Does story|ftw have any unpatched vulnerabilities?

No. All known vulnerabilities in story|ftw have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is story|ftw compatible with WordPress 4.1.42?

According to WordPress.org data, story|ftw 0.1.4 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is story|ftw updated?

story|ftw was last updated on Feb 28, 2015. Frequent updates are generally a positive security signal.

What is story|ftw's security score?

story|ftw has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

story|ftw Security & Risk Analysis

wordpress.org/plugins/storyftw

story|ftw is a full screen, mobile first storytelling plugin. It can do text, images, gifs, video backgrounds plus a whole lot more.

20 active installs v0.1.4 PHP + WP 3.8.0+ Updated Feb 28, 2015

galleryimagesmobileshortcodevideo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is story|ftw Safe to Use in 2026?

Generally Safe

Score 85/100

story|ftw has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The security posture of the storyftw plugin version 0.1.4 presents a mixed bag of good practices and significant concerns. On the positive side, the plugin utilizes prepared statements for all its SQL queries, demonstrates a decent percentage of output escaping (68%), and has no recorded vulnerability history, which is a strong indicator of past security diligence. However, the static analysis reveals a critical weakness: one AJAX handler lacks any authentication checks. This creates a direct attack vector where any unauthenticated user could potentially trigger this handler. Furthermore, the taint analysis shows two flows with unsanitized paths, although thankfully, they are not categorized as critical or high severity. This suggests a potential for cross-site scripting (XSS) or other injection vulnerabilities, even if not immediately exploitable in a high-impact way. The plugin's limited attack surface is a mitigating factor, but the unprotected AJAX endpoint is a substantial risk that needs immediate attention. Overall, while the plugin has some robust security foundations, the presence of an unprotected entry point and unsanitized data flows necessitates caution.

Key Concerns

AJAX handler without auth checks
Taint flows with unsanitized paths
Output escaping is not fully comprehensive

Vulnerabilities

None known

story|ftw Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

story|ftw Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

73 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped107 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<cpt> (includes\cpt.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

story|ftw Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_storyftw_get_permalinkincludes\stories.php:15

