Does Published By have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Published By compatible with WordPress 4.9.29?

According to WordPress.org data, Published By 1.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Published By updated?

Published By was last updated on Jun 11, 2018. Frequent updates are generally a positive security signal.

What is Published By's security score?

Published By has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Published By Security & Risk Analysis

wordpress.org/plugins/published-by

Track which user actually published a post, separate from who created the post. Display that info as a column in admin post listings.

60 active installs v1.3 PHP + WP 4.6+ Updated Jun 11, 2018

authoreditorpostpublishpublisher

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Published By Safe to Use in 2026?

Generally Safe

Score 85/100

Published By has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "published-by" plugin v1.3 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, file operations, external HTTP requests, and crucially, the lack of a significant attack surface (AJAX handlers, REST API routes, shortcodes, cron events) that is exposed without authentication or capability checks, are all positive indicators. The plugin also appears to be free from any recorded vulnerabilities, past or present, which suggests a history of secure development. However, the analysis does highlight a potential area for improvement regarding output escaping, with 17% of outputs not being properly escaped. While this may not currently represent a critical risk, it could become a vector for Cross-Site Scripting (XSS) vulnerabilities if malicious data is ever processed and displayed without adequate sanitization. The complete absence of taint analysis flows also means that the effectiveness of sanitization and the potential for more subtle vulnerabilities remain unconfirmed. Therefore, while the plugin is currently in a good security state, vigilance regarding output sanitization is recommended to maintain this high standard.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

Published By Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Published By Release Timeline

v1.3Current

v1.2

v1.1

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Published By Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

83% escaped6 total outputs

Attack Surface

Published By Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actioninitpublished-by.php:108

filtermanage_posts_columnspublished-by.php:121

actionmanage_posts_custom_columnpublished-by.php:122

filtermanage_pages_columnspublished-by.php:123

actionmanage_pages_custom_columnpublished-by.php:124

actionload-edit.phppublished-by.php:126

actionload-post.phppublished-by.php:127

actiontransition_post_statuspublished-by.php:128

actionpost_submitbox_misc_actionspublished-by.php:129

filterparse_querypublished-by.php:131

actionrestrict_manage_postspublished-by.php:132

actiondeleted_userpublished-by.php:134

actionadmin_headpublished-by.php:226

Maintenance & Trust

Published By Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJun 11, 2018

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Published By Alternatives

Darven – Who Published

darven-who-published

Preserves and displays the original user who published a post, even after edits or updates.

0 No CVEs

Pre-Publish Checklist

pre-publish-checklist

100

Easiest way to make sure your page or post is ready to go live

1K 1 CVE

Publish Post Email Notification

publish-post-email-notification

Publish post notification is plugin which will send an automatic email to its author when the post is published and approved by WP admin.

600 2 CVEs

Author Website Templates – Create Writer, Author & Publisher Websites Easily

author-website-templates

100

Effortlessly design stunning websites for authors, writers, publishers, and bloggers with Elementor using Author Website Templates.

500 No CVEs

Git it Write – Write posts from GitHub

git-it-write

Publish markdown files present in a GitHub repository as posts to WordPress automatically

100 No CVEs

Developer Profile

Published By Developer Profile

Scott Reilly

63 plugins · 92K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

374 days

View full developer profile

Detection Fingerprints

How We Detect Published By

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

published-by/style.css?ver=published-by/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

c2c-published-byc2c-published-by-guess

Data Attributes

data-c2c-published-by-post-id

JS Globals

c2c_published_by_settings

REST Endpoints

/wp-json/published-by/v1/settings

FAQ