Does Tidy Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Tidy Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tidy Posts compatible with WordPress 6.9.4?

According to WordPress.org data, Tidy Posts 2.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Tidy Posts compatible with PHP 7.4+?

Tidy Posts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tidy Posts updated?

Tidy Posts was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Tidy Posts's security score?

Tidy Posts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tidy Posts Security & Risk Analysis

wordpress.org/plugins/tidy-posts

Content management for WordPress. Track SEO data, monitor content freshness, analyse posts, and optimise your blog with performance scoring.

0 active installs v2.0.0 PHP 7.4+ WP 5.6+ Updated Unknown

blog-managementcontent-auditcontent-freshnessseoseo-audit

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tidy Posts Safe to Use in 2026?

Generally Safe

Score 100/100

Tidy Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "tidy-posts" v2.1.0 plugin exhibits a generally strong security posture based on the static analysis. The complete absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the plugin demonstrates good coding practices with a high percentage of properly escaped outputs and robust use of nonce and capability checks for its entry points. The lack of known CVEs and a clean vulnerability history is a positive indicator of the plugin's stability and maintainer's attention to security.

However, a few areas warrant attention. While there are no critical or high severity taint flows, the presence of two flows with unsanitized paths, even if of lower severity, indicates a potential for issues if user-supplied data is not handled with extreme care. Additionally, a significant portion of SQL queries are not using prepared statements, which could lead to SQL injection vulnerabilities if the non-prepared queries handle untrusted input. The single file operation also presents a minor, but not insignificant, risk if not properly secured against unauthorized access or manipulation.

In conclusion, "tidy-posts" v2.1.0 is a relatively secure plugin, with its strengths lying in its limited attack surface and good authentication/authorization practices. The primary areas of concern are the unsanitized path flows and the non-prepared SQL queries. Addressing these potential weaknesses would further enhance the plugin's security profile.

Key Concerns

SQL queries not using prepared statements
Flows with unsanitized paths detected
File operations present

Vulnerabilities

None known

Tidy Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Tidy Posts Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

56 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

30% prepared20 total queries

Output Escaping

85% escaped66 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

render_posts_table (tidy-posts.php:776)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Tidy Posts Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_tp_get_seo_valueincludes\class-tidy-posts-features.php:30

authwp_ajax_tp_save_inline_seoincludes\class-tidy-posts-features.php:31

authwp_ajax_tp_get_dashboard_statsincludes\class-tidy-posts-features.php:32

authwp_ajax_tp_bulk_editincludes\class-tidy-posts-features.php:33

authwp_ajax_tp_dismiss_rate_bannerincludes\class-tidy-posts-features.php:34

authwp_ajax_tp_undo_inline_seoincludes\class-tidy-posts-features.php:35

WordPress Hooks 10

actionadmin_enqueue_scriptsincludes\class-tidy-posts-features.php:24

actionwp_dashboard_setupincludes\class-tidy-posts-features.php:27

actionadmin_noticesincludes\class-tidy-posts-features.php:38

actionadmin_footerincludes\class-tidy-posts-features.php:41

actionplugins_loadedtidy-posts.php:64

actionadmin_menutidy-posts.php:65

actionadmin_enqueue_scriptstidy-posts.php:66

actionadmin_enqueue_scriptstidy-posts.php:67

actionadmin_inittidy-posts.php:68

actionplugins_loadedtidy-posts.php:1083

Maintenance & Trust

Tidy Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads228

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Tidy Posts Alternatives

Content Freshness Monitor

zevvolabs-content-update-monitor

100

Stop content decay and boost WordPress SEO rankings. Automatically audit your site, find stale posts, and track engagement with one powerful dashboard …

0 No CVEs

SEOKEY – Powerful SEO plugin with Expert Insights and SEO Audit

seo-key

100

Improve SEO rankings with a powerful SEO Audit, automatic optimizations and Expert Insights. SEOKEY is the easiest and most powerful SEO plugin!

1K No CVEs

SEO Audit – WP Site Auditor

seo-site-auditor-agency

100

Site audit tool to check seo health of any url. Many seo details for url, embed form on your website to allow visitors to perform their own SEO checks

200 No CVEs

Answer Engine Optimization – AEO, AIO, AISEO, AI SEO, GEO Audit

answer-engine-optimization-aeo-audit

100

Audit & Fix your website for Answer Engine / AI Optimization (AEO / AIO), AI SEO, AISEO, GEO for Google Zero position, ChatGPT, suggestion & improve.

100 No CVEs

Opace Essential SEO Toolkit

opace-essential-seo-toolkit

The Opace Essential SEO Toolkit is an invaluable WordPress plugin to aid all SEO professionals, developers and businesses in auditing their website.

80 No CVEs

Developer Profile

Tidy Posts Developer Profile

Martin G

3 plugins · 40 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tidy Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tidy-posts/css/tidy-posts-admin.css/wp-content/plugins/tidy-posts/css/vendor/tippy.css/wp-content/plugins/tidy-posts/css/vendor/tippy-bundle.css/wp-content/plugins/tidy-posts/js/vendor/tippy.umd.min.js/wp-content/plugins/tidy-posts/js/vendor/Sortable.min.js/wp-content/plugins/tidy-posts/js/vendor/autosize.min.js/wp-content/plugins/tidy-posts/js/tidy-posts-admin.js

Script Paths

/wp-content/plugins/tidy-posts/js/vendor/tippy.umd.min.js/wp-content/plugins/tidy-posts/js/vendor/Sortable.min.js/wp-content/plugins/tidy-posts/js/vendor/autosize.min.js/wp-content/plugins/tidy-posts/js/tidy-posts-admin.js

Version Parameters

tidy-posts/css/tidy-posts-admin.css?ver=tidy-posts/css/vendor/tippy.css?ver=tidy-posts/css/vendor/tippy-bundle.css?ver=tidy-posts/js/vendor/tippy.umd.min.js?ver=tidy-posts/js/vendor/Sortable.min.js?ver=tidy-posts/js/vendor/autosize.min.js?ver=tidy-posts/js/tidy-posts-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

tidy-posts-admin-pagetp-rating-tooltiptp-settings-modaltp-post-list-tabletp-post-list-celltp-post-list-rating

HTML Comments

+2 more

Data Attributes

data-tp-post-iddata-tp-rating-tooltipdata-tp-settings-modaldata-tp-post-list-tabledata-tp-post-list-celldata-tp-post-list-rating

JS Globals

TidyPostsAdminTippy

REST Endpoints

/wp-json/tidy-posts/v1/settings/wp-json/tidy-posts/v1/posts/wp-json/tidy-posts/v1/post/

FAQ