WP-Safety

Post Preview Card Security & Risk Analysis

wordpress.org/plugins/post-preview-card

Post Preview Card is a Plugin that adds 3 beatiful widgets which previews posts in card shape. Made to be used with Elementor, Beaver or SiteOrigin pa …

10 active installs v2.0.3 PHP + WP 4.0.1+ Updated Jul 2, 2017
cardelementorpostpreviewwidget-for-elementor
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Post Preview Card Safe to Use in 2026?

Generally Safe

Score 85/100

Post Preview Card has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'post-preview-card' plugin version 2.0.3 exhibits a generally good security posture based on the provided static analysis. The absence of any entry points like AJAX handlers, REST API routes, or shortcodes significantly limits the potential attack surface. Furthermore, the code demonstrates strong practices by using prepared statements for all SQL queries and a high percentage of properly escaped output. The lack of dangerous functions, file operations, external HTTP requests, and the absence of vulnerability history also contribute to a positive security assessment. However, the static analysis does highlight two flows with unsanitized paths, which, while not classified as critical or high severity in the taint analysis, warrants attention as it indicates potential areas for injection vulnerabilities if the input data is not handled with sufficient sanitization in specific contexts. The complete absence of nonce and capability checks across all components, though currently not exploitable due to the limited attack surface, represents a potential weakness that could become a risk if new entry points are introduced in future versions without proper authentication and authorization mechanisms.

Key Concerns

  • Flows with unsanitized paths
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Post Preview Card Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Post Preview Card Release Timeline

v2.0.3Current
v2.0.2
v2.0.1
v2.0
v1.0
Code Analysis
Analyzed Mar 17, 2026

Post Preview Card Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
31
280 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped311 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
peaw_ajax_loader (includes\options\loaders\peaw_ajax_multiple_posts_loader.php:10)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post Preview Card Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 10
actionadmin_menuadmin\peaw-admin-class.php:36
actionadmin_initadmin\peaw-admin-class.php:39
actioninitadmin\peaw-admin-class.php:103
actionwp_enqueue_scriptsincludes\peaw-class.php:41
actionwidgets_initincludes\peaw-class.php:44
actionwidgets_initincludes\peaw-class.php:45
actionwidgets_initincludes\peaw-class.php:46
filtermanage_posts_columnsincludes\peaw-class.php:48
actionmanage_posts_custom_columnincludes\peaw-class.php:49
actionplugins_loadedincludes\peaw-class.php:163
Maintenance & Trust

Post Preview Card Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.0
Last updatedJul 2, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Post Preview Card Alternatives

Init Embed Posts – Stylish, Fast, Portable

Init Embed Posts – Stylish, Fast, Portable

init-embed-posts

A
100

Embed WordPress posts or products anywhere – like a Twitter Card. No iframe. No oEmbed. Just pure JS, full control, and beautiful design.

80 No CVEs
Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
Elementor Custom Skin

Elementor Custom Skin

ele-custom-skin

A
85

Create new skins for Elementor PRO 3.x page builder. Design your own skins for Post and Post Archive Widgets using Elementor Loop Templates.

100K No CVEs
Public Post Preview

Public Post Preview

public-post-preview

A
100

Allow anonymous users to preview a draft of a post before it is published.

100K No CVEs
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

A
96

Display WordPress posts in beautiful grid, list, slider, and filter layouts. Works with Gutenberg, Elementor, Divi, and Shortcodes.

100K 11 CVEs
Developer Profile

Post Preview Card Developer Profile

fernandoanael

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Preview Card

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-preview-card/public/css/bootstrap-btn.css/wp-content/plugins/post-preview-card/public/css/bootstrap-grid.css/wp-content/plugins/post-preview-card/public/css/bootstrap-card.css/wp-content/plugins/post-preview-card/public/css/peaw-original-layout.css/wp-content/plugins/post-preview-card/public/css/peaw-multiple-posts-style.css
Script Paths
/wp-content/plugins/post-preview-card/public/js/multiple-posts-ajax-loader.js

HTML / DOM Fingerprints

CSS Classes
peaw_multiple_posts
Data Attributes
data-peaw-widget-multiple-posts-loader
JS Globals
peaw_multiple_posts_ajax_loader
FAQ

Frequently Asked Questions about Post Preview Card