WP-Safety

Posts Bridge – Remote CMS Security & Risk Analysis

wordpress.org/plugins/posts-bridge

Synchronize backend data with WordPress post collections over HTTP APIs, enabling remote and automated web content management.

20 active installs v4.1.3 PHP 8.0+ WP 6.7+ Updated Feb 15, 2026
automationhttp-apiintegrationproductivitysynchronization
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Posts Bridge – Remote CMS Safe to Use in 2026?

Generally Safe

Score 100/100

Posts Bridge – Remote CMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'posts-bridge' plugin v4.1.3 demonstrates a generally good security posture with several positive indicators. The absence of dangerous functions, proper SQL prepared statement usage, and a high percentage of output escaping suggest the developers are adhering to secure coding practices. The plugin also has no recorded vulnerabilities or CVEs, which is a strong sign of its historical stability and security. However, there are some areas for concern. The presence of one REST API route without a permission callback creates a potential entry point for unauthorized access or manipulation, which is a notable weakness. Additionally, the plugin utilizes file operations and makes external HTTP requests, which, while not inherently insecure, increase the attack surface and require careful implementation to prevent potential vulnerabilities.

Key Concerns

  • REST API route without permission callback
Vulnerabilities
None known

Posts Bridge – Remote CMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Posts Bridge – Remote CMS Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
3
80 escaped
Nonce Checks
2
Capability Checks
3
File Operations
13
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

96% escaped83 total outputs
Attack Surface
1 unprotected

Posts Bridge – Remote CMS Attack Surface

Entry Points9
Unprotected1

REST API Routes 7

GET/wp-json/posts-bridge/v1/jwt/authdeps\http\includes\jwt.php:25
GET/wp-json/posts-bridge/v1/jwt/validatedeps\http\includes\jwt.php:35
GET/wp-json/posts-bridge/v1/oauth/grantdeps\http\includes\oauth.php:23
GET/wp-json/posts-bridge/v1/oauth/revokedeps\http\includes\oauth.php:34
GET/wp-json/posts-bridge/v1/oauth/redirectdeps\http\includes\oauth.php:45
GET/wp-json/posts-bridge/v1/logs/includes\class-logger.php:264
GET/wp-json/posts-bridge/v1/http/schemasincludes\class-rest-settings-controller.php:163

Shortcodes 2

[posts_bridge_remote_fields] includes\shortcodes.php:18
[posts_bridge_remote_callback] includes\shortcodes.php:19
WordPress Hooks 63
filterposts_bridge_bridge_schemaaddons\airtable\hooks.php:12
filterposts_bridge_plugin_register_settingsaddons\airtable\hooks.php:97
filteroption_posts-bridge_httpaddons\airtable\hooks.php:116
filterposts_bridge_bridge_schemaaddons\dolibarr\hooks.php:12
filterposts_bridge_bridge_schemaaddons\gcalendar\hooks.php:12
filterposts_bridge_http_oauth_urladdons\gcalendar\hooks.php:31
filterposts_bridge_plugin_register_settingsaddons\gcalendar\hooks.php:125
filteroption_posts-bridge_httpaddons\gcalendar\hooks.php:144
filterposts_bridge_bridge_schemaaddons\grist\hooks.php:12
filterposts_bridge_plugin_register_settingsaddons\grist\hooks.php:97
filteroption_posts-bridge_httpaddons\grist\hooks.php:116
filterposts_bridge_bridge_schemaaddons\gsheets\hooks.php:12
filterposts_bridge_http_oauth_urladdons\gsheets\hooks.php:31
filterposts_bridge_plugin_register_settingsaddons\gsheets\hooks.php:125
filteroption_posts-bridge_httpaddons\gsheets\hooks.php:144
filterposts_bridge_bridge_schemaaddons\holded\hooks.php:12
filterposts_bridge_plugin_register_settingsaddons\holded\hooks.php:78
filteroption_posts-bridge_httpaddons\holded\hooks.php:99
filterhttp_request_argsaddons\nextcloud\class-nextcloud-addon.php:255
filterposts_bridge_bridge_schemaaddons\nextcloud\hooks.php:12
filterposts_bridge_http_requestaddons\odoo\class-odoo-post-bridge.php:205
filterposts_bridge_http_backend_headersaddons\odoo\class-odoo-post-bridge.php:217
filterposts_bridge_bridge_schemaaddons\odoo\hooks.php:12
filterposts_bridge_bridge_schemaaddons\wp\hooks.php:12
actioninitcustom-blocks\remote-fields\remote-fields.php:12
filterposts_bridge_http_backendsdeps\http\includes\class-backend.php:74
filterposts_bridge_http_credentialsdeps\http\includes\class-credential.php:275
actioninitdeps\http\includes\class-http-setting.php:135
filterposts_bridge_http_backendsdeps\http\includes\class-http-setting.php:156
filterposts_bridge_http_credentialsdeps\http\includes\class-http-setting.php:157
actiondetermine_current_userdeps\http\includes\jwt.php:17
filterrest_pre_dispatchdeps\http\includes\jwt.php:18
actionrest_api_initdeps\http\includes\jwt.php:19
actionrest_api_initdeps\http\includes\oauth.php:17
actionadmin_menudeps\plugin\class-menu.php:63
actioninitdeps\plugin\class-plugin.php:141
filterplugin_action_linksdeps\plugin\class-plugin.php:149
actionrest_api_initdeps\plugin\class-rest-settings-controller.php:144
actionposts_bridge_plugin_registered_settingsdeps\plugin\class-rest-settings-controller.php:151
actionadmin_initdeps\plugin\class-settings-form.php:90
actionadmin_enqueue_scriptsdeps\plugin\class-settings-form.php:120
filterposts_bridge_plugin_register_settingsdeps\plugin\class-settings-store.php:115
filterposts_bridge_plugin_registered_settingsdeps\plugin\class-settings-store.php:145
actioninitdeps\plugin\class-settings-store.php:174
filterposts_bridge_bridgesincludes\class-addon.php:384
filterposts_bridge_remote_cptsincludes\class-addon.php:411
actioninitincludes\class-custom-post-type.php:336
filterposts_bridge_custom_post_typesincludes\class-custom-post-type.php:344
actionrest_api_initincludes\class-logger.php:219
actionthe_postincludes\class-posts-bridge.php:63
actionrest_api_initincludes\class-posts-bridge.php:73
actionadmin_enqueue_scriptsincludes\class-posts-bridge.php:83
filterplugin_action_linksincludes\class-posts-bridge.php:92
actionin_plugin_update_message-posts-bridge/posts-bridge.phpincludes\class-posts-bridge.php:114
actionupdated_optionincludes\class-posts-synchronizer.php:268
actionadded_optionincludes\class-posts-synchronizer.php:279
filtercron_schedulesincludes\class-posts-synchronizer.php:290
actionadmin_enqueue_scriptsincludes\class-posts-synchronizer.php:297
actionwp_enqueue_scriptsincludes\class-posts-synchronizer.php:309
filterquery_varsincludes\class-posts-synchronizer.php:318
actioninitincludes\class-posts-synchronizer.php:326
filterrest_pre_dispatchincludes\class-rest-remote-posts-controller.php:87
actioninitincludes\shortcodes.php:10
Maintenance & Trust

