Set Aside Security & Risk Analysis
wordpress.org/plugins/set-asideChange the post format on all posts in one category. Useful when you switch from styling "Asides" based on category to the new post formats.
Is Set Aside Safe to Use in 2026?
Generally Safe
Score 85/100Set Aside has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "set-aside" v0.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface, with no unprotected entry points detected. The code analysis further reveals a clean bill of health regarding dangerous functions, SQL queries (all using prepared statements), file operations, and external HTTP requests. The presence of nonce checks, even with zero capability checks, indicates some awareness of security best practices for potential interaction points. The taint analysis also shows no critical or high-severity flows with unsanitized paths, suggesting that data handling is likely robust.
However, the plugin's security is not without potential concerns. While the overall output escaping is good at 82%, the remaining 18% represents a potential area for cross-site scripting (XSS) vulnerabilities if those unescaped outputs are user-controllable. The complete lack of capability checks across all analyzed code, coupled with the absence of explicit permission callbacks for REST API routes (though there are none), could become a risk if any interaction points are ever added without proper authorization checks. The vulnerability history being completely empty is positive, but it's important to note that this could simply mean the plugin hasn't been widely scrutinized or targeted, rather than definitively indicating perfect security.
In conclusion, "set-aside" v0.2 appears to be a secure plugin, particularly due to its minimal attack surface and diligent use of prepared statements. The primary weaknesses lie in the potential for XSS through unescaped output and the broader concern of absent capability checks for future development. The lack of historical vulnerabilities is a strength, but should be viewed with the understanding that it may not guarantee future invulnerability. A slightly higher score on output escaping and the addition of capability checks would further solidify its security.
Key Concerns
- Unescaped output detected (18%)
- No capability checks found
Set Aside Security Vulnerabilities
Set Aside Code Analysis
Output Escaping
Data Flow Analysis
Set Aside Attack Surface
WordPress Hooks 1
Maintenance & Trust
Set Aside Maintenance & Trust
Maintenance Signals
Community Trust
Set Aside Alternatives
Bulk Convert Post Format
bulk-convert-post-format
Bulk convert posts in a category to a selected post format.
IFTTT Post Formats & Post Types
ifttt-post-formats
Set a post format or post type for your IFTTT-created posts via a post format or post type category.
ytSubscribe – Youtube Subscribe Button
ytsubscribe
Automatically Add Youtube Subscribe Button Below each Video WordPress Plugin
Better Formats
better-formats
Improves the UI for WordPress's built-in post formats.
Easy News Ticker
easy-news-ticker
Easy news ticker is a tiny news ticker plugin that scroll the list infinitely vertically.
Set Aside Developer Profile
5 plugins · 2K total installs
How We Detect Set Aside
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
wrapicon32id="message"class="updated fade"id="icon-tools"class="icon32"id="cat"id="post_format"+1 moreSet AsideChange Post Format