WP-Safety

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Security & Risk Analysis

wordpress.org/plugins/publishpress

PublishPress Planner has all the tools you need to plan WordPress content including a Content Calendar, Content Overview, and Kanban Board.

6K active installs v4.7.2 PHP 7.2.5+ WP 5.5+ Updated Dec 5, 2025
content-overvieweditorial-calendarkanban-boardmarketingmarketing-calendar
100
A · Safe
CVEs total1
Unpatched0
Last CVESep 6, 2021
Plugin page Download
Safety Verdict

Is Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Safe to Use in 2026?

Generally Safe

Score 100/100

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 6, 2021Updated 3mo ago
Risk Assessment

The PublishPress plugin, version 4.7.2, exhibits a mixed security posture. On one hand, it demonstrates good security practices by extensively utilizing prepared statements for SQL queries (91%) and implementing robust output escaping (88%), along with a significant number of nonce and capability checks. This suggests a general awareness of secure coding principles within the development team. However, a notable concern is the presence of 8 AJAX handlers without authentication checks, representing a significant portion of its attack surface. While taint analysis shows no critical or high-severity vulnerabilities, the existence of flows with unsanitized paths warrants attention. The plugin's vulnerability history reveals a single medium-severity Cross-Site Scripting (XSS) vulnerability discovered in 2021. The absence of currently unpatched vulnerabilities and the historical focus on XSS, a common WordPress vulnerability type, are positive signs. Despite the strong implementation of many security features, the unprotected AJAX endpoints present a clear risk that could be exploited by authenticated users with lower privileges or even unauthenticated users if not properly secured by WordPress's general security mechanisms. Overall, the plugin is generally well-secured but requires attention to its exposed AJAX endpoints.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths
  • Bundled outdated library jQuery v3.6.0
Vulnerabilities
1

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-c1b0ac88-8afd-4e46-9721-7aab91090e37-publishpressmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PublishPress: Editorial Calendar, Workflow, Comments, Notifications and Statuses <= 3.5.0 - Cross-Site Scripting

Sep 6, 2021 Patched in 3.5.1 (869d)
Code Analysis
Analyzed Mar 16, 2026

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
42 prepared
Unescaped Output
271
1966 escaped
Nonce Checks
61
Capability Checks
81
File Operations
2
External Requests
0
Bundled Libraries
2

Bundled Libraries

jQuery3.6.0Select2

SQL Query Safety

91% prepared46 total queries

Output Escaping

88% escaped2237 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

25 flows4 with unsanitized paths
extra_tablenav (modules\notifications-log\library\NotificationsLogTable.php:548)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Attack Surface

