WP-Safety

Posts map Security & Risk Analysis

wordpress.org/plugins/posts-map

This plugin adds into a blog post an image where you can put icons that link other blog posts.

10 active installs v0.1.3 PHP + WP 2.7.0+ Updated May 19, 2011
pagepagespostsmapshort-codeshortcode
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 21, 2026
Download
Safety Verdict

Is Posts map Safe to Use in 2026?

Use With Caution

Score 63/100

Posts map has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 21, 2026Updated 15yr ago
Risk Assessment

The "posts-map" plugin v0.1.3 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The code analysis reveals no dangerous functions, all SQL queries utilize prepared statements, and all output is properly escaped, which are excellent security practices. Furthermore, there are no file operations or external HTTP requests, and the plugin has a very limited attack surface, with only one shortcode identified and no unprotected entry points. The absence of any recorded vulnerabilities, including critical or high severity ones, further strengthens this positive assessment. This indicates a likely well-maintained and secure plugin.

Key Concerns

  • No Nonce checks detected
  • No Capability checks detected
Vulnerabilities
1 published

Posts map Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-6236medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute

Apr 21, 2026Unpatched
Version History

Posts map Release Timeline

v0.1.3Current1 CVE
CVE-2026-6236
v0.1.21 CVE
CVE-2026-6236
v0.1.11 CVE
CVE-2026-6236
Code Analysis
Analyzed Mar 17, 2026

Posts map Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Posts map Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[posts-map] posts-map.php:25
Maintenance & Trust

Posts map Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4
Last updatedMay 19, 2011
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Posts map Alternatives

Display Posts – Easy lists, grids, navigation, and more

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

A
92

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs
Insert Pages

Insert Pages

insert-pages

A
99

Insert Pages lets you embed any WordPress content (e.g., pages, posts, custom post types) into other WordPress content using the Shortcode API.

40K 4 CVEs
Posts in Page

Posts in Page

posts-in-page

B
84

Easily add one or more posts to any page using simple shortcodes.

10K 1 CVE
List Pages Shortcode

List Pages Shortcode

list-pages-shortcode

A
85

Introduces the [list-pages], [sibling-pages] and [child-pages] shortcodes for easily displaying a list of pages within a post or page.

5K 1 CVE
WP Simple HTML Sitemap

WP Simple HTML Sitemap

wp-simple-html-sitemap

C
62

Using Simple HTML Sitemap plugin, you can add HTML Sitemap anywhere on the website using Shortcode.

3K 1 unpatched
Developer Profile

Posts map Developer Profile

lucdecri

5 plugins · 320 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Posts map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
id='posts-map_'
FAQ

Frequently Asked Questions about Posts map