Does Broadcast have any unpatched vulnerabilities?

No. All known vulnerabilities in Broadcast have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Broadcast compatible with WordPress 6.9.4?

According to WordPress.org data, Broadcast 52.02 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Broadcast compatible with PHP 8.0+?

Broadcast requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Broadcast updated?

Broadcast was last updated on Feb 7, 2026. Frequent updates are generally a positive security signal.

What is Broadcast's security score?

Broadcast has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Broadcast Security & Risk Analysis

wordpress.org/plugins/threewp-broadcast

Network content syndication made easy! Automatically share content by multiposting between multisite blogs.

1K active installs v52.02 PHP 8.0+ WP 6.2+ Updated Feb 7, 2026

duplicatemarketingmultipostsharingsyndication

A · Safe

CVEs total1

Unpatched0

Last CVEDec 5, 2024

Plugin page Download

Safety Verdict

Is Broadcast Safe to Use in 2026?

Generally Safe

Score 99/100

Broadcast has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 5, 2024Updated 1mo ago

Risk Assessment

The threewp-broadcast v52.02 plugin exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and proper output escaping, there are significant concerns regarding its attack surface and the use of potentially dangerous functions. The presence of two AJAX handlers without authentication checks presents a notable risk, as these could be exploited by unauthenticated users if they process user-supplied data insecurely. The use of `unserialize` also raises a red flag, as deserialization vulnerabilities can be severe if not handled with extreme care and validation.

Key Concerns

AJAX handlers without authentication checks
Use of dangerous function: unserialize
Medium severity vulnerability in history

Vulnerabilities

Broadcast Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11379medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Broadcast <= 51.01 - Reflected Cross-Site Scripting

Dec 5, 2024 Patched in 51.02 (1d)

Code Analysis

Analyzed Mar 16, 2026

Broadcast Code Analysis

Dangerous Functions

Raw SQL Queries

42 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn @ unserialize( base64_decode( $data ) );src\broadcast_data.php:249

unserialize$data = unserialize( $data );src\maintenance\data.php:47

SQL Query Safety

93% prepared45 total queries

Output Escaping

74% escaped68 total outputs

Attack Surface

2 unprotected

Broadcast Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_broadcast_post_action_formsrc\traits\post_actions.php:28

authwp_ajax_broadcast_post_bulk_actionsrc\traits\post_actions.php:29

WordPress Hooks 64

actionthreewp_broadcast_maintenance_populate_checkssrc\maintenance\controller.php:19

filterpre_set_site_transient_update_pluginssrc\premium_pack\classes\updater\EDD_SL_Plugin_Updater.php:79

filterplugins_apisrc\premium_pack\classes\updater\EDD_SL_Plugin_Updater.php:80

actionafter_plugin_rowsrc\premium_pack\classes\updater\EDD_SL_Plugin_Updater.php:81

actionadmin_initsrc\premium_pack\classes\updater\EDD_SL_Plugin_Updater.php:82

actionthreewp_broadcast_broadcasting_startedsrc\premium_pack\Plugin_Pack.php:26

actionThreeWP_Broadcast_Plugin_Pack_get_plugin_classessrc\premium_pack\Plugin_Pack.php:27

actionthreewp_broadcast_plugin_pack_uninstallsrc\premium_pack\Plugin_Pack.php:28

actionthreewp_broadcast_plugin_pack_tabssrc\premium_pack\Plugin_Pack.php:29

actionthreewp_broadcast_prepare_meta_boxsrc\premium_pack\Plugin_Pack.php:30

actionthreewp_broadcast_loadedsrc\premium_pack\ThreeWP_Broadcast_Plugin_Pack.php:24

actionthreewp_broadcast_menusrc\premium_pack\ThreeWP_Broadcast_Plugin_Pack.php:25

actionthreewp_broadcast_broadcasting_startedsrc\premium_pack\ThreeWP_Broadcast_Plugin_Pack.php:26

actionadd_meta_boxessrc\ThreeWP_Broadcast.php:185

actionwp_uninitialize_sitesrc\ThreeWP_Broadcast.php:186

filterpage_linksrc\ThreeWP_Broadcast.php:190

filterpost_linksrc\ThreeWP_Broadcast.php:191

filterpost_type_linksrc\ThreeWP_Broadcast.php:192

actionplugins_loadedsrc\ThreeWP_Broadcast.php:200

filterthreewp_broadcast_add_meta_boxsrc\ThreeWP_Broadcast.php:202

filterthreewp_broadcast_admin_menusrc\ThreeWP_Broadcast.php:203

actionthreewp_broadcast_broadcast_postsrc\ThreeWP_Broadcast.php:207

actionthreewp_broadcast_broadcasting_set_object_termssrc\ThreeWP_Broadcast.php:209

