WP-Safety

Scheduled Posts Showcase Security & Risk Analysis

wordpress.org/plugins/scheduled-posts-showcase

Display your scheduled and future posts on the frontend without generating 404 links. Show visitors what's coming next.

10 active installs v1.0.1 PHP 7.4+ WP 5.8+ Updated Mar 27, 2026
content-scheduleeditorial-calendarfuture-postsscheduled-postsupcoming-posts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Scheduled Posts Showcase Safe to Use in 2026?

Generally Safe

Score 100/100

Scheduled Posts Showcase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "scheduled-posts-showcase" plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, combined with the fact that all SQL queries utilize prepared statements and a high percentage of output is properly escaped, indicates good development practices. Furthermore, the limited attack surface, consisting of only one shortcode and no AJAX handlers or REST API routes, reduces the potential for external manipulation. The plugin also demonstrates an awareness of security by including capability checks, although nonce checks are notably absent.

However, the lack of nonce checks on the sole shortcode represents a potential concern. While the attack surface is small, a shortcode can still be a vector for certain types of attacks if not properly secured against unintended execution. The taint analysis showing zero flows is a positive indicator, suggesting no obvious paths for unsanitized data to reach sensitive functions, but the fact that zero flows were analyzed limits the confidence in this finding. The overall absence of vulnerabilities in its history is encouraging, suggesting a well-maintained and secure plugin up to this version, but continued vigilance is always recommended.

Key Concerns

  • Missing nonce checks on shortcode
  • Zero taint flows analyzed
Vulnerabilities
None known

Scheduled Posts Showcase Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Scheduled Posts Showcase Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Scheduled Posts Showcase Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
5
294 escaped
Nonce Checks
0
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

98% escaped299 total outputs
Attack Surface

Scheduled Posts Showcase Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[scheduled-posts-showcase] includes\class-spscase-shortcode.php:28
WordPress Hooks 12
actionenqueue_block_editor_assetsincludes\class-spscase-block.php:37
filterpre_render_blockincludes\class-spscase-block.php:40
actiontransition_post_statusincludes\class-spscase-cache.php:43
actionrest_api_initincludes\class-spscase-rest-api.php:35
actionplugins_loadedscheduled-posts-showcase.php:118
actioninitscheduled-posts-showcase.php:138
actionwidgets_initscheduled-posts-showcase.php:148
actionadmin_menuscheduled-posts-showcase.php:165
actionadmin_initscheduled-posts-showcase.php:183
actionadmin_noticesscheduled-posts-showcase.php:239
actionwp_enqueue_scriptsscheduled-posts-showcase.php:275
actionadmin_enqueue_scriptsscheduled-posts-showcase.php:333
Maintenance & Trust

Scheduled Posts Showcase Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 27, 2026
PHP min version7.4
Downloads342

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Scheduled Posts Showcase Alternatives

Linked Future Posts Widget

Linked Future Posts Widget

linked-future-posts-widget

A
85

A widget that displays a list of scheduled posts with links to the posts.

10 No CVEs
WP Missed Schedule Posts

WP Missed Schedule Posts

wp-missed-schedule-posts

A
85

Auto publish future/scheduled posts missed by WordPress cron

10K No CVEs
Scheduled Post Guardian

Scheduled Post Guardian

scheduled-post-guardian

A
85

Watches over scheduled posts, and makes sure they don't miss their scheduled time

70 No CVEs
MWW Scheduled Post Trigger

MWW Scheduled Post Trigger

scheduled-post-trigger

A
100

Publishes missed scheduled posts when WordPress Cron fails. Ideal for small to medium sites.

70K No CVEs
Missed Scheduled Posts Publisher by WPBeginner

Missed Scheduled Posts Publisher by WPBeginner

missed-scheduled-posts-publisher

A
100

Are your scheduled posts missing their publication times? Missed Scheduled Posts Publisher effectively resolves the 'missed scheduled post' …

60K No CVEs
Developer Profile

Scheduled Posts Showcase Developer Profile

Fernando Tellado

21 plugins · 25K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Scheduled Posts Showcase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scheduled-posts-showcase/assets/css/frontend.css/wp-content/plugins/scheduled-posts-showcase/assets/css/admin.css
Version Parameters
scheduled-posts-showcase/assets/css/frontend.css?ver=scheduled-posts-showcase/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
spscase-upcoming-posts-listspscase-post-itemspscase-post-imagespscase-post-titlespscase-post-datespscase-post-excerptspscase-post-categories
Data Attributes
data-countdata-post-typedata-orderdata-show-imagedata-image-sizedata-show-date+12 more
JS Globals
SPSCASE_Admin
REST Endpoints
/wp-json/spscase/v1/posts
Shortcode Output
[scheduled-posts-showcase]
FAQ

Frequently Asked Questions about Scheduled Posts Showcase