Entry Points30
Unprotected8

AJAX Handlers 30

authwp_ajax_pp_calendar_ics_subscriptionmodules\calendar\calendar.php:313
noprivwp_ajax_pp_calendar_ics_subscriptionmodules\calendar\calendar.php:314
authwp_ajax_publishpress_calendar_search_authorsmodules\calendar\calendar.php:325
authwp_ajax_publishpress_calendar_search_termsmodules\calendar\calendar.php:326
authwp_ajax_publishpress_calendar_get_datamodules\calendar\calendar.php:327
authwp_ajax_publishpress_calendar_move_itemmodules\calendar\calendar.php:328
authwp_ajax_publishpress_calendar_get_post_datamodules\calendar\calendar.php:329
authwp_ajax_publishpress_calendar_get_post_type_fieldsmodules\calendar\calendar.php:330
authwp_ajax_publishpress_calendar_create_itemmodules\calendar\calendar.php:331
authwp_ajax_publishpress_content_board_search_authorsmodules\content-board\content-board.php:209
authwp_ajax_publishpress_content_board_search_categoriesmodules\content-board\content-board.php:210
authwp_ajax_publishpress_content_board_get_form_fieldsmodules\content-board\content-board.php:211
authwp_ajax_publishpress_content_board_update_post_statusmodules\content-board\content-board.php:212
authwp_ajax_publishpress_content_board_update_schedule_periodmodules\content-board\content-board.php:213
authwp_ajax_publishpress_content_overview_search_authorsmodules\content-overview\content-overview.php:218
authwp_ajax_publishpress_content_overview_search_categoriesmodules\content-overview\content-overview.php:219
authwp_ajax_publishpress_content_overview_get_form_fieldsmodules\content-overview\content-overview.php:220
authwp_ajax_publishpress_ajax_insert_commentmodules\editorial-comments\editorial-comments.php:114
authwp_ajax_publishpress_ajax_edit_commentmodules\editorial-comments\editorial-comments.php:115
authwp_ajax_publishpress_ajax_delete_commentmodules\editorial-comments\editorial-comments.php:116
authwp_ajax_publishpress_editorial_search_postmodules\editorial-comments\editorial-comments.php:117
authwp_ajax_publishpress_editorial_search_usermodules\editorial-comments\editorial-comments.php:118
authwp_ajax_update_term_positionsmodules\editorial-metadata\editorial-metadata.php:162
authwp_ajax_pp_migrate_ef_datamodules\efmigration\efmigration.php:100
authwp_ajax_pp_finish_migrationmodules\efmigration\efmigration.php:101
authwp_ajax_pp_notifications_user_post_subscriptionmodules\notifications\notifications.php:157
authwp_ajax_publishpress_search_postmodules\notifications-log\notifications-log.php:119
authwp_ajax_publishpress_search_workflowmodules\notifications-log\notifications-log.php:120
authwp_ajax_publishpress_view_notificationmodules\notifications-log\notifications-log.php:121
authwp_ajax_publishpress_content_search_meta_keyspublishpress.php:179
WordPress Hooks 165
filterscreen_settingscommon\php\screen-options.php:60
actionadmin_print_scriptscommon\php\screen-options.php:61
actionpublishpress_notifications_running_for_postmodules\async-notifications\async-notifications.php:105
filterdebug_informationmodules\async-notifications\async-notifications.php:107
filterpublishpress_notifications_stop_sync_notificationsmodules\async-notifications\async-notifications.php:108
actiontemplate_includemodules\calendar\calendar.php:295
filterpublishpress_admin_menu_slugmodules\calendar\calendar.php:308
actionpublishpress_admin_menu_pagemodules\calendar\calendar.php:309
actionpublishpress_admin_submenumodules\calendar\calendar.php:310
actionadmin_initmodules\calendar\calendar.php:321
actionadmin_print_stylesmodules\calendar\calendar.php:322
actionadmin_enqueue_scriptsmodules\calendar\calendar.php:323
actionadmin_initmodules\calendar\calendar.php:334
filterpost_date_column_statusmodules\calendar\calendar.php:336
filterpp_calendar_after_form_submission_sanitize_titlemodules\calendar\calendar.php:338
filterpp_calendar_after_form_submission_sanitize_contentmodules\calendar\calendar.php:339
filterpp_calendar_after_form_submission_sanitize_authormodules\calendar\calendar.php:340
filterpp_calendar_after_form_submission_validate_authormodules\calendar\calendar.php:341
filteradmin_body_classmodules\calendar\calendar.php:342
actionclean_post_cachemodules\calendar\calendar.php:346
filterpp_calendar_total_weeksmodules\calendar\calendar.php:374
filterpp_calendar_ics_subscription_start_datemodules\calendar\calendar.php:375
filterposts_wheremodules\calendar\calendar.php:1370
filterposts_orderbymodules\calendar\library\calendar-methods.php:1616
filterwp_insert_post_datamodules\calendar\library\calendar-methods.php:1781
actionadmin_initmodules\content-board\content-board.php:204
actionadmin_initmodules\content-board\content-board.php:207
filterpublishpress_admin_menu_slugmodules\content-board\content-board.php:216
actionpublishpress_admin_menu_pagemodules\content-board\content-board.php:217
actionpublishpress_admin_submenumodules\content-board\content-board.php:218
