Does SV Posts have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SV Posts compatible with WordPress 6.2.9?

According to WordPress.org data, SV Posts 2.0.00 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is SV Posts compatible with PHP 8.0+?

SV Posts requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SV Posts updated?

SV Posts was last updated on May 24, 2023. Frequent updates are generally a positive security signal.

What is SV Posts's security score?

SV Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SV Posts Security & Risk Analysis

wordpress.org/plugins/sv-posts

SV Posts is an advanced block to show Posts with custom order, filters and styles.

10 active installs v2.0.00 PHP 8.0+ WP 6.0+ Updated May 24, 2023

gridlatest-postslistmasonrypost-gallery

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SV Posts Safe to Use in 2026?

Generally Safe

Score 85/100

SV Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "sv-posts" v2.0.00 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating a significant number of nonce and capability checks across its entry points. The absence of known vulnerabilities and outdated bundled libraries is also a strong indicator of a well-maintained plugin.

However, several areas raise concerns. The presence of one AJAX handler without authentication checks creates a significant attack vector. Furthermore, the taint analysis reveals one flow with unsanitized paths, which, while not critical or high severity in this specific analysis, points to a potential for the plugin to mishandle user-supplied data. The output escaping, at only 28% proper escaping, is a substantial weakness, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is reflected in the output without adequate sanitization.

While the plugin has no historical vulnerabilities, the current code analysis highlights areas that require immediate attention. The lack of authentication on an AJAX endpoint and the poor output escaping are the most pressing issues. Addressing these would significantly improve the plugin's security.

Key Concerns

AJAX handler without auth checks
Unsanitized paths in taint analysis
Low percentage of properly escaped output

Vulnerabilities

None known

SV Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SV Posts Release Timeline

v2.0.00Current

v1.9.00

v1.8.04

v1.8.03

v1.8.01

v1.5.15

v1.5.14

v1.5.11

v1.5.10

v1.5.00

v1.4.29

v1.4.23

v1.4.22

v1.4.21

v1.4.20

Code Analysis

Analyzed Apr 16, 2026

SV Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

356

138 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

28% escaped494 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

load_block_assets (src/block/index.php:83)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

SV Posts Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 6

authwp_ajax_infinite_load_postssrc/block/index.php:16

noprivwp_ajax_infinite_load_postssrc/block/index.php:17

authwp_ajax_sv_core_gutenberg_save_post_update_metaboxessrc/core_plugin/core/core.php:58

