WP-Safety

Related Posts By PickPlugins Security & Risk Analysis

wordpress.org/plugins/related-post

Display Related Post under post by taxonomy and terms.

4K active installs v2.0.66 PHP + WP 3.8+ Updated Dec 22, 2025
inline-related-postrelated-contentrelated-postrelated-postssimilar-posts
98
A · Safe
CVEs total3
Unpatched0
Last CVEMar 6, 2025
Plugin page Download
Safety Verdict

Is Related Posts By PickPlugins Safe to Use in 2026?

Generally Safe

Score 98/100

Related Posts By PickPlugins has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Mar 6, 2025Updated 4mo ago
Risk Assessment

The "related-post" plugin v2.0.66 exhibits a generally good security posture based on the static analysis, with a very high percentage of properly escaped outputs and no critical or high-severity vulnerabilities detected in taint analysis. The plugin also demonstrates an awareness of security best practices by implementing nonce and capability checks on its entry points. The limited attack surface, with no unprotected entry points, is a positive indicator.

However, the plugin's vulnerability history presents a significant concern. With three known medium-severity CVEs, including Cross-Site Request Forgery, Improper Access Control, and Cross-Site Scripting, it suggests a recurring pattern of vulnerabilities. The fact that these vulnerabilities were historically present, even if currently patched, indicates potential weaknesses in the development process that could resurface in future versions. While the current version shows no unpatched vulnerabilities, this history warrants careful monitoring and a cautious approach to deployment.

In conclusion, the "related-post" plugin v2.0.66 has strengths in its current code quality and implementation of basic security checks. Nevertheless, the past vulnerability record is a substantial weakness that should not be overlooked. Organizations should weigh the benefits of the plugin against the historical risk and consider the plugin vendor's responsiveness to security issues.

Key Concerns

  • Multiple medium severity CVEs historically
  • 50% of SQL queries not using prepared statements
Vulnerabilities
3 published

Related Posts By PickPlugins Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-12634medium · 6.1Cross-Site Request Forgery (CSRF)

Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Mar 6, 2025 Patched in 2.0.60 (1d)
CVE-2024-10937medium · 5.3Improper Access Control

Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure

Dec 4, 2024 Patched in 2.0.59 (1d)
CVE-2023-51666medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Related Post <= 2.0.53 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 30, 2023 Patched in 2.0.54 (54d)
Version History

Related Posts By PickPlugins Release Timeline

v2.0.65
v2.0.64
v2.0.63
v2.0.62
v2.0.61
v2.0.60
v2.0.591 CVE
CVE-2024-12634
v2.0.582 CVEs
CVE-2024-12634 CVE-2024-10937
v2.0.58b2 CVEs
CVE-2024-12634 CVE-2024-10937
v2.0.572 CVEs
CVE-2024-12634 CVE-2024-10937
v2.0.562 CVEs
CVE-2024-12634 CVE-2024-10937
v2.0.552 CVEs
CVE-2024-12634 CVE-2024-10937
v2.0.542 CVEs
CVE-2024-12634 CVE-2024-10937
v2.0.533 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
v2.0.52a3 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
v2.0.503 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
v2.0.493 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
v2.0.473 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
v2.0.463 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
v2.0.453 CVEs
CVE-2024-12634 CVE-2024-10937 CVE-2023-51666
Code Analysis
Analyzed Mar 16, 2026

Related Posts By PickPlugins Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
6
593 escaped
Nonce Checks
3
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

99% escaped599 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
related_post_ajax_get_post_ids (includes\functions.php:407)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Related Posts By PickPlugins Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_related_post_ajax_get_post_idsincludes\functions.php:455

