Sell from Blog Security & Risk Analysis
wordpress.org/plugins/sell-from-blogSell from Blog lets you sell your ebook or software package via premium SMS payments.
Is Sell from Blog Safe to Use in 2026?
Generally Safe
Score 85/100Sell from Blog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'sell-from-blog' plugin v0.99 exhibits a concerning security posture due to several critical vulnerabilities identified in the static analysis. The presence of two unprotected AJAX handlers, coupled with a high-severity unsanitized path taint flow, presents a significant attack surface for potential exploitation. This indicates a lack of proper input validation and authorization mechanisms for these entry points, which could lead to unauthorized actions or data manipulation. Furthermore, the complete absence of output escaping for all identified outputs is a severe oversight, potentially exposing users to cross-site scripting (XSS) attacks. The plugin's vulnerability history being clear of known CVEs is a positive sign, but it does not mitigate the immediate risks presented by the current code analysis. The strengths lie in the absence of dangerous functions and external HTTP requests, but these are overshadowed by the critical weaknesses in input handling and output sanitization.
Key Concerns
- Unprotected AJAX handlers
- High severity unsanitized path taint flow
- No output escaping
- Raw SQL queries without prepared statements
- Missing nonce checks on AJAX
- Missing capability checks
Sell from Blog Security Vulnerabilities
Sell from Blog Release Timeline
Sell from Blog Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Sell from Blog Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Sell from Blog Maintenance & Trust
Maintenance Signals
Community Trust
Sell from Blog Alternatives
Steady for WordPress
steady-wp
Steady is the perfect plugin for regular payments: offer subscriptions, pledges, use a flexible paywall or start a subscription crowdfunding campaign.
Kotobee Integration
kotobee
Control access to your Kotobee cloud ebooks and libraries using other plugins such as WooCommerce, WooCommerce Subscriptions, and Memberful.
Excalibur Paywall
excalibur-paywall
Excalibur is the best and most affordable content monetization software on the market. Easiest plugin to configure with the most features.
Pay Post By SMS
pay-post-by-sms
Pay Post By SMS is simple yet powerful way to charge your website visitors for an access to restricted content. Charge your visitors for an access to …
Guest Post Manager
wp-guest-post-manager
The Guest Post Manager is the only plugin of its kind that will allow you to track and manage all of your sponsored content and guest posts inside of …
Sell from Blog Developer Profile
3 plugins · 50 total installs
How We Detect Sell from Blog
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sell-from-blog/sell-from-blog.phpsell-from-blog/sell-from-blog.php?ver=HTML / DOM Fingerprints
sellfromblogsellfromblog_error TODO Copyright 2010 Paweł Pela (email : paulpela@gmail.com) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as +8 moreid="sellfromblog_email"id="sellfromblog_kod"id="sellfromblog_agree"onclick="sellfromblogForm(wpajax);"wpajax<table class="sellfromblog"><input type="text" id="sellfromblog_email"<input type="text" id="sellfromblog_kod"<input type="checkbox" id="sellfromblog_agree"