WP-Safety

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Security & Risk Analysis

wordpress.org/plugins/publishpress-checklists

Define checklist tasks to complete before publishing posts. Make sure your content meets your requirements.

3K active installs v2.26.0 PHP 7.2.5+ WP 5.5+ Updated Jan 27, 2026
approvalchecklistmaximumminimumrequirement
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Safe to Use in 2026?

Generally Safe

Score 100/100

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The PublishPress Checklists plugin, in version 2.26.0, demonstrates a generally strong security posture with several good practices evident in the static analysis. The complete absence of unprotected AJAX handlers and REST API routes, along with a significant number of capability checks and nonce checks, indicates a good level of diligence in securing entry points. The high percentage of properly escaped output (85%) is also a positive sign, mitigating common cross-site scripting (XSS) vulnerabilities.

However, there are specific areas of concern that warrant attention. The plugin performs two SQL queries, neither of which are using prepared statements. This lack of prepared statements for all SQL queries presents a risk of SQL injection vulnerabilities, especially if any of the input feeding these queries is not meticulously sanitized, despite the absence of critical taint analysis findings. Furthermore, the presence of two flows with unsanitized paths in the taint analysis, even without critical or high severity, suggests potential for path traversal or file inclusion vulnerabilities if these flows are exploited in conjunction with insufficiently validated user input.

The plugin's vulnerability history is remarkably clean, with zero known CVEs recorded. This is a significant strength and suggests a well-maintained codebase or a history of proactive security measures. However, it's important to note that past security performance does not guarantee future immunity. The combination of the SQL query issue and the unsanitized path flows, coupled with the lack of historical vulnerabilities (which could mean less scrutiny), means that a careful approach to the identified code signals is still necessary.

Key Concerns

  • SQL queries without prepared statements
  • Flows with unsanitized paths (non-critical)
Vulnerabilities
None known

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
56
308 escaped
Nonce Checks
9
Capability Checks
10
File Operations
0
External Requests
1
Bundled Libraries
2

Bundled Libraries

Select24.0.13TinyMCE

SQL Query Safety

0% prepared2 total queries

Output Escaping

85% escaped364 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
options_page_controller (modules\settings\settings.php:658)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_pp_checklists_openai_requirementcore\Requirement\Openai_item.php:80
authwp_ajax_pp_checklists_prohibited_categorycore\Requirement\Prohibited_categories.php:74
authwp_ajax_pp_checklists_prohibited_tagcore\Requirement\Prohibited_tags.php:74
authwp_ajax_pp_checklists_required_categorycore\Requirement\Required_categories.php:74
authwp_ajax_pp_checklists_required_tagcore\Requirement\Required_tags.php:74
authwp_ajax_ppch_reset_custom_labelsmodules\settings\settings.php:104
WordPress Hooks 56
filterpublishpress_checklists_rules_listcore\API\LabelMapper.php:27
actioninitcore\API\Loader.php:28
actioninitcore\Legacy\LegacyPlugin.php:44
actioninitcore\Legacy\LegacyPlugin.php:45
actioninitcore\Legacy\LegacyPlugin.php:46
actionadmin_menucore\Legacy\LegacyPlugin.php:47
filtercustom_menu_ordercore\Legacy\LegacyPlugin.php:50
filterdebug_informationcore\Legacy\LegacyPlugin.php:54
actioninitcore\Plugin.php:53
filterplugin_row_metacore\Plugin.php:62
actionpublishpress_checklists_load_requirementscore\Requirement\Base_requirement.php:83
filterpublishpress_checklists_requirements_default_optionscore\Requirement\Base_requirement.php:97
filterpublishpress_checklists_validate_requirement_settingscore\Requirement\Base_requirement.php:98
filterpublishpress_checklists_requirement_listcore\Requirement\Base_requirement.php:99
filterpublishpress_checklists_requirement_instancescore\Requirement\Base_requirement.php:100
filterpublishpress_checklists_filter_field_tabscore\Utils\FieldsTabs.php:83
actionadmin_initmodules\checklists\checklists.php:131
actionpublishpress_checklists_admin_menu_pagemodules\checklists\checklists.php:460
actionpublishpress_checklists_admin_submenumodules\checklists\checklists.php:461
actionadd_meta_boxesmodules\checklists\checklists.php:462
actionsave_postmodules\checklists\checklists.php:463
actionenqueue_block_editor_assetsmodules\checklists\checklists.php:464
filterpublishpress_checklists_post_type_requirementsmodules\checklists\checklists.php:466
filterpublishpress_checklists_post_typesmodules\checklists\checklists.php:472
actionadmin_initmodules\checklists\checklists.php:474
actionadmin_initmodules\checklists\checklists.php:475
filtermce_external_pluginsmodules\checklists\checklists.php:478
actionadmin_enqueue_scriptsmodules\checklists\checklists.php:480
actionadmin_enqueue_scriptsmodules\checklists\checklists.php:481
filterpublishpress_checklists_rules_listmodules\checklists\checklists.php:489
filterpublishpress_checklists_requirement_listmodules\checklists\checklists.php:491
actionadmin_initmodules\checklists\checklists.php:494
actionpublishpress_checklists_load_addonsmodules\permalinks\permalinks.php:82
filterpublishpress_checklists_post_type_requirementsmodules\permalinks\permalinks.php:98
actionpublishpress_checklists_enqueue_scriptsmodules\permalinks\permalinks.php:99
actionpublishpress_checklists_tasks_list_thmodules\permissions\permissions.php:98
actionpublishpress_checklists_tasks_list_tdmodules\permissions\permissions.php:99
filterpublishpress_checklists_ignore_item_capabilitymodules\permissions\permissions.php:100
filterpublishpress_checklists_requirement_listmodules\permissions\permissions.php:101
filterpublishpress_checklists_validate_requirement_settingsmodules\permissions\permissions.php:102
actionadmin_initmodules\settings\settings.php:99
actionadmin_initmodules\settings\settings.php:100
actionpublishpress_checklists_admin_submenumodules\settings\settings.php:102
actionadmin_noticesmodules\settings\settings.php:105
actionadmin_head-edit.phpmodules\settings\settings.php:107
actionadmin_head-edit.phpmodules\settings\settings.php:108
actionadmin_print_stylesmodules\settings\settings.php:109
actionadmin_print_scriptsmodules\settings\settings.php:110
actionadmin_enqueue_scriptsmodules\settings\settings.php:111
filterpublishpress_checklists_validate_module_settingsmodules\settings\settings.php:112
filterpublishpress_checklists_settings_tabsmodules\settings\settings.php:113
actionpublishpress_checklists_load_addonsmodules\yoastseo\yoastseo.php:85
filterpublishpress_checklists_post_type_requirementsmodules\yoastseo\yoastseo.php:102
actionpublishpress_checklists_enqueue_scriptsmodules\yoastseo\yoastseo.php:111
filterplugin_row_metapublishpress-checklists.php:99
actionplugins_loadedpublishpress-checklists.php:140
Maintenance & Trust

