Does Recent Posts Only have any unpatched vulnerabilities?

No. All known vulnerabilities in Recent Posts Only have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Recent Posts Only compatible with WordPress 3.3.2?

According to WordPress.org data, Recent Posts Only 1.0.2 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Recent Posts Only updated?

Recent Posts Only was last updated on May 17, 2012. Frequent updates are generally a positive security signal.

What is Recent Posts Only's security score?

Recent Posts Only has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Recent Posts Only Security & Risk Analysis

wordpress.org/plugins/recent-posts-only

Restricts posts displayed on the home page to a specified length of time.

10 active installs v1.0.2 PHP + WP 3.0+ Updated May 17, 2012

homelooppostsreadingrecent

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Recent Posts Only Safe to Use in 2026?

Generally Safe

Score 85/100

Recent Posts Only has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The recent-posts-only plugin v1.0.2 exhibits a strong security posture regarding its attack surface and known vulnerabilities. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits potential entry points for attackers. Furthermore, the plugin has no recorded CVEs, indicating a history of secure development or prompt patching. The code analysis shows a positive trend with all SQL queries utilizing prepared statements, a critical security practice. However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin, if user-controlled or dynamic, could be vulnerable to cross-site scripting (XSS) attacks. While the taint analysis shows no identified malicious flows, the lack of proper output escaping creates a latent risk that could be exploited if such flows were introduced in future versions or if dynamically generated content is present.