Does 404 Related Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in 404 Related Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 404 Related Posts compatible with WordPress 5.6.17?

According to WordPress.org data, 404 Related Posts 1.4 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is 404 Related Posts compatible with PHP 7.0+?

404 Related Posts requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 404 Related Posts updated?

404 Related Posts was last updated on Mar 7, 2021. Frequent updates are generally a positive security signal.

What is 404 Related Posts's security score?

404 Related Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

404 Related Posts Security & Risk Analysis

wordpress.org/plugins/related-posts-on-404-page

This plugin will display related posts in your 404 page template.

0 active installs v1.4 PHP 7.0+ WP 5.0+ Updated Mar 7, 2021

404postsrelated-contentrelated-linksrelated-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is 404 Related Posts Safe to Use in 2026?

Generally Safe

Score 85/100

404 Related Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The 'related-posts-on-404-page' plugin v1.4 exhibits a generally good security posture, with several positive indicators. The absence of any known CVEs and a clean vulnerability history suggest a well-maintained and secure codebase. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries and implementing nonce and capability checks on its entry points. Furthermore, the static analysis shows no unsanitized paths in its taint flows, which is a significant strength.

However, there are areas for concern that prevent a perfect score. The most notable issue is the relatively low percentage of properly escaped output (28%). This leaves a substantial portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is not handled correctly before being displayed. While the attack surface is limited to 4 AJAX handlers, and all appear to have authorization checks, the potential for XSS due to insufficient output sanitization is a risk that needs attention.

In conclusion, the plugin is built on a solid foundation with respect to SQL injection and authentication. The lack of critical vulnerabilities in its history and taint analysis is reassuring. The primary weakness lies in its output escaping practices. Addressing the low rate of proper output escaping should be a priority to mitigate potential XSS risks and further strengthen its security.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

404 Related Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

404 Related Posts Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

28% escaped18 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

_updateSettings (admin\AdminSettings.class.php:85)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

404 Related Posts Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_rpp_hide_noticeadmin\AdminAjaxActions.class.php:16

noprivwp_ajax_rpp_hide_noticeadmin\AdminAjaxActions.class.php:17

authwp_ajax_rpp_remind_notice_lateradmin\AdminAjaxActions.class.php:19

noprivwp_ajax_rpp_remind_notice_lateradmin\AdminAjaxActions.class.php:20

WordPress Hooks 3

actionadmin_noticesadmin\AdminNotice.class.php:34

actionadmin_menuadmin\AdminSettings.class.php:34

action404_related_postsincludes\RelatedPosts404.class.php:32

Maintenance & Trust

404 Related Posts Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedMar 7, 2021

PHP min version7.0

Downloads978

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

404 Related Posts Alternatives

Visualmodo Related Posts

visualmodo-related-posts

Visualmodo Related Posts for WordPress will help increase your visitors’ time on website and decrease your bounce rate.

100 No CVEs

Social Semantic Recommendation (SOSERE)

social-semantic-recommendation-sosere

100

Display a list of related entries on your site based on an unique, self-learning, socialsemantic network analysis algorithm.

20 No CVEs

Google related post links

google-related-post-links

Displays a list of related posts and searches by Google

10 No CVEs

Developer Profile

404 Related Posts Developer Profile

Ahmad Karim

3 plugins · 310 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect 404 Related Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/related-posts-on-404-page/css/rpp-style.css/wp-content/plugins/related-posts-on-404-page/js/rpp-script.js

Version Parameters

related-posts-on-404-page/css/rpp-style.css?ver=related-posts-on-404-page/js/rpp-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

rpp-related-posts

Data Attributes

data-rpp-iddata-rpp-post-iddata-rpp-parent-id

Shortcode Output

do_action('404_related_posts')

FAQ