actionadmin_enqueue_scriptsmodules\content-board\content-board.php:221
actionadmin_enqueue_scriptsmodules\content-board\content-board.php:222
filteradmin_body_classmodules\content-board\content-board.php:224
filterposts_wheremodules\content-board\content-board.php:1519
actionadmin_initmodules\content-overview\content-overview.php:213
actionadmin_initmodules\content-overview\content-overview.php:216
filterpublishpress_admin_menu_slugmodules\content-overview\content-overview.php:223
actionpublishpress_admin_menu_pagemodules\content-overview\content-overview.php:224
actionpublishpress_admin_submenumodules\content-overview\content-overview.php:225
actionadmin_enqueue_scriptsmodules\content-overview\content-overview.php:228
actionadmin_enqueue_scriptsmodules\content-overview\content-overview.php:229
filteradmin_body_classmodules\content-overview\content-overview.php:231
filterposts_wheremodules\content-overview\content-overview.php:1469
actionwp_dashboard_setupmodules\dashboard\dashboard.php:94
actionadmin_initmodules\dashboard\dashboard.php:97
actionadmin_initmodules\dashboard\widgets\dashboard-notepad.php:65
actionadmin_initmodules\debug\debug.php:95
actionadmin_bar_menumodules\debug\debug.php:96
actionadmin_menumodules\debug\debug.php:97
actionadmin_enqueue_scriptsmodules\debug\debug.php:98
actionpublishpress_debug_write_logmodules\debug\debug.php:102
actionadd_meta_boxesmodules\editorial-comments\editorial-comments.php:111
actionadmin_initmodules\editorial-comments\editorial-comments.php:112
actionadmin_enqueue_scriptsmodules\editorial-comments\editorial-comments.php:113
actionadmin_initmodules\editorial-comments\editorial-comments.php:119
filterremovable_query_argsmodules\editorial-comments\editorial-comments.php:120
actionpublishpress_admin_submenumodules\editorial-comments\editorial-comments.php:122
filterpublishpress_calendar_get_post_datamodules\editorial-comments\editorial-comments.php:126
actionadmin_noticesmodules\editorial-comments\editorial-comments.php:1129
actionadmin_noticesmodules\editorial-comments\editorial-comments.php:1139
actionadmin_noticesmodules\editorial-comments\editorial-comments.php:1158
actionadmin_noticesmodules\editorial-comments\editorial-comments.php:1176
actionadmin_noticesmodules\editorial-comments\editorial-comments.php:1184
actionadmin_initmodules\editorial-metadata\editorial-metadata.php:151
actionadmin_initmodules\editorial-metadata\editorial-metadata.php:154
actionadmin_initmodules\editorial-metadata\editorial-metadata.php:158
actionadmin_initmodules\editorial-metadata\editorial-metadata.php:159
actionadmin_initmodules\editorial-metadata\editorial-metadata.php:160
actionadmin_initmodules\editorial-metadata\editorial-metadata.php:161
actiontransition_post_statusmodules\editorial-metadata\editorial-metadata.php:164
actionadd_meta_boxesmodules\editorial-metadata\editorial-metadata.php:168
filtermanage_posts_columnsmodules\editorial-metadata\editorial-metadata.php:170
filtermanage_pages_columnsmodules\editorial-metadata\editorial-metadata.php:171
actionmanage_pages_custom_columnmodules\editorial-metadata\editorial-metadata.php:172
actionmanage_posts_custom_columnmodules\editorial-metadata\editorial-metadata.php:173
filterpublishpress_calendar_get_post_datamodules\editorial-metadata\editorial-metadata.php:177
filterpp_story_budget_term_columnsmodules\editorial-metadata\editorial-metadata.php:182
filterpp_story_budget_term_column_valuemodules\editorial-metadata\editorial-metadata.php:184
actionpublishpress_admin_submenumodules\editorial-metadata\editorial-metadata.php:193
actionadmin_enqueue_scriptsmodules\editorial-metadata\editorial-metadata.php:196
actionparse_querymodules\editorial-metadata\editorial-metadata.php:277
actionadmin_menumodules\efmigration\efmigration.php:97
actionadmin_noticesmodules\efmigration\efmigration.php:98
actionadmin_initmodules\efmigration\efmigration.php:99
actionadmin_enqueue_scriptsmodules\efmigration\efmigration.php:104
actionadmin_print_stylesmodules\efmigration\efmigration.php:105
actionadmin_initmodules\efmigration\efmigration.php:108
actionadmin_noticesmodules\efmigration\efmigration.php:279
actionadmin_enqueue_scriptsmodules\improved-notifications\improved-notifications.php:135
actionadmin_initmodules\improved-notifications\improved-notifications.php:137
filterget_sample_permalink_htmlmodules\improved-notifications\improved-notifications.php:140
filterpost_row_actionsmodules\improved-notifications\improved-notifications.php:141
actionshow_user_profilemodules\improved-notifications\improved-notifications.php:148
actionedit_user_profilemodules\improved-notifications\improved-notifications.php:149
actionpersonal_options_updatemodules\improved-notifications\improved-notifications.php:151
actionedit_user_profile_updatemodules\improved-notifications\improved-notifications.php:152
actionadmin_print_stylesmodules\improved-notifications\improved-notifications.php:154
