Does Posts in Page have any unpatched vulnerabilities?

No. All known vulnerabilities in Posts in Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Posts in Page compatible with WordPress 5.2.24?

According to WordPress.org data, Posts in Page 1.4.4 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Posts in Page updated?

Posts in Page was last updated on May 13, 2019. Frequent updates are generally a positive security signal.

What is Posts in Page's security score?

Posts in Page has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Posts in Page Security & Risk Analysis

wordpress.org/plugins/posts-in-page

Easily add one or more posts to any page using simple shortcodes.

10K active installs v1.4.4 PHP + WP 3.0+ Updated May 13, 2019

custom-post-typespagespostsshortcodetaxonomy

B · Generally Safe

CVEs total1

Unpatched0

Last CVEFeb 13, 2017

Plugin page Download

Safety Verdict

Is Posts in Page Safe to Use in 2026?

Mostly Safe

Score 84/100

Posts in Page is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Feb 13, 2017Updated 6yr ago

Risk Assessment

The "posts-in-page" plugin v1.4.4 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, proper SQL prepared statements, and correctly escaped output are positive indicators. The plugin also has a limited attack surface with no unprotected entry points identified in this analysis.

However, the plugin's vulnerability history is a significant concern. It has one known high-severity vulnerability classified as Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion), which was last patched in 2017. While currently unpatched vulnerabilities are zero, the presence of a past RFI vulnerability suggests a potential for critical security flaws if not diligently maintained. The lack of nonce checks and capability checks in the code analysis, while not directly exploitable in this version's entry points, could become weaknesses if new entry points are introduced or existing ones are modified without proper security controls.

In conclusion, while the current version of "posts-in-page" appears to be well-coded with good security practices in its static analysis, the historical vulnerability is a major red flag. Users should exercise caution and ensure they are running the latest available version of the plugin, if one exists and has addressed this past vulnerability. The lack of explicit nonce and capability checks warrants attention for future development or if the plugin's entry points were to change.

Key Concerns

Past high severity RFI vulnerability
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

Posts in Page Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2017-18585high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Posts in Page <= 1.2.4 - Authenticated Directory Traversal leading to Local File Inclusion

Feb 13, 2017 Patched in 1.3.0 (2535d)

Code Analysis

Analyzed Mar 16, 2026

Posts in Page Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped3 total outputs

Attack Surface

Posts in Page Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[ic_add_posts] posts_in_page.php:44

[ic_add_post] posts_in_page.php:45

WordPress Hooks 3

filterexcerpt_moreincludes\class-page-posts.php:226

actionadmin_menuposts_in_page.php:46

actionplugins_loadedposts_in_page.php:142

Maintenance & Trust

Posts in Page Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMay 13, 2019

PHP min version

Downloads378K

Community Trust

Rating88/100

Number of ratings86

Active installs10K

Alternatives

Posts in Page Alternatives

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

Author Filters

author-filters

Author filters plugin integrates an author filter drop down to sort listing on post, page, custom post type in admin.

1K No CVEs

xili-tidy-tags

xili-tidy-tags is a tool for grouping tags by semantic groups or by language and for creating tidy tag clouds.

1K 2 unpatched

Search by ID

search-by-id

Enables the user to search by post ID using the built-in search within the control panel. Works for all kinds of posts.

700 No CVEs

Developer Profile

Posts in Page Developer Profile

ivycat

3 plugins · 10K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

2535 days

View full developer profile

Detection Fingerprints

How We Detect Posts in Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/posts-in-page/admin/assets/css/post-page_styles.css/wp-content/plugins/posts-in-page/admin/assets/js/post-page_scripts.js

Script Paths

/wp-content/plugins/posts-in-page/admin/assets/js/post-page_scripts.js

Version Parameters

posts-in-page/admin/assets/css/post-page_styles.css?ver=posts-in-page/admin/assets/js/post-page_scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

postbox

Shortcode Output

[ic_add_posts][ic_add_posts post_type='post_type'][ic_add_posts showposts='5'][ic_add_posts orderby='title' order='ASC']

FAQ