Does Pre-Publish Checklist have any unpatched vulnerabilities?

No. All known vulnerabilities in Pre-Publish Checklist have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pre-Publish Checklist compatible with WordPress 6.6.5?

According to WordPress.org data, Pre-Publish Checklist 1.1.4 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Pre-Publish Checklist compatible with PHP 5.6+?

Pre-Publish Checklist requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pre-Publish Checklist updated?

Pre-Publish Checklist was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is Pre-Publish Checklist's security score?

Pre-Publish Checklist has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pre-Publish Checklist Security & Risk Analysis

wordpress.org/plugins/pre-publish-checklist

Easiest way to make sure your page or post is ready to go live

1K active installs v1.1.4 PHP 5.6+ WP 4.7+ Updated Jan 19, 2026

blog-publish-checklistcross-check-post-or-pageeditorial-checklistpost-publish-checklistpre-publish-checklist

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2023

Download

Safety Verdict

Is Pre-Publish Checklist Safe to Use in 2026?

Generally Safe

Score 100/100

Pre-Publish Checklist has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2023Updated 2mo ago

Risk Assessment

The pre-publish-checklist plugin version 1.1.4 exhibits a generally good security posture, with strong adherence to best practices in several critical areas. The static analysis reveals no dangerous functions, all SQL queries are properly prepared, and the vast majority of output is correctly escaped, indicating a focus on preventing common web vulnerabilities. Furthermore, the plugin implements a commendable number of nonce and capability checks across its AJAX handlers, and its attack surface is entirely protected by these measures. The absence of shortcodes, cron events, and REST API routes, along with no external HTTP requests or file operations, further limits potential attack vectors.

However, a review of the vulnerability history reveals one past CVE related to 'Authorization Bypass Through User-Controlled Key'. While this vulnerability is noted as currently unpatched, its specific severity (medium) and the fact that it was identified in September 2023 suggest that it might be addressed in later versions or that its impact is limited. The taint analysis shows no critical or high severity flows, and no unsanitized paths, which is a positive sign. The plugin's strengths lie in its robust input validation and output sanitization, but the past authorization bypass vulnerability, even if medium severity, warrants attention to ensure it remains addressed.

Key Concerns

1 previously patched medium severity CVE

Vulnerabilities

Pre-Publish Checklist Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-44151medium · 5.3Authorization Bypass Through User-Controlled Key

Pre-Publish Checklist <= 1.1.1 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update

Sep 22, 2023 Patched in 1.1.2 (123d)

Code Analysis

Analyzed Mar 16, 2026

Pre-Publish Checklist Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

85 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped89 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ppc_save_data (classes\class-ppc-loader.php:285)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Pre-Publish Checklist Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_ppc_checklistitem_addclasses\class-ppc-loader.php:54

authwp_ajax_ppc_checklistitem_deleteclasses\class-ppc-loader.php:55

authwp_ajax_ppc_checklistitem_dragclasses\class-ppc-loader.php:56

authwp_ajax_ppc_checklistitem_editclasses\class-ppc-loader.php:57

authwp_ajax_ppc_ajax_add_changeclasses\class-ppc-pagesetups.php:59

authwp_ajax_ppc_ajax_delete_changeclasses\class-ppc-pagesetups.php:60

WordPress Hooks 11

actionadmin_enqueue_scriptsclasses\class-ppc-loader.php:52

actioninitclasses\class-ppc-loader.php:53

actionadmin_initclasses\class-ppc-pagesetups.php:55

actionadmin_initclasses\class-ppc-pagesetups.php:56

actionadd_meta_boxesclasses\class-ppc-pagesetups.php:57

actionadmin_menuclasses\class-ppc-pagesetups.php:58

actionadmin_footerclasses\class-ppc-pagesetups.php:61

actionrestrict_manage_postsclasses\class-ppc-pagesetups.php:62

filterpre_get_postsclasses\class-ppc-pagesetups.php:63

actionadmin_initclasses\class-ppc-update.php:56

actionwpclasses\class-ppc-update.php:58

Maintenance & Trust

Pre-Publish Checklist Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJan 19, 2026

PHP min version5.6

Downloads30K

Community Trust

Rating100/100

Number of ratings11

Active installs1K

Alternatives

Pre-Publish Checklist Alternatives

Pre-Publish Post Checklist

pre-publish-post-checklist

With Pre-Publish Post Checklist, you’ll never have to worry about accidentally publishing a post.

100 1 unpatched

Outreachboard

outreachboard

100

A plugin that helps automate and manage guest author submissions with checklists, syncing, and secure publishing workflows.

0 No CVEs

Developer Profile

Pre-Publish Checklist Developer Profile

Pratik Chaskar

16 plugins · 14K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

131 days

View full developer profile

Detection Fingerprints

How We Detect Pre-Publish Checklist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pre-publish-checklist/assets/css/ppc-backend.css/wp-content/plugins/pre-publish-checklist/assets/css/ppc-frontend.css

Script Paths

/wp-content/plugins/pre-publish-checklist/assets/js/ppc-backend.js/wp-content/plugins/pre-publish-checklist/assets/js/ppc-frontend.js/wp-content/plugins/pre-publish-checklist/assets/js/ppc-admin-menu.js

Version Parameters

pre-publish-checklist/assets/css/ppc-backend.css?ver=pre-publish-checklist/assets/css/ppc-frontend.css?ver=pre-publish-checklist/assets/js/ppc-backend.js?ver=pre-publish-checklist/assets/js/ppc-frontend.js?ver=pre-publish-checklist/assets/js/ppc-admin-menu.js?ver=

HTML / DOM Fingerprints

CSS Classes

ppc-checklist-containerppc-meta-box-wrapppc-admin-menu-wrap

HTML Comments

+1 more

Data Attributes

data-ppc-post-typedata-ppc-checklist-itemdata-ppc-checklist-status

JS Globals

ppc_ajax_objectppc_data_vars

FAQ