Does Secret Content have any unpatched vulnerabilities?

No. All known vulnerabilities in Secret Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Secret Content compatible with WordPress 3.3.2?

According to WordPress.org data, Secret Content 1.0 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Secret Content updated?

Secret Content was last updated on Mar 1, 2012. Frequent updates are generally a positive security signal.

What is Secret Content's security score?

Secret Content has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Secret Content Security & Risk Analysis

wordpress.org/plugins/secret-content

Easily mark any post or a page as "for logged in members only", hiding it from public view! (not for custom post types).

200 active installs v1.0 PHP + WP 2.8+ Updated Mar 1, 2012

hidden-postshide-contentmembers-onlyrestricted-content

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Secret Content Safe to Use in 2026?

Generally Safe

Score 85/100

Secret Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The plugin "secret-content" v1.0 exhibits a generally good security posture based on the provided static analysis. The attack surface is remarkably small with zero entry points, and no AJAX handlers, REST API routes, shortcodes, or cron events were detected. This significantly reduces the potential for external exploitation. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is a strong indicator of well-contained code. The plugin also demonstrates some security awareness with the presence of a nonce check and capability checks.

However, there are significant concerns within the code analysis. All six detected SQL queries are not using prepared statements, presenting a high risk of SQL injection vulnerabilities. Equally alarming, none of the single identified output is properly escaped, creating a substantial risk of Cross-Site Scripting (XSS) attacks. The lack of taint analysis results is unusual but, in the context of the other findings, doesn't mitigate the direct risks posed by unescaped output and raw SQL.

The vulnerability history for this plugin is clean, with no known CVEs. This, combined with the small attack surface, is a positive sign. However, the significant flaws found in the code analysis (raw SQL, unescaped output) are concerning, as these are fundamental security issues that could easily be exploited if an attacker can trigger them. The plugin's strengths lie in its minimal attack surface and lack of external interactions, but its weaknesses in database query sanitization and output escaping require immediate attention.

Key Concerns

SQL queries not using prepared statements
Output escaping is not properly implemented

Vulnerabilities

None known

Secret Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Secret Content Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared6 total queries

Output Escaping

0% escaped1 total outputs

Attack Surface

Secret Content Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadd_meta_boxessecret-content.php:41

actionsave_postsecret-content.php:84

filterpre_get_postssecret-content.php:114

filterwp_list_pages_excludessecret-content.php:132

filterwp_get_nav_menu_itemssecret-content.php:151

filterthe_postssecret-content.php:186

filterget_previous_post_wheresecret-content.php:212

filterget_next_post_wheresecret-content.php:213

Maintenance & Trust

Secret Content Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedMar 1, 2012

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

Secret Content Alternatives

Restrict for Elementor

restrict-for-elementor

Show or hide Elementor sections, columns and widgets with ease using many different criteria

1K 1 CVE

Kings Different Content for Members

kings-different-content-for-members

This will add allow you to show different texts only for logged in users, while normal texts for normal visitors.

10 No CVEs

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Simple Membership

simple-membership

Simple membership plugin adds membership functionality to your site. Protect members only content using content protection easily.

40K 24 CVEs

Developer Profile

Secret Content Developer Profile

maxemil

2 plugins · 240 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Secret Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

checkbox

Data Attributes

name="secret_new_field"id="secret_new_field"

FAQ