical or high severity flags in the static analysis. The absence of nonce and capability checks is a major weakness, leaving functionalities exposed to unauthorized access and manipulation.
Key Concerns
- Low output escaping rate (7%)
- All taint flows have unsanitized paths
- No nonce checks present
- No capability checks present
- File operations present (4)
- External HTTP requests present (4)
Podigee WordPress Quick Publish – now with Gutenberg support! Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Podigee <= 1.4.0 - Unauthenticated Sever-Side Request Forgery
Podigee WordPress Quick Publish – now with Gutenberg support! Release Timeline
Podigee WordPress Quick Publish – now with Gutenberg support! Code Analysis
Output Escaping
Data Flow Analysis
Podigee WordPress Quick Publish – now with Gutenberg support! Attack Surface
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
Podigee WordPress Quick Publish – now with Gutenberg support! Maintenance & Trust
Maintenance Signals
Community Trust
Podigee WordPress Quick Publish – now with Gutenberg support! Alternatives
PowerPress Podcasting plugin by Blubrry
powerpress
No. 1 Podcasting plugin for WordPress.
Podcast Player – Your Podcasting Companion
podcast-player
Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.
Podcast Importer SecondLine
podcast-importer-secondline
A simple podcast import tool for WordPress.
Podlove Subscribe button
podlove-subscribe-button
Podlove Subscribe button allows your users to easily select a podcast feed and pass it along to their favorite podcast app.
RSS Feed Pro
rss-feed-pro
Display an RSS Feed in a widget, a page, or a post using a shortcode with any number of parameters. Sort the archive by Category, Year, and Author.
Podigee WordPress Quick Publish – now with Gutenberg support! Developer Profile
2 plugins · 780 total installs
How We Detect Podigee WordPress Quick Publish – now with Gutenberg support!
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/podigee-quick-publish/js/podigee-feedex.js/wp-content/plugins/podigee-quick-publish/js/podigee-qp-admin.jspodigee-quick-publish/js/podigee-feedex.js?ver=podigee-quick-publish/js/podigee-qp-admin.js?ver=HTML / DOM Fingerprints
pfex-site-titlepfex-on-an-additional-notediv-pfex-successdiv-pfex-errorpfex-subheadpfex-toggle-hiddenpfex-option-section<!-- New post ids are stored in an array in $_PFEX_POST_INSERTED --><!-- Info section – maybe this can be removed in a future version. --><!-- - Visible when options are not set yet or authentication failed. --><!-- - Hidden when authentication was okay. -->+2 moredata-toggle$_PFEX_LOGIN_OKAY$_PFEX_POST_INSERTED$_PFEX_DEBUG<script class="podigee-podcast-player" src="https://player.podigee-cdn.net/podcast-player/javascripts/podigee-podcast-player.js"