actionthreewp_broadcast_each_linked_postsrc\ThreeWP_Broadcast.php:211

actionthreewp_broadcast_get_user_writable_blogssrc\ThreeWP_Broadcast.php:212

filterthreewp_broadcast_get_post_typessrc\ThreeWP_Broadcast.php:213

actionthreewp_broadcast_maybe_clear_postsrc\ThreeWP_Broadcast.php:214

filterthreewp_broadcast_parse_contentsrc\ThreeWP_Broadcast.php:217

actionthreewp_broadcast_prepare_broadcasting_datasrc\ThreeWP_Broadcast.php:218

filterthreewp_broadcast_prepare_meta_boxsrc\ThreeWP_Broadcast.php:219

filterthreewp_broadcast_prepare_meta_boxsrc\ThreeWP_Broadcast.php:220

filterthreewp_broadcast_preparse_contentsrc\ThreeWP_Broadcast.php:221

actionwp_headsrc\ThreeWP_Broadcast.php:224

filterwpseo_canonicalsrc\ThreeWP_Broadcast.php:750

actionadmin_menusrc\traits\admin_menu.php:557

actionadmin_print_stylessrc\traits\admin_menu.php:558

actionnetwork_admin_menusrc\traits\admin_menu.php:559

filternetwork_admin_plugin_action_linkssrc\traits\admin_menu.php:562

filterplugin_action_linkssrc\traits\admin_menu.php:563

filterplugin_row_metasrc\traits\admin_menu.php:564

actionthreewp_broadcast_menusrc\traits\admin_menu.php:566

actionthreewp_broadcast_menusrc\traits\admin_menu.php:567

actionadmin_print_footer_scriptssrc\traits\admin_scripts.php:39

actionthreewp_broadcast_apply_existing_attachment_actionsrc\traits\attachments.php:18

actionthreewp_broadcast_copy_attachmentsrc\traits\attachments.php:19

actionthreewp_broadcast_get_existing_attachment_actionssrc\traits\attachments.php:20

actionupload_dirsrc\traits\broadcasting.php:280

actionsave_postsrc\traits\misc.php:374

actionsave_postsrc\traits\misc.php:375

actionthreewp_broadcast_find_unlinked_children_post_actionsrc\traits\post_actions.php:23

actionthreewp_broadcast_get_post_actionssrc\traits\post_actions.php:24

actionthreewp_broadcast_get_post_bulk_actionssrc\traits\post_actions.php:25

actionthreewp_broadcast_manage_posts_custom_columnsrc\traits\post_actions.php:26

actionthreewp_broadcast_post_actionsrc\traits\post_actions.php:27

actiondelete_postsrc\traits\post_actions.php:32

actiontrash_postsrc\traits\post_actions.php:33

actionuntrash_postsrc\traits\post_actions.php:34

actionuntrashed_postsrc\traits\post_actions.php:35

actionwp_trash_postsrc\traits\post_actions.php:36

actionthreewp_broadcast_trash_untrash_delete_postsrc\traits\post_actions.php:37

actionthreewp_broadcast_broadcasting_before_restore_current_blogsrc\traits\savings_calculator.php:198

actionthreewp_broadcast_collect_post_type_taxonomiessrc\traits\terms_and_taxonomies.php:373

actionthreewp_broadcast_wp_insert_termsrc\traits\terms_and_taxonomies.php:374

actionthreewp_broadcast_wp_update_termsrc\traits\terms_and_taxonomies.php:375

Maintenance & Trust

Broadcast Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 7, 2026

PHP min version8.0

Downloads423K

Community Trust

Rating98/100

Number of ratings214

Active installs1K

Alternatives

Broadcast Alternatives

Buttonizer – Floating Menus, Sticky Buttons, & Popup Builder

buttonizer-multifunctional-button

100

Floating Menus, Sticky Buttons, & Popup builder. WhatsApp Chat, Facebook Messenger, Telegram, Live Chat, Call, SMS, Email & more.

80K 1 CVE

Jetpack Social

jetpack-social

100

Write once, publish everywhere. Reach your target audience by sharing your content with Jetpack Social!

30K No CVEs

Canonical SEO Content Syndication WordPress Plugin

canonical-seo-content-syndication

Canonical SEO Content syndication plugin adds rel=canonical tag for content syndication. The meta box is added at edit post section.

500 No CVEs

Syndication Links

syndication-links

100

Link to copies of your cross-posted content in other social networks or websites.

300 1 CVE

SocialJet

socialjet

100

Automatically share your WordPress posts to social media platforms with ease.

20 No CVEs

Developer Profile

Broadcast Developer Profile

edward_plainview

3 plugins · 9K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

603 days

View full developer profile

Detection Fingerprints

How We Detect Broadcast

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/threewp-broadcast/css/css.css

Version Parameters

threewp_broadcast/css/css.css?ver=

HTML / DOM Fingerprints

CSS Classes

plainview_form_auto_tabs

Data Attributes

data-plainview-form-auto-tabs-parent

FAQ