WP-Safety

Sync Post With Other Site Security & Risk Analysis

wordpress.org/plugins/sync-post-with-other-site

Allows user to sync Posts, Pages and Custom Post Type with multiple websites.

3K active installs v1.9.1 PHP + WP 4.5+ Updated Jul 12, 2025
migrate-post-contentpost-content-syncsync-post-with-multiple-sitessynchronization-postwp-sync-post
99
A · Safe
CVEs total2
Unpatched0
Last CVEAug 2, 2024
Plugin page Download
Safety Verdict

Is Sync Post With Other Site Safe to Use in 2026?

Generally Safe

Score 99/100

Sync Post With Other Site has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 2, 2024Updated 8mo ago
Risk Assessment

The "sync-post-with-other-site" plugin, version 1.9.1, exhibits a mixed security posture. While it avoids dangerous functions and uses prepared statements for SQL queries, significant concerns arise from its handling of entry points and output sanitization. The plugin presents a total of one entry point via the REST API, which crucially lacks permission callbacks, making it susceptible to unauthorized access. Additionally, only 14% of its output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities across various functions.

The plugin's vulnerability history reveals a pattern of medium-severity issues, specifically Missing Authorization and Cross-Site Request Forgery (CSRF). The presence of two past CVEs, although currently patched, suggests a recurring weakness in implementing proper authorization and CSRF protection mechanisms. The absence of capability checks in the static analysis further supports this concern, as it indicates a reliance on potentially insufficient or missing authorization controls.

Despite strengths like the absence of dangerous functions and the secure handling of SQL queries, the unprotected REST API route and widespread unescaped output are critical vulnerabilities. The historical trend of authorization and CSRF issues, combined with the lack of explicit capability checks, indicates a persistent need for robust security implementations. Users should exercise caution and ensure the plugin is kept updated, though even then, the identified code flaws warrant attention.

Key Concerns

  • Unprotected REST API route
  • Low percentage of properly escaped output
  • History of medium severity vulnerabilities (2)
  • Missing capability checks
Vulnerabilities
2

Sync Post With Other Site Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-6709medium · 4.3Missing Authorization

Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update

Aug 2, 2024 Patched in 1.7 (1d)
CVE-2024-32082medium · 4.3Cross-Site Request Forgery (CSRF)

Sync Post With Other Site <= 1.5.1 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 1.5.2 (51d)
Code Analysis
Analyzed Mar 16, 2026

Sync Post With Other Site Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
49
8 escaped
Nonce Checks
2
Capability Checks
0
File Operations
4
External Requests
2
Bundled Libraries
0

Output Escaping

14% escaped57 total outputs
Attack Surface
1 unprotected

Sync Post With Other Site Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

POST/wp-json/sps/v1/dataincludes\sps_sync.class.php:24
WordPress Hooks 13
actionadmin_initincludes\sps_post_meta.class.php:8
actionsave_postincludes\sps_post_meta.class.php:10
actionsps_save_settingsincludes\sps_settings.class.php:8
filterwp_insert_post_dataincludes\sps_sync.class.php:10
actionrest_insert_postincludes\sps_sync.class.php:13
actionsave_postincludes\sps_sync.class.php:15
actionspsp_after_save_dataincludes\sps_sync.class.php:17
actionrest_api_initincludes\sps_sync.class.php:19
filterwp_kses_allowed_htmlincludes\sps_sync.class.php:265
actionadmin_menuSyncPostWithOtherSite.php:69
actionadmin_enqueue_scriptsSyncPostWithOtherSite.php:71
actionwp_enqueue_scriptsSyncPostWithOtherSite.php:73
actionplugins_loadedSyncPostWithOtherSite.php:75
Maintenance & Trust

Sync Post With Other Site Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 12, 2025
PHP min version
Downloads45K

Community Trust

Rating82/100
Number of ratings27
Active installs3K
Alternatives

Sync Post With Other Site Alternatives

No alternatives data available yet.

Developer Profile

Sync Post With Other Site Developer Profile

Kamlesh Parmar

1 plugin · 3K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
26 days
View full developer profile
Detection Fingerprints

How We Detect Sync Post With Other Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sync-post-with-other-site/assets/css/sps_admin_style.css/wp-content/plugins/sync-post-with-other-site/assets/css/sps_front_style.css/wp-content/plugins/sync-post-with-other-site/assets/js/sps_admin_js.js/wp-content/plugins/sync-post-with-other-site/assets/js/sps_front_js.js
Script Paths
/wp-content/plugins/sync-post-with-other-site/assets/js/sps_admin_js.js/wp-content/plugins/sync-post-with-other-site/assets/js/sps_front_js.js
Version Parameters
sync-post-with-other-site/assets/css/sps_admin_style.css?ver=sync-post-with-other-site/assets/js/sps_admin_js.js?ver=sync-post-with-other-site/assets/css/sps_front_style.css?ver=sync-post-with-other-site/assets/js/sps_front_js.js?ver=

HTML / DOM Fingerprints

JS Globals
__sps_msgajaxurl
FAQ

Frequently Asked Questions about Sync Post With Other Site