Does Simple Post Preview & Review have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Post Preview & Review compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Post Preview & Review 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Post Preview & Review compatible with PHP 7.4+?

Simple Post Preview & Review requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Post Preview & Review updated?

Simple Post Preview & Review was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Simple Post Preview & Review's security score?

Simple Post Preview & Review has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Post Preview & Review Security & Risk Analysis

wordpress.org/plugins/simple-post-preview-review

Share secure preview links, collect client feedback and approvals, receive edits - all without WordPress login.

20 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Jan 20, 2026

approvalclientfeedbackpreviewreview

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Post Preview & Review Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Post Preview & Review has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'simple-post-preview-review' plugin v1.0.0 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the code demonstrates good practices in other areas, such as a high percentage of prepared SQL statements and properly escaped output, the lack of authentication checks on 12 AJAX entry points creates a substantial attack surface. This means any unauthenticated user could potentially trigger these AJAX actions, leading to unintended consequences or further exploitation if vulnerabilities exist within those handlers.

The static analysis also reveals that all 12 identified entry points are unprotected, which is a critical finding. Fortunately, the absence of critical or high severity taint flows and a clean vulnerability history suggest that there are no known exploitable flaws at this time. The plugin also appears to have a good handle on dangerous functions, file operations, and external HTTP requests. However, the large number of unprotected AJAX handlers remains the most significant risk, overshadowing the otherwise positive code signals.

Key Concerns

Large attack surface without auth
All AJAX handlers lack authentication checks

Vulnerabilities

None known

Simple Post Preview & Review Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Post Preview & Review Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

Simple Post Preview & Review Code Analysis

Dangerous Functions

Raw SQL Queries

40 prepared

Unescaped Output

140 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared49 total queries

Output Escaping

98% escaped143 total outputs

Attack Surface

12 unprotected

Simple Post Preview & Review Attack Surface

Entry Points12

Unprotected12

AJAX Handlers 12

authwp_ajax_SPPR_generate_tokenincludes\class-sppr-core.php:99

authwp_ajax_SPPR_revoke_tokenincludes\class-sppr-core.php:100

authwp_ajax_SPPR_get_version_diffincludes\class-sppr-core.php:101

authwp_ajax_SPPR_apply_versionincludes\class-sppr-core.php:102

authwp_ajax_SPPR_get_cleanup_countincludes\class-sppr-core.php:111

authwp_ajax_SPPR_perform_cleanupincludes\class-sppr-core.php:112

authwp_ajax_SPPR_get_cleanup_statsincludes\class-sppr-core.php:113

authwp_ajax_SPPR_revoke_link_dashboardincludes\class-sppr-core.php:114

noprivwp_ajax_SPPR_submit_feedbackincludes\class-sppr-core.php:137

authwp_ajax_SPPR_submit_feedbackincludes\class-sppr-core.php:138

noprivwp_ajax_SPPR_save_edited_versionincludes\class-sppr-core.php:142

authwp_ajax_SPPR_save_edited_versionincludes\class-sppr-core.php:143

WordPress Hooks 15

actionadd_meta_boxesincludes\class-sppr-core.php:95

actionadmin_enqueue_scriptsincludes\class-sppr-core.php:96

actionadmin_menuincludes\class-sppr-core.php:106

actionadmin_initincludes\class-sppr-core.php:107

actionadmin_enqueue_scriptsincludes\class-sppr-core.php:108

actionSPPR_daily_cleanupincludes\class-sppr-core.php:117

actiontransition_post_statusincludes\class-sppr-core.php:120

actionbefore_delete_postincludes\class-sppr-core.php:123

actiontemplate_redirectincludes\class-sppr-core.php:132

actionwp_enqueue_scriptsincludes\class-sppr-core.php:133

filterthe_contentincludes\public\class-sppr-preview.php:73

actionwp_headincludes\public\class-sppr-preview.php:74

actionwp_footerincludes\public\class-sppr-preview.php:76

filterposts_resultsincludes\public\class-sppr-preview.php:103

filterthe_postsincludes\public\class-sppr-preview.php:111

Scheduled Events 1

SPPR_daily_cleanup

Maintenance & Trust

Simple Post Preview & Review Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version7.4

Downloads157

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Simple Post Preview & Review Alternatives

SiteHandoff

sitehandoff

100

Client handoff tool for agencies: manage reviewer access, collect per-page feedback, and run a countdown page while the site is in progress.

0 No CVEs

Atarim – Visual Feedback, Review & AI Collaboration

atarim-visual-collaboration

Make collecting feedback on WordPress sites MUCH faster and easier, with the visual collaboration tool used on over 120,000 websites worldwide.

1K 20 CVEs

Testimonial Customer Feedback

testimonial-maker

100

Display client testimonials with customizable layouts, slider effects, and responsive design. Simple setup with shortcode support.

1K No CVEs

Visual Feedback

visual-feedback

Visual Feedback enables you to provide feedback on your WordPress site by simply clicking and commenting.

10 No CVEs

Smooth Testimonials

smooth-testimonials

Smooth Testimonial is a powerful and user-friendly WordPress plugin designed to showcase client testimonials with style and ease.

0 No CVEs

Developer Profile

Simple Post Preview & Review Developer Profile

pianoweb

4 plugins · 440 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Post Preview & Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-post-preview-review/admin/css/metabox.css/wp-content/plugins/simple-post-preview-review/admin/js/metabox.js/wp-content/plugins/simple-post-preview-review/public/css/preview.css/wp-content/plugins/simple-post-preview-review/public/js/preview.js

Script Paths

/wp-content/plugins/simple-post-preview-review/admin/js/metabox.js/wp-content/plugins/simple-post-preview-review/public/js/preview.js

Version Parameters

simple-post-preview-review/admin/css/metabox.css?ver=simple-post-preview-review/admin/js/metabox.js?ver=simple-post-preview-review/public/css/preview.css?ver=simple-post-preview-review/public/js/preview.js?ver=

HTML / DOM Fingerprints

CSS Classes

sppr-metabox-contentsppr-status-sectionsppr-statussppr-status-approvedsppr-status-changes_requestedsppr-status-pendingsppr-status-datesppr-link-section+21 more

HTML Comments

+88 more

Data Attributes

data-post-iddata-nonce

JS Globals

SPPR_MetaboxSPPR_FrontendSPPR_Admin

REST Endpoints

/wp-json/sppr/v1/feedback/wp-json/sppr/v1/edit/wp-json/sppr/v1/settings

FAQ