Posts Bridge – Remote CMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 15, 2026
PHP min version8.0
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Posts Bridge – Remote CMS Alternatives

Air WP Sync – Airtable to WordPress

Air WP Sync – Airtable to WordPress

air-wp-sync

A
100

Swiftly sync Airtable to your WordPress website!

1K No CVEs
Forms Bridge – Infinite integrations

Forms Bridge – Infinite integrations

forms-bridge

A
99

Seamlessly connect WordPress forms to CRMs, ERPs, and APIs — no coding required. Automate data flow with field mappers, custom fields, and workflows.

70 1 CVE
Zapier for WordPress

Zapier for WordPress

zapier

A
98

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs
Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

A
98

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE
Publish to Schedule

Publish to Schedule

publish-to-schedule

A
99

Automate your WordPress post scheduling with Publish to Schedule. Set rules for days and times to publish posts automatically, saving you time and ens …

5K 2 CVEs
Developer Profile

Posts Bridge – Remote CMS Developer Profile

Còdec

2 plugins · 90 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Posts Bridge – Remote CMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/posts-bridge/custom-blocks/remote-fields/remote-fields.php/wp-content/plugins/posts-bridge/deps/plugin/class-plugin.php/wp-content/plugins/posts-bridge/deps/http/index.php/wp-content/plugins/posts-bridge/includes/class-api.php/wp-content/plugins/posts-bridge/includes/class-custom-post-type.php/wp-content/plugins/posts-bridge/includes/class-json-finger.php/wp-content/plugins/posts-bridge/includes/class-openapi.php/wp-content/plugins/posts-bridge/includes/class-rest-settings-controller.php+13 more
Script Paths
/wp-content/plugins/posts-bridge/deps/plugin/admin-form.js
Version Parameters
posts-bridge/admin-form.css?ver=posts-bridge/admin-form.js?ver=

HTML / DOM Fingerprints

CSS Classes
posts-bridge-fieldset-controlposts-bridge-admin-style
Data Attributes
data-action
JS Globals
POSTS_BRIDGE
REST Endpoints
/wp-json/posts-bridge/v1/settings/wp-json/posts-bridge/v1/remote-posts
Shortcode Output
[posts_bridge_remote_list[posts_bridge_remote_item[posts_bridge_remote_excerpt[posts_bridge_remote_title
FAQ

Frequently Asked Questions about Posts Bridge – Remote CMS