WordPress Hooks 71

actionadmin_initincludes\admin.php:48

actionadmin_menuincludes\admin.php:49

filtercmb2_show_onincludes\cpts.php:67

filtercmb2_localized_dataincludes\cpts.php:69

actioninitincludes\cpt_core.php:71

filterpost_updated_messagesincludes\cpt_core.php:72

filterenter_title_hereincludes\cpt_core.php:79

actiontemplate_redirectincludes\frontend.php:49

actionstoryftw_headincludes\frontend.php:81

actionstoryftw_footerincludes\frontend.php:85

actionstoryftw_headincludes\frontend.php:90

actionstoryftw_headincludes\frontend.php:91

actionstoryftw_headincludes\frontend.php:92

actionstoryftw_headincludes\frontend.php:96

filterstyle_loader_tagincludes\frontend.php:99

filterscript_loader_srcincludes\frontend.php:100

actionwp_enqueue_scriptsincludes\frontend.php:103

actionstoryftw_before_story_pageincludes\frontend.php:104

actionstoryftw_tocincludes\frontend.php:105

actionstoryftw_topincludes\frontend.php:106

actionstoryftw_toc_itemincludes\frontend.php:107

actionstoryftw_page_footerincludes\frontend.php:108

actionstoryftw_nav_previncludes\frontend.php:109

actionstoryftw_nav_nextincludes\frontend.php:110

actionstoryftw_navbar_leftincludes\frontend.php:111

actionstoryftw_navbar_rightincludes\frontend.php:112

actionstoryftw_navbar_rightincludes\frontend.php:113

actionstoryftw_footer_titleincludes\frontend.php:114

actionstoryftw_after_loopincludes\frontend.php:115

actionadmin_bar_menuincludes\frontend.php:116

actionwp_after_admin_bar_renderincludes\frontend.php:117

actionstoryftw_inside_wrap_afterincludes\frontend.php:120

actionstoryftw_footerincludes\frontend.php:124

actionstoryftw_footerincludes\frontend.php:125

actionstoryftw_headincludes\frontend.php:129

filtercmb2_select_attributesincludes\iconselect.php:63

actionadmin_footerincludes\iconselect.php:64

filtercmb2_meta_boxesincludes\metaboxes.php:11

actionadd_meta_boxesincludes\page-cpt.php:89

actionadd_meta_boxesincludes\page-cpt.php:90

filtercmb2_meta_boxesincludes\page-cpt.php:102

filtercmb2_meta_boxesincludes\page-cpt.php:106

filterget_sample_permalink_htmlincludes\page-cpt.php:107

actioninitincludes\shortcodes.php:218

filterstoryftw_share_shortcode_fieldsincludes\shortcodes.php:219

actionstoryftw_footerincludes\shortcodes.php:295

filtercmb2_meta_boxesincludes\stories.php:13

actionsave_postincludes\stories.php:14

actionattribute_escapeincludes\stories.php:16

actionbefore_delete_postincludes\stories.php:17

actionadmin_enqueue_scriptsincludes\stories.php:24

actionadmin_enqueue_scriptsincludes\stories.php:25

actionedit_form_after_titleincludes\stories.php:29

actionedit_form_after_editorincludes\stories.php:30

actionadmin_footerincludes\stories.php:31

actionedit_form_after_editorincludes\stories.php:33

filterpost_row_actionsincludes\stories.php:39

filterpost_row_actionsincludes\stories.php:40

actionadmin_footerincludes\stories.php:392

filtercmb2_meta_boxesincludes\storypages.php:12

filtercmb2_select_attributesincludes\storypages.php:13

filterget_sample_permalink_htmlincludes\storypages.php:14

actionadmin_enqueue_scriptsincludes\storypages.php:18

actionedit_form_after_titleincludes\storypages.php:19

actionedit_form_topincludes\storypages.php:20

actionadd_meta_boxesincludes\storypages.php:21

actionadmin_initincludes\storypages.php:23

actionedit_form_topincludes\storypages.php:27

actionadmin_enqueue_scriptsincludes\storypages.php:31

actioninitstoryftw.php:99

actionadmin_initstoryftw.php:100

Maintenance & Trust

story|ftw Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedFeb 28, 2015

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings6

Active installs20

Alternatives

story|ftw Alternatives

Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

gallery-slider-for-woocommerce

100

🔥 All-in-One WooCommerce Product Image and Video Gallery Solution to Enhance Your Customers' Shopping Experience and Boost Sales Instantly! 🚀

20K No CVEs

ACF Galerie 4

acf-galerie-4

100

Enhance your WordPress website with ACF Galerie 4, a powerful and customizable gallery plugin.

1K No CVEs

Gallery for Users

gallery-for-users

100

Allow your users to display their images and videos with this flexible user gallery plugin.

20 No CVEs

downloadable gallery

downloadable-gallery

A shortcode which shows an gallery of downloadeble images

10 No CVEs

Fegallery – Featured Gallery

fegallery

A simple WordPress image gallery with lightbox.

10 No CVEs

Developer Profile

story|ftw Developer Profile

Justin Sternberg

8 plugins · 301K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect story|ftw

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/storyftw/assets/css/storyftw-basic.css/wp-content/plugins/storyftw/assets/js/storyftw.js/wp-content/plugins/storyftw/assets/js/vendor-combined.js

Script Paths

/wp-content/plugins/storyftw/assets/js/storyftw.js/wp-content/plugins/storyftw/assets/js/vendor-combined.js

Version Parameters

storyftw/assets/css/storyftw-basic.css?ver=storyftw/assets/js/storyftw.js?ver=storyftw/assets/js/vendor-combined.js?ver=

HTML / DOM Fingerprints

CSS Classes

storyftw-bodystoryftw-pagestoryftw-navbarstoryftw-title

HTML Comments

+15 more

Data Attributes

data-storyftw-id

JS Globals

StoryFTW_Frontend

FAQ