WP-Safety

Quick Ajax Post Loader Security & Risk Analysis

wordpress.org/plugins/quick-ajax-post-loader

Load WordPress posts dynamically with AJAX for faster browsing, infinite scroll, and category filtering - no page reloads.

20 active installs v1.8.10 PHP 7.4+ WP 5.6+ Updated Mar 7, 2026
ajax-filterajax-load-morecategory-filterinfinite-scrollpost-grid
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Quick Ajax Post Loader Safe to Use in 2026?

Generally Safe

Score 100/100

Quick Ajax Post Loader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "quick-ajax-post-loader" plugin version 1.8.10 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in its SQL query handling, exclusively using prepared statements, and a high percentage of output escaping. It also shows a reasonable number of nonce and capability checks. However, a significant concern arises from its attack surface, with 6 out of 7 entry points lacking authentication checks. This large number of unprotected AJAX handlers is a primary risk factor.

The static analysis did not reveal any critical or high severity taint flows, suggesting that direct injection vulnerabilities might not be present based on the analyzed code. The plugin also has no recorded vulnerability history (CVEs), which could indicate a history of good security development or simply a lack of past scrutiny. Despite the lack of known vulnerabilities and the absence of dangerous functions, the substantial number of unprotected AJAX endpoints leaves the plugin exposed to potential brute-force attacks, unauthorized data manipulation, or denial-of-service attempts if these handlers perform sensitive operations.

Key Concerns

  • Unprotected AJAX handlers
  • No taint analysis data provided
Vulnerabilities
None known

Quick Ajax Post Loader Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Quick Ajax Post Loader Release Timeline

v1.8.10Current
v1.8.9
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.4
Code Analysis
Analyzed Apr 16, 2026

Quick Ajax Post Loader Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
224 escaped
Nonce Checks
3
Capability Checks
5
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

92% escaped243 total outputs
Attack Surface
6 unprotected

Quick Ajax Post Loader Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_qapl_action_get_taxonomies_by_post_typeincludes/ajax-controller/class-ajax-admin-controller.php:11
noprivwp_ajax_qapl_action_get_taxonomies_by_post_typeincludes/ajax-controller/class-ajax-admin-controller.php:12
authwp_ajax_qapl_action_get_terms_by_taxonomyincludes/ajax-controller/class-ajax-admin-controller.php:15
noprivwp_ajax_qapl_action_get_terms_by_taxonomyincludes/ajax-controller/class-ajax-admin-controller.php:16
authwp_ajax_qapl_action_load_postsincludes/ajax-controller/class-ajax-frontend-controller.php:11
noprivwp_ajax_qapl_action_load_postsincludes/ajax-controller/class-ajax-frontend-controller.php:12

Shortcodes 1

[qapl-quick-ajax] includes/shortcode/class-shortcode.php:143
WordPress Hooks 20
actionadmin_menuincludes/admin/class-admin-menu.php:9
actionadmin_menuincludes/admin/class-admin-menu.php:10
actionadmin_initincludes/admin/class-admin-menu.php:11
actionedit_form_after_titleincludes/admin/cpt/class-cpt-editor-form.php:19
actionpre_get_postsincludes/admin/cpt/creator/class-creator-columns.php:12
actionload-post.phpincludes/admin/cpt/creator/class-creator-editor.php:8
actionload-post-new.phpincludes/admin/cpt/creator/class-creator-editor.php:9
actioninitincludes/admin/cpt/creator/class-creator-post-type.php:8
actionedit_form_after_titleincludes/admin/cpt/creator/class-creator-shortcode-box.php:8
actioninitincludes/deprecated/class-deprecated-hooks-handler.php:12
actionadmin_noticesincludes/deprecated/class-deprecated-hooks-handler.php:13
actionwp_enqueue_scriptsincludes/enqueue/class-enqueue-handler.php:13
actionadmin_enqueue_scriptsincludes/enqueue/class-enqueue-handler.php:14
actioninitincludes/maintenance/class-updater.php:62
actionadmin_post_qapl_purge_unused_dataincludes/maintenance/class-updater.php:355
actionadmin_noticesincludes/resources/class-utilities.php:40
actionadmin_noticesquick-ajax-post-loader.php:23
actionadmin_noticesquick-ajax-post-loader.php:37
actionadmin_noticesquick-ajax-post-loader.php:56
actionplugins_loadedquick-ajax-post-loader.php:63
Maintenance & Trust

Quick Ajax Post Loader Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating100/100
Number of ratings3
Active installs20
Alternatives

Quick Ajax Post Loader Alternatives

Post Grid Master — Post Grids & AJAX Filters

Post Grid Master — Post Grids & AJAX Filters

ajax-filter-posts

C
62

Create post grids with AJAX filters, pagination, load more, infinite scroll, and custom post type support.

1K 1 unpatched
Ajax Load More – Infinite Scroll, Load More, & Lazy Load

Ajax Load More – Infinite Scroll, Load More, & Lazy Load

ajax-load-more

B
82

Add infinite scroll, lazy loading, and load more buttons to posts, pages, and WooCommerce products — fast and fully customizable for WordPress.

40K 17 CVEs
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A
88

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 24 CVEs
Load More Products for WooCommerce

Load More Products for WooCommerce

load-more-products-for-woocommerce

A
100

Load products from next page via AJAX with infinite scrolling or load more products button

20K No CVEs
Blog Filter Post Filtering

Blog Filter Post Filtering

blog-filter

A
96

Blog Filter helps users display posts in filterable grid and masonry layouts. Organize content by categories or tags with customizable designs.

7K 3 CVEs
Developer Profile

Quick Ajax Post Loader Developer Profile

Pawel Grzelkowski

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Quick Ajax Post Loader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quick-ajax-post-loader/css/style.css/wp-content/plugins/quick-ajax-post-loader/js/script.js/wp-content/plugins/quick-ajax-post-loader/css/admin-style.css/wp-content/plugins/quick-ajax-post-loader/js/admin-script.js
Script Paths
/wp-content/plugins/quick-ajax-post-loader/js/script.js/wp-content/plugins/quick-ajax-post-loader/js/admin-script.js
Version Parameters
quick-ajax-post-loader/css/style.css?ver=quick-ajax-post-loader/js/script.js?ver=quick-ajax-post-loader/css/admin-style.css?ver=quick-ajax-post-loader/js/admin-script.js?ver=

HTML / DOM Fingerprints

Data Attributes
qapl-quick-ajax-idqapl-term-filter-buttonqapl-sort-buttonqapl-load-more-buttonqapl-settings-wrapperqapl-query-setting-post-type+3 more
JS Globals
qapl_quick_ajax_dataqapl_quick_ajax_admin_data
FAQ

Frequently Asked Questions about Quick Ajax Post Loader