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 27, 2026
PHP min version7.2.5
Downloads166K

Community Trust

Rating100/100
Number of ratings24
Active installs3K
Alternatives

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Alternatives

Order Minimum/Maximum Amount Limits for WooCommerce

Order Minimum/Maximum Amount Limits for WooCommerce

order-minimum-amount-for-woocommerce

A
99

Implement minimum/maximum order amounts, regulate quantity, weight, volume, dimensions, and apply user-role-specific conditions with Order Minimum/Max …

10K 1 CVE
Minimum and Maximum Quantity for WooCommerce

Minimum and Maximum Quantity for WooCommerce

min-and-max-quantity-for-woocommerce

A
99

Allow you to set a minimum or maximum purchase quantity for the WooCommerce store.

4K 1 CVE
Min Max Step Quantity Limits Manager for WooCommerce

Min Max Step Quantity Limits Manager for WooCommerce

product-quantity-for-woocommerce

A
99

Define a min/max, step, decimal & default quantity for products, show a dropdown and much more on WooCommerce stores.

4K 1 CVE
Quantities and Units for WooCommerce

Quantities and Units for WooCommerce

quantities-and-units-for-woocommerce

C
63

Easily require your customers to buy a minimum / maximum / incremental amount of products. Supports decimal quantities.

1K 1 unpatched
Order Limit for WooCommerce – Set Order Restrictions, Min and Max Amount/Quantity, Cart Control, and Checkout Restrictions

Order Limit for WooCommerce – Set Order Restrictions, Min and Max Amount/Quantity, Cart Control, and Checkout Restrictions

wc-order-limit-lite

A
99

Set WooCommerce order limits with ease. Control min/max quantities, cart totals, category rules, user role restrictions, and checkout limit.

900 2 CVEs
Developer Profile

PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements Developer Profile

PublishPress

11 plugins · 272K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
321 days
View full developer profile
Detection Fingerprints

