Post From Site Security & Risk Analysis
wordpress.org/plugins/post-from-siteWrite a post without leaving your site!
Is Post From Site Safe to Use in 2026?
Generally Safe
Score 85/100Post From Site has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "post-from-site" plugin v3.0.1 exhibits a generally strong security posture with a limited attack surface and no recorded vulnerabilities. The fact that all SQL queries use prepared statements and there are no critical or high-severity taint flows are significant strengths. The plugin also demonstrates an effort towards security by implementing numerous capability checks. However, several areas raise concerns. The presence of the `create_function` dangerous function is a known security risk, as it can be exploited for code injection if not handled with extreme caution. Furthermore, a very low percentage of output is properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on the single shortcode, which is the only identified entry point, also poses a potential security risk, as it could be abused in conjunction with other vulnerabilities or through social engineering. While the plugin has a clean vulnerability history, the identified code signals suggest that its current implementation is not entirely secure and requires attention to mitigate potential threats.
Key Concerns
- Dangerous function: create_function used
- Low output escaping percentage
- No nonce checks on entry points
Post From Site Security Vulnerabilities
Post From Site Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Post From Site Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Post From Site Maintenance & Trust
Maintenance Signals
Community Trust
Post From Site Alternatives
DJD Site Post
djd-site-post
Write and edit a post at the front end without leaving your site. Supports guest posts.
BP Site Post
bp-site-post
Designed to work with BuddyPress Group, Members Only and Friends posts this front end post editor comes with a wide range of features to allow you to …
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
wp-user-frontend
Create forms, guest posts, subscriptions, user directory, user registration, membership, frontend posts, profile builder, content restriction rules.
Frontend Admin by DynamiApps
acf-frontend-form-element
This awesome plugin allows you to easily display frontend forms on your site so your clients can easily edit content by themselves from the frontend.
User Submitted Posts – Enable Users to Submit Posts from the Front End
user-submitted-posts
Enable visitors to submit posts and images from the front-end of your site. Many features including anti-spam security, content restriction, and more.
Post From Site Developer Profile
4 plugins · 890 total installs
How We Detect Post From Site
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-from-site/pfs-style.css/wp-content/plugins/post-from-site/pfs-script.js/wp-content/plugins/post-from-site/css/pfs-admin-style.css/wp-content/plugins/post-from-site/js/pfs-admin-script.js/wp-content/plugins/post-from-site/pfs-script.jspost-from-site/pfs-style.css?ver=post-from-site/pfs-script.js?ver=post-from-site/css/pfs-admin-style.css?ver=post-from-site/js/pfs-admin-script.js?ver=HTML / DOM Fingerprints
pfs-formpfs-widget-titleTODOFocus in ChromeMove over to using WP's AJAX handlingAdd ability to post from the toolbar?+5 moreid="pfs_options"name="pfs_options[0][allow_anon]"name="pfs_options[0][default_author]"id="pfs_default_author"name="pfs_options[0][enable_captcha]"name="pfs_options[recaptcha_public_key]"+8 morevar PFS = {'ajaxurl':[post-from-site