Does Post from RSS have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Post from RSS compatible with WordPress 6.5.8?

According to WordPress.org data, Post from RSS 1.0.1 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Post from RSS updated?

Post from RSS was last updated on Sep 25, 2024. Frequent updates are generally a positive security signal.

What is Post from RSS's security score?

Post from RSS has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post from RSS Security & Risk Analysis

wordpress.org/plugins/post-from-rss-feeds

This plugin fetches RSS feed items and creates WordPress posts automatically.

0 active installs v1.0.1 PHP + WP 5.0+ Updated Sep 25, 2024

automaticcustom-fieldfeedpostsrss

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Post from RSS Safe to Use in 2026?

Generally Safe

Score 92/100

Post from RSS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "post-from-rss-feeds" v1.0.1 plugin exhibits a strong security posture based on the provided static analysis results. There are no detected dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, or unsanitized taint flows. The complete absence of identified CVEs in its history further suggests a commitment to secure coding practices or a lack of past exploitation. The attack surface is minimal, with no AJAX handlers, REST API routes, or shortcodes, and the single cron event is not explicitly detailed as unprotected.

However, the lack of any capability checks or nonce checks across all entry points presents a significant concern. While the attack surface is currently small, any future expansion or introduction of functionality without proper authorization checks could easily lead to vulnerabilities. The absence of taint analysis flows being analyzed is also a limitation, as it means potential issues within the code's logic might not have been detected. Despite these potential blind spots, the plugin's current code appears to be written with a good understanding of fundamental security principles. The primary weakness lies in the lack of comprehensive authorization and input validation mechanisms, which are crucial for robust security in WordPress plugins.

Key Concerns

No capability checks found
No nonce checks found
Taint analysis not performed

Vulnerabilities

None known

Post from RSS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Post from RSS Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Post from RSS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Attack Surface

Post from RSS Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_initposts-from-rss.php:46

actionfetch_rss_to_posts_eventposts-from-rss.php:133

Scheduled Events 1

fetch_rss_to_posts_event

Maintenance & Trust

Post from RSS Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedSep 25, 2024

PHP min version

Downloads551

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Post from RSS Alternatives

Disable Feeds and Comments

disable-rss-feeds-and-comments

This WordPress plugin, "Disable RSS Feeds and Comments," gives you the ability to turn off both the RSS feeds and comments on pages and/or p …

400 No CVEs

Simple Custom Content

simple-custom-content

100

Easily add custom content to your WP Posts, Pages, and RSS Feeds.

100 No CVEs

Delay Posts From Appearing in WordPress RSS Feed

delay-posts-in-rss-feed

Beat content scrapers and save yourself from accidental publishing by delaying posts in your RSS feed.

50 No CVEs

Newsworthy Feed

newsworthy-feed

Newsworthy Feed enables you to get content from Newsworthy RSS feeds & save them as WP Posts.

20 No CVEs

RSS to Posts

rss-to-posts

A simple plugin to add multiple RSS feeds via the admin panel. These feeds will then be monitored, and any new posts will be imported hourly on a reg …

20 No CVEs

Developer Profile

Post from RSS Developer Profile

pathik

1 plugin · 0 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Post from RSS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