authwp_ajax_sv_core_expert_modesrc/core_plugin/core/core.php:446

authwp_ajax_sv_ajax_get_sectionsrc/core_plugin/core/core.php:448

authwp_ajax_sv_ajax_settings_save_formsrc/core_plugin/core/core.php:450

WordPress Hooks 45

filterrest_post_querysrc/block/index.php:12

filterrest_page_querysrc/block/index.php:13

filterrest_post_collection_paramssrc/block/index.php:14

filterrest_page_collection_paramssrc/block/index.php:15

filterexcerpt_lengthsrc/block/index.php:796

filterexcerpt_lengthsrc/block/index.php:803

actionadmin_noticessrc/core_plugin/core/abstract.php:105

actionplugins_loadedsrc/core_plugin/core/abstract.php:335

actionadmin_initsrc/core_plugin/core/core.php:109

actionwp_footersrc/core_plugin/core/core.php:363

actionplugins_loadedsrc/core_plugin/core/core.php:431

actioninitsrc/core_plugin/core/core.php:453

actioninitsrc/core_plugin/core/core.php:500

actionload-post.phpsrc/core_plugin/core/metabox/metabox.php:56

actionload-post-new.phpsrc/core_plugin/core/metabox/metabox.php:57

actionadd_meta_boxessrc/core_plugin/core/metabox/metabox.php:66

actionsave_postsrc/core_plugin/core/metabox/metabox.php:67

actionenqueue_block_editor_assetssrc/core_plugin/core/scripts/scripts.php:57

actionadmin_initsrc/core_plugin/core/scripts/scripts.php:61

actionadmin_enqueue_scriptssrc/core_plugin/core/scripts/scripts.php:62

actionadmin_enqueue_scriptssrc/core_plugin/core/scripts/scripts.php:63

actionwp_enqueue_scriptsrc/core_plugin/core/scripts/scripts.php:65

actionwp_enqueue_scriptssrc/core_plugin/core/scripts/scripts.php:66

actionwp_enqueue_scriptssrc/core_plugin/core/scripts/scripts.php:67

actiontemplate_redirectsrc/core_plugin/core/scripts/scripts.php:69

actiontemplate_redirectsrc/core_plugin/core/scripts/scripts.php:70

actionwp_footersrc/core_plugin/core/scripts/scripts.php:71

actionwp_footersrc/core_plugin/core/scripts/scripts.php:72

filterscript_loader_tagsrc/core_plugin/core/scripts/scripts.php:74

actionadmin_bar_menusrc/core_plugin/core/scripts/scripts.php:105

actionupdated_optionsrc/core_plugin/core/scripts/scripts.php:214

actionwp_footersrc/core_plugin/core/scripts/scripts.php:309

actionwp_print_footer_scriptssrc/core_plugin/core/scripts/scripts.php:341

actionwp_footersrc/core_plugin/core/scripts/scripts.php:610

actionadmin_footersrc/core_plugin/core/scripts/scripts.php:932

actionafter_setup_themesrc/core_plugin/core/settings/modules/setting_box_shadow/setting_box_shadow.php:11

actionafter_setup_themesrc/core_plugin/core/settings/modules/setting_color/setting_color.php:15

actionsv_core_module_scripts_loadedsrc/core_plugin/core/settings/modules/setting_color/setting_color.php:128

actionwidgets_initsrc/core_plugin/core/widgets/widgets.php:91

actionadmin_menusrc/core_plugin/core_plugin.php:13

actionadmin_menusrc/core_plugin/core_plugin.php:14

actionadmin_noticessrc/core_plugin/dependencies/sv_dependencies.php:32

actionadmin_noticessrc/core_plugin/dependencies/sv_dependencies.php:44

actionafter_switch_themesrc/core_plugin/dependencies/sv_dependencies.php:54

actioninitsrc/core_plugin/dependencies/sv_dependencies.php:61

Maintenance & Trust

SV Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMay 24, 2023

PHP min version8.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

SV Posts Alternatives

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 24 CVEs

Post Grid

post-grid

Post Grid is a powerful WordPress plugin for creating customizable post grid layouts with advanced query options, allowing users to display posts dyna …

30K 2 unpatched

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts

post-carousel

Display posts, pages, and taxonomies in beautiful carousel, slider, and grid layouts with advanced filtering. Customizable, Developer-friendly.

20K 5 CVEs

Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

advanced-post-block

100

Advanced Post Block lets you add dynamic post grids, lists, sliders, and tickers. Filter content by category, tag, author, or custom post type.

10K 1 CVE

WooCommerce Grid / List toggle

woocommerce-grid-list-toggle

Adds a grid/list view toggle to product archives

10K No CVEs

Developer Profile

SV Posts Developer Profile

straightvisions GmbH

12 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SV Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sv-posts/assets/css/dist/style.css/wp-content/plugins/sv-posts/assets/js/dist/editor.js/wp-content/plugins/sv-posts/assets/js/dist/frontend.js

Script Paths

/wp-content/plugins/sv-posts/assets/js/dist/editor.js/wp-content/plugins/sv-posts/assets/js/dist/frontend.js

Version Parameters

sv-posts/style.css?ver=sv-posts/editor.js?ver=sv-posts/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

sv-postssv-posts-wrappersv-posts-postssv-posts-postsv-posts-titlesv-posts-excerptsv-posts-metasv-posts-thumbnail+12 more

HTML Comments

+14 more

Data Attributes

data-sv-postsdata-sv-posts-iddata-sv-posts-wrapperdata-sv-posts-postdata-sv-posts-titledata-sv-posts-excerpt+14 more

JS Globals

sv_posts_editor_settingssv_posts_frontend_settings

FAQ