Post Useful Security & Risk Analysis

wordpress.org/plugins/post-useful

Allows users to enter if the post is useful or not.

10 active installs v1.0.1 PHP + WP 3.8+ Updated Aug 1, 2016
rateusefulvote
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Post Useful Safe to Use in 2026?

Generally Safe

Score 85/100

Post Useful has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'post-useful' plugin version 1.0.1 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, exclusively using prepared statements for SQL queries, and having no recorded vulnerability history. There are also no file operations or external HTTP requests, and no bundled libraries which reduces the attack surface in those areas.

However, significant security concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical weakness as it allows any unauthenticated user to interact with these handlers, potentially leading to unintended actions or information disclosure. Furthermore, there are no nonce checks or capability checks implemented on these entry points, compounding the risk. The code analysis also indicates that 67% of outputs are properly escaped, meaning one-third of the outputs are not escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is involved.

While the plugin has no known CVEs and a clean vulnerability history, this does not negate the immediate risks identified in the static analysis. The lack of authentication on AJAX handlers is a fundamental security flaw that requires immediate attention. The absence of taint analysis results is also noted, but the presence of unsanitized outputs and unprotected AJAX endpoints are sufficient to warrant caution. The plugin's strengths lie in its handling of database queries and lack of external dependencies, but the unprotected entry points and potential for XSS due to insufficient output escaping significantly weaken its overall security.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without nonce checks
  • AJAX handlers without capability checks
  • Unescaped output detected
Vulnerabilities
None known

Post Useful Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Post Useful Release Timeline

v1.0.1Current
Code Analysis
Analyzed Apr 16, 2026

Post Useful Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
1
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

67% escaped3 total outputs
Attack Surface
2 unprotected

Post Useful Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_send_ratepost-useful.php:72
noprivwp_ajax_send_ratepost-useful.php:73
WordPress Hooks 6
actionadmin_enqueue_scriptsadmin/class-post-useful-options.php:54
actionplugins_loadedpost-useful.php:63
actionwp_enqueue_scriptspost-useful.php:66
filterthe_contentpost-useful.php:69
actionplugins_loadedpost-useful.php:214
actionafter_setup_themepost-useful.php:218
Maintenance & Trust

Post Useful Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedAug 1, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Post Useful Developer Profile

Leo Baiano

9 plugins · 860 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Useful

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-useful/assets/css/main.css/wp-content/plugins/post-useful/assets/js/main.js
Script Paths
assets/js/main.js

HTML / DOM Fingerprints

CSS Classes
wrap-post-usefulpost_useful_post_useful_successpost_useful_buttons_post-useful-votepost-useful-vote-yespost-useful-vote-nopost_useful_active
Data Attributes
data-iddata-rate
JS Globals
postUsefulAjax
REST Endpoints
/wp-json/
FAQ

Frequently Asked Questions about Post Useful