filteradmin_footer_textmodules\improved-notifications\improved-notifications.php:157
actionsave_postmodules\improved-notifications\improved-notifications.php:160
filterpublishpress_slack_enable_notificationsmodules\improved-notifications\improved-notifications.php:163
actionwp_after_insert_postmodules\improved-notifications\improved-notifications.php:169
actionwp_after_insert_postmodules\improved-notifications\improved-notifications.php:170
actionpp_post_insert_editorial_commentmodules\improved-notifications\improved-notifications.php:173
actionset_object_termsmodules\improved-notifications\improved-notifications.php:176
filterpp_notification_send_email_message_headersmodules\improved-notifications\improved-notifications.php:179
actionpp_initmodules\improved-notifications\improved-notifications.php:186
filterpsppno_default_channelmodules\improved-notifications\improved-notifications.php:188
filterpublishpress_notifications_stop_sync_notificationsmodules\improved-notifications\improved-notifications.php:190
filterpublishpress_notifications_schedule_notificationmodules\improved-notifications\improved-notifications.php:192
actionadmin_initmodules\modules-settings\modules-settings.php:73
actionadmin_enqueue_scriptsmodules\modules-settings\modules-settings.php:74
actionadd_meta_boxesmodules\notifications\notifications.php:129
actionadmin_initmodules\notifications\notifications.php:131
actionadmin_enqueue_scriptsmodules\notifications\notifications.php:134
actionadmin_enqueue_scriptsmodules\notifications\notifications.php:135
actionadmin_headmodules\notifications\notifications.php:140
filterpost_row_actionsmodules\notifications\notifications.php:142
filterpage_row_actionsmodules\notifications\notifications.php:143
filterpp_calendar_item_actionsmodules\notifications\notifications.php:145
filterpp_story_budget_item_actionsmodules\notifications\notifications.php:146
actiontransition_post_statusmodules\notifications\notifications.php:163
filterpp_notification_auto_subscribe_post_authormodules\notifications\notifications.php:170
filterpp_notification_auto_subscribe_current_usermodules\notifications\notifications.php:176
actionpp_post_insert_editorial_commentmodules\notifications\notifications.php:183
actiondelete_usermodules\notifications\notifications.php:184
actionpp_send_scheduled_notificationmodules\notifications\notifications.php:185
actionsave_postmodules\notifications\notifications.php:187
actionpp_send_notification_status_updatemodules\notifications\notifications.php:189
actionpp_send_notification_commentmodules\notifications\notifications.php:190
actionadmin_enqueue_scriptsmodules\notifications-log\notifications-log.php:114
actionpublishpress_admin_submenumodules\notifications-log\notifications-log.php:116
filterset-screen-optionmodules\notifications-log\notifications-log.php:118
actionadmin_initmodules\notifications-log\notifications-log.php:122
actionpublishpress_notif_notification_sendingmodules\notifications-log\notifications-log.php:125
actionpublishpress_notifications_skipped_duplicatedmodules\notifications-log\notifications-log.php:126
filterpublishpress_notifications_scheduled_datamodules\notifications-log\notifications-log.php:133
actionpublishpress_notifications_scheduled_cron_taskmodules\notifications-log\notifications-log.php:134
actionpublishpress_notifications_async_notification_sentmodules\notifications-log\notifications-log.php:135
actionadmin_initmodules\settings\settings.php:84
filterpublishpress_admin_menu_slugmodules\settings\settings.php:86
actionpublishpress_admin_menu_pagemodules\settings\settings.php:87
actionpublishpress_admin_submenumodules\settings\settings.php:88
actionadmin_print_stylesmodules\settings\settings.php:90
actionadmin_print_scriptsmodules\settings\settings.php:91
actionadmin_enqueue_scriptsmodules\settings\settings.php:92
actionpublishpress_after_moving_calendar_itemmodules\theeventscalendar-integration\theeventscalendar-integration.php:73
filterpp_calendar_posts_query_argsmodules\theeventscalendar-integration\theeventscalendar-integration.php:74
actionplugins_loadedpublishpress.php:86
actioninitpublishpress.php:161
actioninitpublishpress.php:162
actioninitpublishpress.php:163
actionadmin_menupublishpress.php:164
actionadmin_enqueue_scriptspublishpress.php:166
filtercustom_menu_orderpublishpress.php:169
filterdebug_informationpublishpress.php:173
filtercme_plugin_capabilitiespublishpress.php:175
actionadmin_initpublishpress.php:177
filteruse_block_editor_for_post_typepublishpress.php:394
filtergutenberg_can_edit_post_typepublishpress.php:395
actionadd_meta_boxespublishpress.php:397
actioninitpublishpress.php:1451
actionadmin_noticespublishpress.php:1459
actionupgrader_process_completestatuses-intro.php:59
actionadmin_enqueue_scriptsstatuses-intro.php:81
actionadmin_enqueue_scriptsstatuses-intro.php:120

