Does Static Page Publisher have any unpatched vulnerabilities?

No. All known vulnerabilities in Static Page Publisher have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Static Page Publisher compatible with WordPress 6.8.5?

According to WordPress.org data, Static Page Publisher 1.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Static Page Publisher compatible with PHP 7.4+?

Static Page Publisher requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Static Page Publisher updated?

Static Page Publisher was last updated on Sep 11, 2025. Frequent updates are generally a positive security signal.

What is Static Page Publisher's security score?

Static Page Publisher has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Static Page Publisher Security & Risk Analysis

wordpress.org/plugins/static-page-publisher

Deploy static landing pages via REST API and dynamically serve them on your front page.

0 active installs v1.1.0 PHP 7.4+ WP 6.0+ Updated Sep 11, 2025

automationdeploymentlanding-pagesrest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Static Page Publisher Safe to Use in 2026?

Generally Safe

Score 100/100

Static Page Publisher has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The static-page-publisher plugin version 1.1.0 presents a generally good security posture, with no known vulnerabilities or CVEs recorded. The code analysis reveals a small attack surface consisting of two REST API routes, both of which correctly implement permission callbacks. There are no identified dangerous functions, and SQL queries are exclusively handled using prepared statements, which is excellent practice. The presence of a nonce check and a relatively high percentage of properly escaped output further contribute to its security. However, a slight concern is the absence of capability checks on the identified entry points (REST API routes). While permission callbacks are present, a direct capability check would offer an additional layer of defense. The lack of taint analysis results might indicate a limited scope of analysis or a very small code base, but without any reported flows, it's hard to draw strong conclusions about potential data manipulation vulnerabilities. Overall, this plugin appears to be built with security in mind, but a minor enhancement regarding capability checks could further strengthen its defenses.

Key Concerns

REST API routes lack explicit capability checks

Vulnerabilities

None known

Static Page Publisher Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Static Page Publisher Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped9 total outputs

Attack Surface

Static Page Publisher Attack Surface

Entry Points2

Unprotected0

REST API Routes 2

GET/wp-json/static-page-publisher/v1/verify-tokenstatic-page-publisher.php:72

POST/wp-json/static-page-publisher/v1/update-landingstatic-page-publisher.php:78

WordPress Hooks 3

actionadmin_menustatic-page-publisher.php:21

actionrest_api_initstatic-page-publisher.php:22

actiontemplate_redirectstatic-page-publisher.php:23

Maintenance & Trust

Static Page Publisher Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 11, 2025

PHP min version7.4

Downloads203

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Static Page Publisher Alternatives

Deploy with NetlifyPress

deploy-netlifypress

Seamlessly trigger deploys in Netlify from WordPress.

300 No CVEs

WPRaiz Content API Tool

wpraiz-content-api-tool

100

REST API + MCP Server for WordPress. Create, update, and manage posts programmatically. AI content generation with your own API keys (BYOK).

60 No CVEs

Synapse – Data Bridge for Automation

synapse

100

The data bridge for WordPress. A powerful REST API to monitor sites and automate workflows with n8n, Zapier, Make, and your own scripts.

20 No CVEs

JournalAi

journalai

JournalAi provides a custom REST API for WordPress, enabling advanced functionality for blog automation and AI integration.

10 No CVEs

AYR SEO Bridge

ayr-seo-bridge

100

Connect WordPress with automation platforms to automatically update SEO metadata in Yoast SEO, Rank Math, AIOSEO, and SEOPress.

0 No CVEs

Developer Profile

Static Page Publisher Developer Profile

heartcoredev

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Static Page Publisher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/static-page-publisher/static-page-publisher.php

HTML / DOM Fingerprints

HTML Comments

✅ Validate files with wp_check_filetype()

Data Attributes

name="spp_generate_token_action"name="spp_generate_token_nonce"readonlyvalue

REST Endpoints

/static-page-publisher/v1/verify-token/static-page-publisher/v1/update-landing

FAQ