WP-Safety

Submit Content Security & Risk Analysis

wordpress.org/plugins/submit-content

Allows you to submit posts, and custom pots, from frontend.

10 active installs v1.1 PHP 5.2.4+ WP 4.9+ Updated Jun 23, 2023
frontend-postpublic-postsubmit-custom-postsubmit-postuser-post
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Submit Content Safe to Use in 2026?

Generally Safe

Score 85/100

Submit Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "submit-content" v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its SQL query handling, with a high percentage using prepared statements, and robust output escaping, indicating efforts to prevent common web vulnerabilities. The absence of known CVEs and bundled libraries further contributes to a relatively stable foundation.

However, significant concerns arise from the attack surface and taint analysis. The presence of four AJAX handlers without authentication checks creates a substantial entry point for unauthorized actions. The taint analysis reveals two flows with unsanitized paths, flagged as high severity, suggesting potential vulnerabilities that could be exploited by attackers. While the plugin has no recorded vulnerability history, this doesn't negate the risks identified in the static and taint analysis of the current version.

In conclusion, while "submit-content" v1.1 has strengths in its data handling and output sanitization, the critical issue of unprotected AJAX endpoints and unsanitized code paths poses a notable risk. Proactive patching of these identified vulnerabilities is strongly recommended to mitigate potential security breaches.

Key Concerns

  • AJAX handlers without auth checks
  • High severity unsanitized taint flows
Vulnerabilities
None known

Submit Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Submit Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
10 prepared
Unescaped Output
13
208 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

83% prepared12 total queries

Output Escaping

94% escaped221 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wpbtsc_generate_shortcode_callback (library\ajax.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Submit Content Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_sc_generate_shortcodesubmitcontent.php:88
authwp_ajax_sc_delete_shortcodesubmitcontent.php:89
authwp_ajax_wpbtsc_form_submissionsubmitcontent.php:90
noprivwp_ajax_wpbtsc_form_submissionsubmitcontent.php:91

Shortcodes 1

[submitcontent] submitcontent.php:94
WordPress Hooks 5
actioninitsubmitcontent.php:79
actionadmin_menusubmitcontent.php:82
actionadmin_initsubmitcontent.php:83
actionadmin_enqueue_scriptssubmitcontent.php:85
actionwp_enqueue_scriptssubmitcontent.php:86
Maintenance & Trust

Submit Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJun 23, 2023
PHP min version5.2.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Submit Content Alternatives

User Submitted Posts – Enable Users to Submit Posts from the Front End

User Submitted Posts – Enable Users to Submit Posts from the Front End

user-submitted-posts

B
76

Enable visitors to submit posts and images from the front-end of your site. Many features including anti-spam security, content restriction, and more.

10K 12 CVEs
Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress

Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress

easy-post-submission

B
76

Enable users to submit posts and manage profiles from the front-end. Ideal for news, magazines, and creative platforms.

2K 1 unpatched
Guest posting / Frontend Posting / Front Editor – WP Front User Submit

Guest posting / Frontend Posting / Front Editor – WP Front User Submit

front-editor

C
52

This plugin enables users to submit post content from Front End. Use our plugin to implement guest posting

100 2 unpatched
Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin

Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin

frontend-post-submission-manager-lite

A
95

Frontend Post Submission with or without Login, 5 PreDesigned Form Templates, Add Unlimited Custom Fields, Google Captcha Security, Post Notifications

2K 4 CVEs
UGC Creator

UGC Creator

ugc-creator

A
85

Plugin for User-Generated Content: Get frontend post with an array of formatting and styling options to create stunning, professional-grade posts.

10 No CVEs
Developer Profile

Submit Content Developer Profile

bharatthapa

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Submit Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/submit-content/admin_assets/css/admin-styles.css/wp-content/plugins/submit-content/admin_assets/js/admin-scripts.js/wp-content/plugins/submit-content/public_assets/css/public-styles.css/wp-content/plugins/submit-content/public_assets/js/public-scripts.js
Script Paths
/wp-content/plugins/submit-content/admin_assets/js/admin-scripts.js/wp-content/plugins/submit-content/public_assets/js/public-scripts.jshttps://www.google.com/recaptcha/api.js

HTML / DOM Fingerprints

Data Attributes
dashicons-admin-generic
JS Globals
scJSOBJ
REST Endpoints
/wp-json/submit-content/v1/process/wp-json/submit-content/v1/submit_post
Shortcode Output
[submitcontent]
FAQ

Frequently Asked Questions about Submit Content