Does SwiftPost have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SwiftPost compatible with WordPress 4.6.30?

According to WordPress.org data, SwiftPost 0.5.5 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is SwiftPost updated?

SwiftPost was last updated on Dec 1, 2016. Frequent updates are generally a positive security signal.

What is SwiftPost's security score?

SwiftPost has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SwiftPost Security & Risk Analysis

wordpress.org/plugins/swiftpost

Swift Post lets website administrators easily turn standard posts into powerful sponsored and branded advertising.

10 active installs v0.5.5 PHP + WP 4.0+ Updated Dec 1, 2016

advertisingfrequency-cappinggeo-targetingnative-advertisingsponsored-content

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SwiftPost Safe to Use in 2026?

Generally Safe

Score 85/100

SwiftPost has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

Swiftpost v0.5.5 presents a mixed security posture. While the plugin boasts a clean vulnerability history with no recorded CVEs and a good percentage of SQL queries using prepared statements, the static analysis reveals some areas of concern. The presence of the `unserialize` function, especially without explicit context on its usage and sanitization, is a significant red flag. Coupled with a concerning rate of unsanitized taint flows (3 out of 8 analyzed), this suggests potential for remote code execution or data manipulation vulnerabilities if untrusted input is passed to these functions.

Furthermore, the static analysis indicates that only 18% of outputs are properly escaped. This poses a risk of Cross-Site Scripting (XSS) vulnerabilities, where attackers could inject malicious scripts into the website through plugin-generated output. The limited number of entry points and the fact that they are protected by nonce and capability checks are positive aspects, but the identified weaknesses in data handling and output sanitization outweigh these strengths. The lack of historical vulnerabilities might indicate that the plugin has not been extensively targeted or that prior versions have been robust, but the current static analysis warrants caution.

Key Concerns

Dangerous function: unserialize used
High severity unsanitized taint flows
Low percentage of properly escaped outputs

Vulnerabilities

None known

SwiftPost Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SwiftPost Release Timeline

v0.5.4

v0.5.3

v0.5.2

Code Analysis

Analyzed Apr 16, 2026

SwiftPost Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

105

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$geo = ( empty($default[0]->geo) ? "" : unserialize($default[0]->geo));admin/swiftpost_admin_functions.php:220

SQL Query Safety

84% prepared19 total queries

Output Escaping

18% escaped128 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

swiftpost_abtest_add (admin/swiftpost_admin_functions.php:899)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SwiftPost Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[swiftpost] swiftpost.php:158

[swiftpost] swiftpost.php:161

WordPress Hooks 18

actionadd_meta_boxesadmin/swiftpost_admin_functions.php:180

actionwpfn_notificationsadmin/wpfn-notifications.php:204

actionswiftpost_tasks_dailyswiftpost.php:57

actioninitswiftpost.php:144

actionwp_footerswiftpost.php:149

actionwp_enqueue_scriptsswiftpost.php:150

actionloop_startswiftpost.php:151

actionloop_startswiftpost.php:157

actionsave_postswiftpost.php:177

actiontransition_post_statusswiftpost.php:178

actionadmin_menuswiftpost.php:179

actionadmin_enqueue_scriptsswiftpost.php:180

actionwp_logoutswiftpost.php:181

actionwp_loginswiftpost.php:182

actionadmin_noticesswiftpost.php:183

actionadmin_headswiftpost.php:186

actioninitswiftpost.php:190

actioninitswiftpost.php:191

Scheduled Events 1

swiftpost_tasks_daily

Maintenance & Trust

SwiftPost Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedDec 1, 2016

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings5

Active installs10

Alternatives

SwiftPost Alternatives

SwiftAd

swiftad

Swift Ad lets website administrators easily manage display advertising right from their WordPress website.

10 No CVEs

AR Advertising Management

ar-ad-manager

100

Plugin to manage advertisements on your website. Ultimate Ad Management for WordPress

0 No CVEs

Ads.txt Manager

ads-txt

100

Create, manage, and validate your ads.txt and app-ads.txt from within WordPress, like any other content asset.

100K No CVEs

Advanced Popups

advanced-popups

100

Display high-converting newsletter popups, a cookie notice, or a notification with the light-weight yet feature-rich plugin.

60K 1 CVE

AI Powered Marketing

kliken-marketing-for-google

100

Kliken's all-in-one marketing helps businesses reach high-intent customers, beat the competition and see sales growth while lowering conversion costs

50K No CVEs

Developer Profile

SwiftPost Developer Profile

Richard Alva

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SwiftPost

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/swiftpost/css/swiftpost.css/wp-content/plugins/swiftpost/js/swiftpost-script.js/wp-content/plugins/swiftpost/js/swiftpost-admin.js

Script Paths

/wp-content/plugins/swiftpost/js/swiftpost-script.js/wp-content/plugins/swiftpost/js/swiftpost-admin.js

Version Parameters

swiftpost/css/swiftpost.css?ver=swiftpost/js/swiftpost-script.js?ver=swiftpost/js/swiftpost-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

swiftpost_settings_formswiftpost_dashboard_widget

HTML Comments

Swift Post InjectSlot Fill

Data Attributes

data-swiftpost-id

JS Globals

swiftposts_titlesswiftpost_ajax_url

Shortcode Output

[swiftpost]

FAQ