Does Simple Preview have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Preview have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Preview compatible with WordPress 4.9.29?

According to WordPress.org data, Simple Preview 0.1.9 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Simple Preview updated?

Simple Preview was last updated on Aug 3, 2018. Frequent updates are generally a positive security signal.

What is Simple Preview's security score?

Simple Preview has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Preview Security & Risk Analysis

wordpress.org/plugins/simple-preview

Let anonymous users preview a post before it is published!

200 active installs v0.1.9 PHP + WP 2.7+ Updated Aug 3, 2018

anonymousdraftpostpublicsimple-preview

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Preview Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Preview has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The 'simple-preview' plugin exhibits a generally good security posture based on the provided static analysis. The complete absence of identified attack vectors like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength. Furthermore, the code's diligent use of prepared statements for SQL queries and the presence of a capability check are positive indicators of secure coding practices. The lack of known vulnerabilities in its history further reinforces this perception of a well-maintained and secure plugin.

However, the static analysis does reveal a critical weakness: zero percent of output is properly escaped. With two total outputs identified, this means both are potentially vulnerable to cross-site scripting (XSS) attacks. This is a significant concern that could allow attackers to inject malicious scripts into a user's browser, leading to session hijacking, credential theft, or defacement.

While the plugin's attack surface is effectively zero and its vulnerability history is clean, the unescaped output represents a tangible and serious risk. Users should be aware that any information displayed by this plugin is not being adequately protected against injection. In conclusion, the plugin is strong in its minimal attack surface and historical security but significantly weakened by its handling of output rendering.

Key Concerns

0% of outputs properly escaped

Vulnerabilities

None known

Simple Preview Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Preview Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

Simple Preview Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actioninitsimple-preview.php:57

actionadmin_menusimple-preview.php:60

actionsave_postsimple-preview.php:61

actionpost_submitbox_misc_actionssimple-preview.php:73

actionpre_get_postssimple-preview.php:136

filterposts_resultssimple-preview.php:139

Maintenance & Trust

Simple Preview Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 3, 2018

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

Simple Preview Alternatives

Public Post Preview

public-post-preview

100

Allow anonymous users to preview a draft of a post before it is published.

100K No CVEs

Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress

easy-post-submission

Enable users to submit posts and manage profiles from the front-end. Ideal for news, magazines, and creative platforms.

2K 1 unpatched

Post Draft Preview

post-draft-preview

Allow non logged-in users to check a draft of unpublished post by using secret link

700 No CVEs

Public Post Preview Configurator

public-post-preview-configurator

Enables you to configure the 'public post preview' plugin with a user interface.

10K No CVEs

User Submitted Posts – Enable Users to Submit Posts from the Front End

user-submitted-posts

Enable visitors to submit posts and images from the front-end of your site. Many features including anti-spam security, content restriction, and more.

10K 12 CVEs

Developer Profile

Simple Preview Developer Profile

Nagmay

5 plugins · 250 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Preview

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-preview/simple-preview.php

HTML / DOM Fingerprints

CSS Classes

simple-preview

HTML Comments

Data Attributes

name="public_preview_status"id="public_preview_status"value="on"

FAQ