WP-Safety

TDD Recent Posts Security & Risk Analysis

wordpress.org/plugins/tdd-recent-posts

Simple widget that displays the recent posts with a short content preview. Control the length of the content preview and number of posts

40 active installs v2 PHP + WP 3.2+ Updated Nov 17, 2011
excerptpostpostspreviewrecent
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TDD Recent Posts Safe to Use in 2026?

Generally Safe

Score 85/100

TDD Recent Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The tdd-recent-posts v2 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of AJAX handlers, REST API routes, shortcodes, and cron events indicates a minimal attack surface, and crucially, all identified entry points lack authentication checks, which is concerning. The code signals reveal no dangerous functions or external HTTP requests, and all SQL queries are properly prepared. However, a significant concern is the low rate of proper output escaping, with only 46% of outputs being sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities if user-controlled data is directly outputted without further sanitization. The lack of vulnerability history suggests a well-maintained plugin, but this is overshadowed by the potential for XSS due to inadequate output escaping.

Key Concerns

  • Insufficient output escaping (46% proper)
  • No capability checks for entry points
  • No nonce checks on entry points
Vulnerabilities
None known

TDD Recent Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

TDD Recent Posts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
7
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

46% escaped13 total outputs
Attack Surface

TDD Recent Posts Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_inittddrecentposts.php:58
Maintenance & Trust

TDD Recent Posts Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedNov 17, 2011
PHP min version
Downloads11K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

TDD Recent Posts Alternatives

Recent Posts Widget Plus

Recent Posts Widget Plus

recent-posts-widget-plus

A
85

This plugin allows you to display the most recent posts with an excerpt in a WordPress sidebar widget area.

600 No CVEs
Posts per Cat

Posts per Cat

posts-per-cat

A
99

Group recent posts by category and show them inside boxes organized to columns.

300 1 CVE
Ultimate Sticky Posts Widget

Ultimate Sticky Posts Widget

ultimate-sticky-posts

A
85

This Widget works well to display sticky/posts or both.

100 No CVEs
Recent Posts Ultimate

Recent Posts Ultimate

recent-posts-ultimate

A
85

RPU is the ultimate recent posts plugin, even allowing HTML to be displayed. Quick, easy and efficient!

30 No CVEs
Recent Pages and Posts by MediaArt

Recent Pages and Posts by MediaArt

recent-pages-and-posts-by-mediaart

A
100

A simple widget that shows recently created or updated posts and pages.

0 No CVEs
Developer Profile

TDD Recent Posts Developer Profile

Taylor Dewey

3 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TDD Recent Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tdd-recent-posts/

HTML / DOM Fingerprints

CSS Classes
tdd_rp_widget
Data Attributes
name="tdd_rp_widget[title]"name="tdd_rp_widget[returnnum]"name="tdd_rp_widget[lengthof]"name="tdd_rp_widget[truncate_excerpts]"
FAQ

Frequently Asked Questions about TDD Recent Posts