How We Detect PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/publishpress-checklists/assets/css/admin/settings.css/wp-content/plugins/publishpress-checklists/assets/js/admin/settings.js/wp-content/plugins/publishpress-checklists/assets/css/editor.css/wp-content/plugins/publishpress-checklists/assets/js/editor.js/wp-content/plugins/publishpress-checklists/assets/css/frontend.css/wp-content/plugins/publishpress-checklists/assets/js/frontend.js/wp-content/plugins/publishpress-checklists/assets/css/frontend/checker-notice.css/wp-content/plugins/publishpress-checklists/assets/js/frontend/checker-notice.js+46 more
Script Paths
/wp-content/plugins/publishpress-checklists/assets/js/admin/settings.js/wp-content/plugins/publishpress-checklists/assets/js/editor.js/wp-content/plugins/publishpress-checklists/assets/js/frontend.js/wp-content/plugins/publishpress-checklists/assets/js/frontend/checker-notice.js/wp-content/plugins/publishpress-checklists/assets/js/admin/modules/checklist.js/wp-content/plugins/publishpress-checklists/assets/js/admin/modules/permissions.js+21 more
Version Parameters
publishpress-checklists/assets/css/admin/settings.css?ver=publishpress-checklists/assets/js/admin/settings.js?ver=publishpress-checklists/assets/css/editor.css?ver=publishpress-checklists/assets/js/editor.js?ver=publishpress-checklists/assets/css/frontend.css?ver=publishpress-checklists/assets/js/frontend.js?ver=publishpress-checklists/assets/css/frontend/checker-notice.css?ver=publishpress-checklists/assets/js/frontend/checker-notice.js?ver=publishpress-checklists/assets/css/admin/modules/checklist.css?ver=publishpress-checklists/assets/js/admin/modules/checklist.js?ver=publishpress-checklists/assets/css/admin/modules/permissions.css?ver=publishpress-checklists/assets/js/admin/modules/permissions.js?ver=publishpress-checklists/assets/css/admin/modules/features.css?ver=publishpress-checklists/assets/js/admin/modules/features.js?ver=publishpress-checklists/assets/css/admin/dashboard.css?ver=publishpress-checklists/assets/js/admin/dashboard.js?ver=publishpress-checklists/assets/css/admin/posts.css?ver=publishpress-checklists/assets/js/admin/posts.js?ver=publishpress-checklists/assets/css/admin/setup-wizard.css?ver=publishpress-checklists/assets/js/admin/setup-wizard.js?ver=publishpress-checklists/assets/css/admin/post-new.css?ver=publishpress-checklists/assets/js/admin/post-new.js?ver=publishpress-checklists/assets/css/admin/welcome.css?ver=publishpress-checklists/assets/js/admin/welcome.js?ver=publishpress-checklists/assets/css/admin/dashboard-widgets.css?ver=publishpress-checklists/assets/js/admin/dashboard-widgets.js?ver=publishpress-checklists/assets/css/admin/categories-taxonomy.css?ver=publishpress-checklists/assets/js/admin/categories-taxonomy.js?ver=publishpress-checklists/assets/css/admin/tags-taxonomy.css?ver=publishpress-checklists/assets/js/admin/tags-taxonomy.js?ver=publishpress-checklists/assets/css/admin/users-profile.css?ver=publishpress-checklists/assets/js/admin/users-profile.js?ver=publishpress-checklists/assets/css/admin/users-list.css?ver=publishpress-checklists/assets/js/admin/users-list.js?ver=publishpress-checklists/assets/css/admin/admin-bar.css?ver=publishpress-checklists/assets/js/admin/admin-bar.js?ver=publishpress-checklists/assets/css/admin/modules/advanced-editor-buttons.css?ver=publishpress-checklists/assets/js/admin/modules/advanced-editor-buttons.js?ver=publishpress-checklists/assets/css/admin/modules/dashboard.css?ver=publishpress-checklists/assets/js/admin/modules/dashboard.js?ver=publishpress-checklists/assets/css/admin/modules/features.css?ver=publishpress-checklists/assets/js/admin/modules/features.js?ver=publishpress-checklists/assets/css/admin/modules/permissions.css?ver=publishpress-checklists/assets/js/admin/modules/permissions.js?ver=publishpress-checklists/assets/css/admin/modules/setup-wizard.css?ver=publishpress-checklists/assets/js/admin/modules/setup-wizard.js?ver=publishpress-checklists/assets/css/admin/modules/welcome.css?ver=publishpress-checklists/assets/js/admin/modules/welcome.js?ver=publishpress-checklists/assets/css/admin/modules/workflows.css?ver=publishpress-checklists/assets/js/admin/modules/workflows.js?ver=publishpress-checklists/assets/css/admin/editor-buttons.css?ver=publishpress-checklists/assets/js/admin/editor-buttons.js?ver=publishpress-checklists/assets/css/admin/dashboard-overview.css?ver=publishpress-checklists/assets/js/admin/dashboard-overview.js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-checklist-itempp-checklist-metaboxpp-checklist-editor-controlspp-checklist-progress-barpp-checklist-status-iconpp-checklist-add-item-buttonpp-checklist-editor-messagepp-checklist-frontend-message+48 more
HTML Comments
<!-- PublishPress Checklists --><!-- publishpress-checklists --><!-- PublishPress Checklists - START --><!-- PublishPress Checklists - END -->+2 more
Data Attributes
data-checklist-iddata-checklist-item-iddata-checklist-statusdata-checklist-post-iddata-checklist-term-iddata-checklist-user-id+19 more
JS Globals
PublishPressChecklistsppchppch_editor_paramsppch_settings_paramsppch_frontend_paramsppch_admin_bar_params+16 more
REST Endpoints
/wp-json/publishpress-checklists/v1/checklist-items/wp-json/publishpress-checklists/v1/settings/wp-json/publishpress-checklists/v1/checklists
FAQ

Frequently Asked Questions about PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements