Does Sync Posts have any unpatched vulnerabilities?

Yes — Sync Posts currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Sync Posts compatible with WordPress 6.3.8?

According to WordPress.org data, Sync Posts 1.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Sync Posts compatible with PHP 7.2.5+?

Sync Posts requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sync Posts updated?

Sync Posts was last updated on Oct 27, 2023. Frequent updates are generally a positive security signal.

What is Sync Posts's security score?

Sync Posts has a WP-Safety security score of 61/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sync Posts Security & Risk Analysis

wordpress.org/plugins/sync-posts

Sync Posts is a WordPress plugin that allows you to sync posts from another website using a URL. With this plugin, you can easily import Post Title, C …

100 active installs v1.0 PHP 7.2.5+ WP + Updated Oct 27, 2023

import-postspost-scrappingposts-copyremote-posts-copier

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 10, 2025

Plugin page Download

Safety Verdict

Is Sync Posts Safe to Use in 2026?

Use With Caution

Score 61/100

Sync Posts has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 10, 2025Updated 2yr ago

Risk Assessment

The 'sync-posts' plugin v1.0 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and properly escaping all output, significant concerns arise from its attack surface and vulnerability history. The presence of one unprotected AJAX handler presents a direct entry point for potential attacks, especially given the lack of nonce checks and capability checks. This is exacerbated by the taint analysis revealing two flows with unsanitized paths, indicating a potential for malicious data to be processed insecurely, even if no critical or high severity issues were immediately identified in this analysis.

Key Concerns

Unprotected AJAX handler found
Unpatched high severity CVE exists
Flows with unsanitized paths found
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

Sync Posts Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-32579high · 8.8Unrestricted Upload of File with Dangerous Type

Sync Posts <= 1.0 - Authenticated (Subscriber+) Arbitrary File Upload

Apr 10, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Sync Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped20 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

scwp_sync_posts_func (inc\posts-sync-func.php:3)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Sync Posts Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_sync_postsinc\posts-ajax-handler.php:7

WordPress Hooks 2

actionadmin_menuinc\admin-menu.php:7

actionadmin_enqueue_scriptsinc\admin-menu.php:13

Maintenance & Trust

Sync Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedOct 27, 2023

PHP min version7.2.5

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

Sync Posts Alternatives

WP Multisite Content Copier/Updater

wp-multisite-content-copier

Copy/Update posts and pages from one site (blog) to the other sites (blogs) in your WordPress Multisite Network.

800 3 CVEs

Post/Page Import Export – Migrate Content with Custom Fields & Taxonomies

postpage-import-export-with-custom-fields-taxonomies

Export and import WordPress posts & pages as JSON files with full support for custom fields, taxonomies, ACF fields, and featured images.

200 2 CVEs

Developer Profile

Sync Posts Developer Profile

SoftClever Limited

1 plugin · 100 total installs

trust score

Avg Security Score

61/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sync Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sync-posts/css/style.css

Version Parameters

sync-posts/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

sync-posts-alert

REST Endpoints

/wp-json/wp/v2/posts/wp-json/wp/v2/categories//wp-json/wp/v2/tags//wp-json/wp/v2/media/

FAQ