Related Post Shortcode Security & Risk Analysis
wordpress.org/plugins/related-post-shortcodeA simple WP plugin that add a TinyMCE button and popin to easily add a related post section in a post.
Is Related Post Shortcode Safe to Use in 2026?
Use With Caution
Score 64/100Related Post Shortcode has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "related-post-shortcode" v1.2 plugin exhibits a concerning security posture, primarily due to a significant number of unprotected entry points. While it demonstrates good practices in SQL query handling with 100% prepared statements and avoids dangerous functions and file operations, these strengths are overshadowed by security oversights. The static analysis reveals 6 AJAX handlers without any authentication checks, creating a large attack surface vulnerable to unauthorized access and manipulation. Furthermore, only 43% of output is properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history is also a significant concern, with one unpatched medium-severity CVE related to XSS, last recorded in early 2025. This suggests a recurring issue with input sanitization or output escaping, which has not been adequately addressed in this version. The lack of nonce checks on AJAX handlers further exacerbates the risk of CSRF attacks. In conclusion, while the plugin has some positive security aspects, the numerous unprotected AJAX endpoints, insufficient output escaping, and a recent XSS vulnerability history present substantial risks that require immediate attention.
Key Concerns
- Unprotected AJAX handlers
- Insufficient output escaping
- Unpatched medium severity CVE
- Missing nonce checks on AJAX handlers
- Limited capability checks
Related Post Shortcode Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Related Post Shortcode <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Related Post Shortcode Code Analysis
Output Escaping
Related Post Shortcode Attack Surface
AJAX Handlers 6
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
Related Post Shortcode Maintenance & Trust
Maintenance Signals
Community Trust
Related Post Shortcode Alternatives
Lorem Ipsum by Webline
lorem-ipsum-by-webline
A Simple plugin to generate lorem ipsum dummy text using shortcode.
Content Blocks (Custom Post Widget)
custom-post-widget
This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.
Dynamic Month & Year into Posts
dynamic-month-year-into-posts
Automate SEO and content with dynamic shortcodes for dates, years, months, age calculations, seasons and countdowns in content, titles and meta.
Related Posts By PickPlugins
related-post
Display Related Post under post by taxonomy and terms.
Post Content Shortcodes
post-content-shortcodes
Adds shortcodes to display the content of a post or a list of posts.
Related Post Shortcode Developer Profile
3 plugins · 140 total installs
How We Detect Related Post Shortcode
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/related-post-shortcode/styles.css/wp-content/plugins/related-post-shortcode/related-post-shortcode.css/wp-content/plugins/related-post-shortcode/related-post-shortcode.js/wp-content/plugins/related-post-shortcode/related-post-shortcode.jsrelated-post-shortcode/related-post-shortcode.css?v=2HTML / DOM Fingerprints
rps-containerrps-thumbrps-descrps-container-titlerps-titlerps-excerptrelated_post_shortcode_buttonrelated_post_shortcode_add_buttonrelated_post_shortcode_register_buttonrelated_post_shortcode_options_pagerelated_post_shortcode_options_page_renderrelated_post_shortcode_register_options+5 more/wp-json/related-post-shortcode/v1/getPostsIds/wp-json/related-post-shortcode/v1/getPluginUrl/wp-json/related-post-shortcode/v1/getTransFields<div class="rps-container" ><a class="rps-thumb" href=""></a>