WP-Safety

Simple Post Expiration Security & Risk Analysis

wordpress.org/plugins/simple-post-expiration

A simple plugin that allows you to set an expiration date on posts. Once a post is expired, "Expired" will be prefixed to the post title.

500 active installs v1.0.1 PHP + WP 3.6+ Updated Oct 10, 2016
expirationexpireposts
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 1, 2025
Download
Safety Verdict

Is Simple Post Expiration Safe to Use in 2026?

Use With Caution

Score 64/100

Simple Post Expiration has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 9yr ago
Risk Assessment

The 'simple-post-expiration' plugin exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, external HTTP requests, and file operations is a positive sign. Furthermore, all SQL queries are properly prepared, and the presence of nonce and capability checks indicates an awareness of common WordPress security practices. The majority of output escaping is handled correctly.

However, the plugin has a documented history of a medium-severity Cross-Site Scripting (XSS) vulnerability, with one currently unpatched CVE. This past vulnerability, even if rated medium, combined with the fact that it remains unpatched, is a significant concern and suggests a potential for recurring security issues. While the current static analysis did not reveal any obvious taint flows or unsanitized paths, the historical vulnerability indicates that the plugin's input sanitization might not always be robust enough to prevent XSS attacks.

In conclusion, while the code itself shows several strengths in its current version, the presence of an unpatched medium-severity XSS vulnerability from the past introduces a notable risk. Users should be cautious and prioritize updating to a version that addresses this known security flaw. The single shortcode presents a minimal attack surface, but the historical vulnerability warrants careful consideration.

Key Concerns

  • Unpatched medium-severity CVE
  • Vulnerability history of XSS
Vulnerabilities
1

Simple Post Expiration Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31734medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Post Expiration <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Simple Post Expiration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
28 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

82% escaped34 total outputs
Attack Surface

Simple Post Expiration Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[expires] includes\shortcodes.php:51
WordPress Hooks 9
actionpost_submitbox_misc_actionsincludes\metabox.php:54
actionsave_postincludes\metabox.php:94
actionload-post-new.phpincludes\metabox.php:109
actionload-post.phpincludes\metabox.php:110
actionadmin_initincludes\settings.php:25
actionwidgets_initincludes\widgets.php:22
filterthe_titleincludes\widgets.php:87
actioninitsimple-post-expiration.php:51
filterthe_titlesimple-post-expiration.php:103
Maintenance & Trust

Simple Post Expiration Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedOct 10, 2016
PHP min version
Downloads16K

Community Trust

Rating92/100
Number of ratings7
Active installs500
Alternatives

Simple Post Expiration Alternatives

WP Post Expires

WP Post Expires

wp-post-expires

A
85

Plugin adds post expires time after which will be performed actions: add prefix to title, move to drafts or trash.

2K No CVEs
Expire Sticky Posts

Expire Sticky Posts

expire-sticky-posts

A
85

A simple plugin that allows you to set an expiration date on posts. Once a post is expired, it will no longer be sticky.

1K No CVEs
Auto Post Expiry Manager

Auto Post Expiry Manager

auto-post-expiry-manager

A
100

Automatically expire posts and custom post types at a specific date and time. Works with all public post types and uses a lightweight cron scheduler.

80 No CVEs
Far Future Expiry Header

Far Future Expiry Header

far-future-expiry-header

A
100

This plugin will add a far future expiry header for various file types to improve page load speed of your site

7K 1 CVE
Expiring Posts

Expiring Posts

expiring-posts

A
85

This plugin adds functionality to expire a post on a given date.

1K No CVEs
Developer Profile

Simple Post Expiration Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect Simple Post Expiration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-post-expiration/assets/css/jquery-ui-fresh.min.css
Script Paths
/wp-content/plugins/simple-post-expiration/assets/js/edit.js
Version Parameters
simple-post-expiration/assets/css/jquery-ui-fresh.min.css?ver=simple-post-expiration/assets/js/edit.js?ver=

HTML / DOM Fingerprints

CSS Classes
pw-spe-expiration-wrappw-spe-expiration-labelpw-spe-edit-expirationpw-spe-expiration-fieldpw-spe-post-expiration
HTML Comments
<!-- Edit date and time -->
Data Attributes
id="pw-spe-expiration-wrap"id="pw-spe-expiration-label"id="pw-spe-edit-expiration"id="pw-spe-expiration-field"name="pw-spe-expiration"id="pw-spe-expiration"+5 more
JS Globals
pw_spe_expiration
Shortcode Output
<div id="pw-spe-post-expiration-class="pw-spe-post-expiration"
FAQ

Frequently Asked Questions about Simple Post Expiration