
Post Useful Security & Risk Analysis
wordpress.org/plugins/post-usefulAllows users to enter if the post is useful or not.
Is Post Useful Safe to Use in 2026?
Generally Safe
Score 85/100Post Useful has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'post-useful' plugin version 1.0.1 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, exclusively using prepared statements for SQL queries, and having no recorded vulnerability history. There are also no file operations or external HTTP requests, and no bundled libraries which reduces the attack surface in those areas.
However, significant security concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical weakness as it allows any unauthenticated user to interact with these handlers, potentially leading to unintended actions or information disclosure. Furthermore, there are no nonce checks or capability checks implemented on these entry points, compounding the risk. The code analysis also indicates that 67% of outputs are properly escaped, meaning one-third of the outputs are not escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is involved.
While the plugin has no known CVEs and a clean vulnerability history, this does not negate the immediate risks identified in the static analysis. The lack of authentication on AJAX handlers is a fundamental security flaw that requires immediate attention. The absence of taint analysis results is also noted, but the presence of unsanitized outputs and unprotected AJAX endpoints are sufficient to warrant caution. The plugin's strengths lie in its handling of database queries and lack of external dependencies, but the unprotected entry points and potential for XSS due to insufficient output escaping significantly weaken its overall security.
Key Concerns
- AJAX handlers without auth checks
- AJAX handlers without nonce checks
- AJAX handlers without capability checks
- Unescaped output detected
Post Useful Security Vulnerabilities
Post Useful Release Timeline
Post Useful Code Analysis
SQL Query Safety
Output Escaping
Post Useful Attack Surface
AJAX Handlers 2
WordPress Hooks 6
Maintenance & Trust
Post Useful Maintenance & Trust
Maintenance Signals
Community Trust
Post Useful Alternatives
bbPress Voting
bbp-voting
Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!
bbPress Votes
bbpress-votes
Allows logged users to vote up or down to topics and replies inside bbPress, just like you can on StackOverflow for example.
Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings
rate-star-review
Boost engagement with AJAX-driven star ratings, reviews, vote buttons for content.
Zaki Like Dislike Comments
zaki-like-dislike-comments
This plugin implements a "like/dislike" rating system for comments
Like And Who Likes
like-and-who-likes
Adds the 'Like' button and 'Who Likes' list for WordPress, BuddyPress and BBPress.
Post Useful Developer Profile
9 plugins · 860 total installs
How We Detect Post Useful
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-useful/assets/css/main.css/wp-content/plugins/post-useful/assets/js/main.jsassets/js/main.jsHTML / DOM Fingerprints
wrap-post-usefulpost_useful_post_useful_successpost_useful_buttons_post-useful-votepost-useful-vote-yespost-useful-vote-nopost_useful_activedata-iddata-ratepostUsefulAjax/wp-json/