Scheduled Events 1

pp_send_scheduled_notification
Maintenance & Trust

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 5, 2025
PHP min version7.2.5
Downloads431K

Community Trust

Rating98/100
Number of ratings178
Active installs6K
Alternatives

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Alternatives

CoSchedule

CoSchedule

coschedule-by-todaymade

A
96

The only marketing suite that helps you organize all of your marketing in one place.

3K 3 CVEs
Nelio Content – Editorial Calendar & Social Media Auto-Posting

Nelio Content – Editorial Calendar & Social Media Auto-Posting

nelio-content

A
96

Editorial calendar and social media auto-posting for WordPress. Plan content, schedule shares, and grow reach with powerful automations.

5K 3 CVEs
Hostinger Reach – AI-Powered Email Marketing for WordPress

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

A
100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

A
96

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

A
91

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs
Developer Profile

Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner Developer Profile

PublishPress

11 plugins · 272K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
321 days
View full developer profile
Detection Fingerprints

How We Detect Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/publishpress/modules/content-templates/assets/css/content-templates.css/wp-content/plugins/publishpress/modules/content-templates/assets/js/content-templates.js/wp-content/plugins/publishpress/modules/editor-buttons/assets/css/editor-buttons.css/wp-content/plugins/publishpress/modules/editor-buttons/assets/js/editor-buttons.js/wp-content/plugins/publishpress/modules/notifications/assets/css/notifications.css/wp-content/plugins/publishpress/modules/notifications/assets/js/notifications.js/wp-content/plugins/publishpress/modules/revision-history/assets/css/revision-history.css/wp-content/plugins/publishpress/modules/revision-history/assets/js/revision-history.js+10 more
Script Paths
/wp-content/plugins/publishpress/modules/content-templates/assets/js/content-templates.js/wp-content/plugins/publishpress/modules/editor-buttons/assets/js/editor-buttons.js/wp-content/plugins/publishpress/modules/notifications/assets/js/notifications.js/wp-content/plugins/publishpress/modules/revision-history/assets/js/revision-history.js/wp-content/plugins/publishpress/modules/status/assets/js/status.js/wp-content/plugins/publishpress/modules/tasks/assets/js/tasks.js+3 more
Version Parameters
publishpress/static/css/admin.css?ver=publishpress/static/js/admin.js?ver=publishpress/modules/content-templates/assets/css/content-templates.css?ver=publishpress/modules/content-templates/assets/js/content-templates.js?ver=publishpress/modules/editor-buttons/assets/css/editor-buttons.css?ver=publishpress/modules/editor-buttons/assets/js/editor-buttons.js?ver=publishpress/modules/notifications/assets/css/notifications.css?ver=publishpress/modules/notifications/assets/js/notifications.js?ver=publishpress/modules/revision-history/assets/css/revision-history.css?ver=publishpress/modules/revision-history/assets/js/revision-history.js?ver=publishpress/modules/status/assets/css/status.css?ver=publishpress/modules/status/assets/js/status.js?ver=publishpress/modules/tasks/assets/css/tasks.css?ver=publishpress/modules/tasks/assets/js/tasks.js?ver=publishpress/modules/version-notices/assets/css/version-notices.css?ver=publishpress/modules/version-notices/assets/js/version-notices.js?ver=publishpress/modules/workflows/assets/css/workflows.css?ver=publishpress/modules/workflows/assets/js/workflows.js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-admin-menupublishpress-modulepp-content-templates-wrappp-editor-buttons-wrappp-notifications-wrappp-revision-history-wrappp-status-wrappp-tasks-wrap+4 more
HTML Comments
<!-- PublishPress Core --><!-- PublishPress Planner --><!-- PublishPress Instance Protection -->
Data Attributes
data-pp-moduledata-pp-content-template-id
JS Globals
window.publishpresswindow.PP_Adminwindow.PP_Content_Templateswindow.PP_Editor_Buttonswindow.PP_Notificationswindow.PP_Revision_History+3 more
REST Endpoints
/wp-json/publishpress/v1/content-templates/wp-json/publishpress/v1/editor-buttons/wp-json/publishpress/v1/notifications/wp-json/publishpress/v1/revision-history/wp-json/publishpress/v1/status/wp-json/publishpress/v1/tasks/wp-json/publishpress/v1/workflows
FAQ

Frequently Asked Questions about Editorial Calendar, Marketing Content, Kanban Board – PublishPress Planner