WP-Safety

Podigee WordPress Quick Publish – now with Gutenberg support! Security & Risk Analysis

wordpress.org/plugins/podigee

Let's you import metadata from your Podigee podcast feed right into the Wordpress post editor. Finally (since 1.0) compatible to Gutenberg.

800 active installs v1.4.0 PHP 7.3+ WP 6.0+ Updated Feb 15, 2024
feedpodcast
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Podigee WordPress Quick Publish – now with Gutenberg support! Safe to Use in 2026?

Generally Safe

Score 85/100

Podigee WordPress Quick Publish – now with Gutenberg support! has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "podigee" v1.4.0 plugin presents a mixed security posture. On the positive side, it boasts no known historical vulnerabilities and demonstrates good practices regarding SQL queries, exclusively using prepared statements. The limited attack surface, with only one shortcode and no unprotected AJAX handlers or REST API routes, is also a strength. However, significant concerns arise from the static analysis. The plugin exhibits a concerningly low output escaping rate (7%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, particularly given the presence of 14 output points. Furthermore, all three analyzed taint flows resulted in unsanitized paths, suggesting potential vulnerabilities for exploiting file operations or other sensitive functions, despite the lack of critical or high severity flags in the static analysis. The absence of nonce and capability checks is a major weakness, leaving functionalities exposed to unauthorized access and manipulation.

Key Concerns

  • Low output escaping rate (7%)
  • All taint flows have unsanitized paths
  • No nonce checks present
  • No capability checks present
  • File operations present (4)
  • External HTTP requests present (4)
Vulnerabilities
None known

Podigee WordPress Quick Publish – now with Gutenberg support! Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Podigee WordPress Quick Publish – now with Gutenberg support! Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
4
Bundled Libraries
0

Output Escaping

7% escaped14 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
pfex_plugin_admin_init (podigee-quick-publish.php:339)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Podigee WordPress Quick Publish – now with Gutenberg support! Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[podigee-player] podigee-quick-publish.php:73
WordPress Hooks 7
actionadd_meta_boxesadmin\class-podigee-qp.php:18
actionadmin_enqueue_scriptsadmin\class-podigee-qp.php:19
actionadmin_enqueue_scriptsadmin\class-podigee-qp.php:20
actionplugins_loadedpodigee-quick-publish.php:84
actionadmin_menupodigee-quick-publish.php:101
actioninitpodigee-quick-publish.php:333
actionadmin_initpodigee-quick-publish.php:418
Maintenance & Trust

Podigee WordPress Quick Publish – now with Gutenberg support! Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedFeb 15, 2024
PHP min version7.3
Downloads14K

Community Trust

Rating70/100
Number of ratings2
Active installs800
Alternatives

Podigee WordPress Quick Publish – now with Gutenberg support! Alternatives

PowerPress Podcasting plugin by Blubrry

PowerPress Podcasting plugin by Blubrry

powerpress

A
88

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs
Podcast Player – Your Podcasting Companion

Podcast Player – Your Podcasting Companion

podcast-player

A
100

Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.

10K No CVEs
Podcast Importer SecondLine

Podcast Importer SecondLine

podcast-importer-secondline

A
99

A simple podcast import tool for WordPress.

4K 2 CVEs
Podlove Subscribe button

Podlove Subscribe button

podlove-subscribe-button

A
95

Podlove Subscribe button allows your users to easily select a podcast feed and pass it along to their favorite podcast app.

2K 4 CVEs
RSS Feed Pro

RSS Feed Pro

rss-feed-pro

A
99

Display an RSS Feed in a widget, a page, or a post using a shortcode with any number of parameters. Sort the archive by Category, Year, and Author.

500 1 CVE
Developer Profile

Podigee WordPress Quick Publish – now with Gutenberg support! Developer Profile

podigee

2 plugins · 880 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Podigee WordPress Quick Publish – now with Gutenberg support!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/podigee-quick-publish/js/podigee-feedex.js/wp-content/plugins/podigee-quick-publish/js/podigee-qp-admin.js
Version Parameters
podigee-quick-publish/js/podigee-feedex.js?ver=podigee-quick-publish/js/podigee-qp-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
pfex-site-titlepfex-on-an-additional-notediv-pfex-successdiv-pfex-errorpfex-subheadpfex-toggle-hiddenpfex-option-section
HTML Comments
<!-- New post ids are stored in an array in $_PFEX_POST_INSERTED --><!-- Info section – maybe this can be removed in a future version. --><!-- - Visible when options are not set yet or authentication failed. --><!-- - Hidden when authentication was okay. -->+2 more
Data Attributes
data-toggle
JS Globals
$_PFEX_LOGIN_OKAY$_PFEX_POST_INSERTED$_PFEX_DEBUG
Shortcode Output
<script class="podigee-podcast-player" src="https://player.podigee-cdn.net/podcast-player/javascripts/podigee-podcast-player.js"
FAQ

Frequently Asked Questions about Podigee WordPress Quick Publish – now with Gutenberg support!