Top Authors Security & Risk Analysis
wordpress.org/plugins/top-authorsA highly customizable widget that allows you to display the top authors of your website easily.
Is Top Authors Safe to Use in 2026?
Generally Safe
Score 85/100Top Authors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "top-authors" plugin, version 1.0.11, exhibits a generally good security posture based on the provided static analysis. The complete absence of identified entry points like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength, minimizing the potential attack surface. Furthermore, the lack of dangerous functions, file operations, and external HTTP requests suggests a focused and contained plugin.
However, there are notable concerns. The single SQL query is not using prepared statements, which is a critical weakness that could lead to SQL injection vulnerabilities if the input to this query is not strictly controlled. The low percentage (19%) of properly escaped output is also a significant concern, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly in the browser without proper sanitization.
With no recorded vulnerabilities in its history, the plugin appears to have been developed with security in mind or has not yet attracted significant malicious attention. However, the static analysis clearly reveals potential weaknesses that could be exploited. The overall security is compromised by the lack of prepared statements for SQL queries and the widespread unescaped output, despite the limited attack surface and clean vulnerability history.
Key Concerns
- SQL query not using prepared statements
- Low percentage of properly escaped output
- No nonce checks detected
- No capability checks detected
Top Authors Security Vulnerabilities
Top Authors Release Timeline
Top Authors Code Analysis
SQL Query Safety
Output Escaping
Top Authors Attack Surface
WordPress Hooks 5
Maintenance & Trust
Top Authors Maintenance & Trust
Maintenance Signals
Community Trust
Top Authors Alternatives
Flex Posts – Widget and Gutenberg Block
flex-posts
A widget to display posts with thumbnails in various layouts. Fits nicely in any widget area size.
Widget Pack
ts-widget-pack
Widget Pack is a WordPress plugin that enables essential, yet powerful features for your website.
Authors Posts Widget
authors-posts-widget
Authors posts widget with blogger style.
WP LIST PAGES BY CUSTOM TAXONOMY
wp-list-pages-by-custom-taxonomy
Widget to lists posts of any active post-type, filtering by any term of any active custom taxonomy. display title, or thumb, date and excerpt too.
Latest Posts Widget
raw-latest-posts-widget
List the lastest posts from a category.
Top Authors Developer Profile
13 plugins · 7K total installs
How We Detect Top Authors
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/top-authors/css/preset-gravatar-list-count.css/wp-content/plugins/top-authors/css/preset-gravatar-name.css/wp-content/plugins/top-authors/css/preset-gravatars.css/wp-content/plugins/top-authors/css/sumoselect.css/wp-content/plugins/top-authors/css/styles.css/wp-content/plugins/top-authors/js/jquery.sumoselect.min.js/wp-content/plugins/top-authors/js/scripts.js/wp-content/plugins/top-authors/js/scripts.jstop-authors/css/preset-gravatar-list-count.css?ver=top-authors/css/preset-gravatar-name.css?ver=top-authors/css/preset-gravatars.css?ver=top-authors/css/sumoselect.css?ver=top-authors/css/styles.css?ver=top-authors/js/jquery.sumoselect.min.js?ver=top-authors/js/scripts.js?ver=HTML / DOM Fingerprints
top-authors-widgetdata-exclude_rolesdata-include_post_typesdata-presetdata-templatedata-before_listdata-after_list+2 moreta<li><a href="%linktoposts%">%gravatar% %firstname% %lastname% </a> number of posts: %nrofposts%</li><ul>