Shortcodes 1

[related_post] includes\shortcodes.php:9
WordPress Hooks 39
actionadmin_noticesincludes\class-data-upgrade.php:10
actionadmin_menuincludes\class-data-upgrade.php:11
actionadd_meta_boxesincludes\class-post-meta.php:16
actionsave_postincludes\class-post-meta.php:17
actionadmin_menuincludes\class-settings.php:8
actionadmin_noticesincludes\class-upgrade.php:14
actionrelated_post_settings_content_generalincludes\functions-settings.php:7
actionrelated_post_settings_content_styleincludes\functions-settings.php:458
actionrelated_post_settings_content_queryincludes\functions-settings.php:618
actionrelated_post_settings_content_elementsincludes\functions-settings.php:712
actionrelated_post_settings_content_sliderincludes\functions-settings.php:1116
actionrelated_post_settings_content_statsincludes\functions-settings.php:1378
actionrelated_post_settings_tabs_right_panel_generalincludes\functions-settings.php:1484
actionrelated_post_settings_tabs_right_panel_queryincludes\functions-settings.php:1486
actionrelated_post_settings_tabs_right_panel_styleincludes\functions-settings.php:1487
actionrelated_post_settings_tabs_right_panel_elementsincludes\functions-settings.php:1488
actionrelated_post_settings_tabs_right_panel_sliderincludes\functions-settings.php:1489
actionrelated_post_settings_tabs_right_panel_statsincludes\functions-settings.php:1490
actionrelated_post_settings_tabs_right_panel_buy_proincludes\functions-settings.php:1491
actionrelated_post_settings_content_scriptsincludes\functions-settings.php:1536
actionrelated_post_settings_content_help_supportincludes\functions-settings.php:1598
actionrelated_post_settings_content_buy_proincludes\functions-settings.php:1723
actionthe_contentincludes\functions.php:22
actionthe_excerptincludes\functions.php:148
actioncomment_form_beforeincludes\functions.php:192
actioncomment_form_afterincludes\functions.php:223
filterwp_headincludes\functions.php:269
actionadmin_enqueue_scriptsrelated-post.php:48
actionwp_enqueue_scriptsrelated-post.php:49
actionadmin_enqueue_scriptsrelated-post.php:50
actionplugins_loadedrelated-post.php:51
actionrelated_post_maintemplates\related-post-hook.php:6
actionrelated_post_maintemplates\related-post-hook.php:49
actionrelated_post_loop_itemtemplates\related-post-hook.php:222
actionrelated_post_loop_item_element_post_titletemplates\related-post-hook.php:244
actionrelated_post_loop_item_element_post_thumbtemplates\related-post-hook.php:276
actionrelated_post_loop_item_element_post_excerpttemplates\related-post-hook.php:325
actionrelated_post_maintemplates\related-post-hook.php:361
actionrelated_post_maintemplates\related-post-hook.php:528
Maintenance & Trust

Related Posts By PickPlugins Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 22, 2025
PHP min version
Downloads199K

Community Trust

Rating92/100
Number of ratings39
Active installs4K
Alternatives

Related Posts By PickPlugins Alternatives

Inline Related Posts

Inline Related Posts

intelly-related-posts

A
97

Inline Related Posts AUTOMATICALLY inserts related posts INSIDE your content, capturing immediately the reader's attention.

100K 7 CVEs
Related Posts for WordPress

Related Posts for WordPress

related-posts-for-wp

A
91

The best WordPress plugin for related posts. Simple, flexible, powerful algorithm, and built-in caching. Fully setup with only 1 click!

20K 6 CVEs
Internal Linking of Related Contents

Internal Linking of Related Contents

internal-linking-of-related-contents

A
99

Internal Linking of Related Contents allows you to automatically insert inline related posts within your WordPress articles.

4K 1 CVE
Super Related Posts – Lightweight, High Performance Algorithm & Increase Traffic!

Super Related Posts – Lightweight, High Performance Algorithm & Increase Traffic!

super-related-posts

A
92

Related Posts Plugin to improve Traffic & Bounce-Rate with Superior Algorithm. ZERO Server Load & Highly Configurable Related Post Plugin.

10 No CVEs
Mevabi – Related Posts Inline

Mevabi – Related Posts Inline

mevabi-related-posts-inline

A
100

Display related posts inline within your content or at the end, with three modern designs and full color customization.

0 No CVEs
Developer Profile

Related Posts By PickPlugins Developer Profile

PickPlugins

14 plugins · 94K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
330 days
View full developer profile
Detection Fingerprints

How We Detect Related Posts By PickPlugins

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/related-post/assets/front/css/related-post.css/wp-content/plugins/related-post/assets/front/css/font-awesome-5.css/wp-content/plugins/related-post/assets/front/css/font-awesome-4.css/wp-content/plugins/related-post/assets/front/js/owl.carousel.min.js/wp-content/plugins/related-post/assets/front/css/owl.carousel.min.css/wp-content/plugins/related-post/assets/admin/js/scripts.js/wp-content/plugins/related-post/assets/settings-tabs/settings-tabs.js/wp-content/plugins/related-post/assets/settings-tabs/settings-tabs.css
Script Paths
related-post/assets/front/css/related-post.cssrelated-post/assets/front/css/font-awesome-5.cssrelated-post/assets/front/css/font-awesome-4.cssrelated-post/assets/front/js/owl.carousel.min.jsrelated-post/assets/front/css/owl.carousel.min.cssrelated-post/assets/admin/js/scripts.js+2 more

HTML / DOM Fingerprints

HTML Comments
<!-- Related Post -->
Data Attributes
data-related-post-iddata-related-post-auto-playdata-related-post-auto-play-timedata-related-post-navdata-related-post-dotsdata-related-post-margin+5 more
JS Globals
related_post_ajax
Shortcode Output
[related_post][related_post_category][related_post_tag][related_post_author]
FAQ

Frequently Asked Questions about Related Posts By PickPlugins