Post From Site Security & Risk Analysis
wordpress.org/plugins/post-from-siteWrite a post without leaving your site!
Is Post From Site Safe to Use in 2026?
Generally Safe
Score 85/100Post From Site has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "post-from-site" plugin v3.0.1 exhibits a generally strong security posture with a limited attack surface and no recorded vulnerabilities. The fact that all SQL queries use prepared statements and there are no critical or high-severity taint flows are significant strengths. The plugin also demonstrates an effort towards security by implementing numerous capability checks. However, several areas raise concerns. The presence of the `create_function` dangerous function is a known security risk, as it can be exploited for code injection if not handled with extreme caution. Furthermore, a very low percentage of output is properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on the single shortcode, which is the only identified entry point, also poses a potential security risk, as it could be abused in conjunction with other vulnerabilities or through social engineering. While the plugin has a clean vulnerability history, the identified code signals suggest that its current implementation is not entirely secure and requires attention to mitigate potential threats.
Key Concerns
- Dangerous function: create_function used
- Low output escaping percentage
- No nonce checks on entry points
Post From Site Security Vulnerabilities
Post From Site Release Timeline
Post From Site Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Post From Site Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Post From Site Maintenance & Trust
Maintenance Signals
Community Trust
Post From Site Alternatives
DJD Site Post
djd-site-post
Write and edit a post at the front end without leaving your site. Supports guest posts.
BP Site Post
bp-site-post
Designed to work with BuddyPress Group, Members Only and Friends posts this front end post editor comes with a wide range of features to allow you to …
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
wp-user-frontend
Create forms, guest posts, subscriptions, user directory, user registration, membership, frontend posts, profile builder, content restriction rules.
Frontend Admin by DynamiApps
acf-frontend-form-element
This awesome plugin allows you to easily display frontend forms on your site so your clients can easily edit content by themselves from the frontend.
User Submitted Posts – Enable Users to Submit Posts from the Front End
user-submitted-posts
Enable visitors to submit posts and images from the front-end of your site. Many features including anti-spam security, content restriction, and more.
Post From Site Developer Profile
4 plugins · 880 total installs
How We Detect Post From Site
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-from-site/pfs-style.css/wp-content/plugins/post-from-site/pfs-script.js/wp-content/plugins/post-from-site/css/pfs-admin-style.css/wp-content/plugins/post-from-site/js/pfs-admin-script.js/wp-content/plugins/post-from-site/pfs-script.jspost-from-site/pfs-style.css?ver=post-from-site/pfs-script.js?ver=post-from-site/css/pfs-admin-style.css?ver=post-from-site/js/pfs-admin-script.js?ver=HTML / DOM Fingerprints
pfs-formpfs-widget-titleTODOFocus in ChromeMove over to using WP's AJAX handlingAdd ability to post from the toolbar?+5 moreid="pfs_options"name="pfs_options[0][allow_anon]"name="pfs_options[0][default_author]"id="pfs_default_author"name="pfs_options[0][enable_captcha]"name="pfs_options[recaptcha_public_key]"+8 morevar PFS = {'ajaxurl':[post-from-site