Super Public Post Preview Security & Risk Analysis
wordpress.org/plugins/super-public-post-previewCreate and share link to anonymous users for preview any post before it is published.
Is Super Public Post Preview Safe to Use in 2026?
Generally Safe
Score 85/100Super Public Post Preview has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "super-public-post-preview" plugin v1.0.8 presents a generally good security posture, with no known vulnerabilities in its history and a limited attack surface. The plugin demonstrates good practice by utilizing prepared statements for all SQL queries and incorporating nonce checks. However, there are areas for improvement. The static analysis reveals that only 43% of output is properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed.
The taint analysis indicates two flows with unsanitized paths. While these did not escalate to critical or high severity in the static analysis, they warrant attention as they represent potential entry points for malicious data manipulation. The absence of capability checks on the single AJAX handler is a concern, as it means any authenticated user could potentially trigger this functionality, regardless of their role or permissions. The lack of past vulnerabilities is a positive indicator, suggesting diligent development, but it does not negate the risks identified in the current code analysis.
Key Concerns
- Insufficient output escaping
- Unsanitized paths in taint flows
- Missing capability checks on AJAX handler
Super Public Post Preview Security Vulnerabilities
Super Public Post Preview Code Analysis
Output Escaping
Data Flow Analysis
Super Public Post Preview Attack Surface
AJAX Handlers 1
WordPress Hooks 9
Maintenance & Trust
Super Public Post Preview Maintenance & Trust
Maintenance Signals
Community Trust
Super Public Post Preview Alternatives
Public Post Preview
public-post-preview
Allow anonymous users to preview a draft of a post before it is published.
Public Post Preview Configurator
public-post-preview-configurator
Enables you to configure the 'public post preview' plugin with a user interface.
Post Draft Preview
post-draft-preview
Allow non logged-in users to check a draft of unpublished post by using secret link
Simple Preview
simple-preview
Let anonymous users preview a post before it is published!
PPP Extension
ppp-extension
Extends the Public Post Preview plugin by allowing users to customize the expiration time dynamically through the WordPress admin panel.
Super Public Post Preview Developer Profile
8 plugins · 380 total installs
How We Detect Super Public Post Preview
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/super-public-post-preview/jquery-ui.css/wp-content/plugins/super-public-post-preview/jquery-ui.min.js/wp-content/plugins/super-public-post-preview/jquery-ui.min.jssuper-public-post-preview/style.css?ver=super-public-post-preview/jquery-ui.min.js?ver=HTML / DOM Fingerprints
trueactivefalseactivename="super_preview_checkbox"id="super_preview_checkbox"name="super_pp_link_text"id="super_set_post_to_publish"name="super_preview_checkbox"id="super_preview_checkbox"+9 morejQuerysuper_enable_preview_funcsuper_pp_noindex_nofollow/wp-json/super/v1/enable-preview