Does Trashed By have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Trashed By compatible with WordPress 5.7.15?

According to WordPress.org data, Trashed By 1.4 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Trashed By updated?

Trashed By was last updated on Jul 21, 2021. Frequent updates are generally a positive security signal.

What is Trashed By's security score?

Trashed By has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Trashed By Security & Risk Analysis

wordpress.org/plugins/trashed-by

Records which user trashed a post and when they trashed it. Displays that info as columns in admin trashed posts listings.

10 active installs v1.4 PHP + WP 4.9+ Updated Jul 21, 2021

auditdeletedposttrackingtrash

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Trashed By Safe to Use in 2026?

Generally Safe

Score 85/100

Trashed By has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The 'trashed-by' plugin version 1.4 exhibits a generally strong security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerabilities or CVEs, indicating a history of stable security.

However, a notable concern arises from the output escaping. With 5 total outputs and only 60% properly escaped, there's a risk of Cross-Site Scripting (XSS) vulnerabilities if the unescaped outputs contain user-supplied data. While no critical or high-severity taint flows were identified, this incomplete output sanitization is a potential weakness that could be exploited in conjunction with other factors, though the current analysis does not show such direct links.

In conclusion, the plugin is well-defended against common web vulnerabilities due to its limited attack surface and secure database practices. The primary area for improvement is ensuring all output is rigorously escaped to mitigate potential XSS risks. The lack of historical vulnerabilities is a positive indicator, but the observed output escaping issue warrants attention.

Key Concerns

Output escaping is not fully implemented

Vulnerabilities

None known

Trashed By Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Trashed By Release Timeline

v1.4Current

v1.3.1

v1.3

v1.1.1

v1.1

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Trashed By Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

60% escaped5 total outputs

Attack Surface

Trashed By Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

filtermanage_posts_columnstrashed-by.php:117

actionmanage_posts_custom_columntrashed-by.php:118

actionload-edit.phptrashed-by.php:120

actiontrashed_posttrashed-by.php:122

actionuntrashed_posttrashed-by.php:123

actioninittrashed-by.php:125

filteris_protected_metatrashed-by.php:126

actionadmin_headtrashed-by.php:209

actionplugins_loadedtrashed-by.php:408

Maintenance & Trust

Trashed By Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJul 21, 2021

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Trashed By Alternatives

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.

300K 5 CVEs

Light Views Counter – Fast, Scalable View Counter for High-Traffic Sites

light-views-counter

100

Lightweight and fast post view counter with smart tracking, built for high-traffic sites and large post databases.

2K No CVEs

Post Lockdown

post-lockdown

Allows admins to protect selected posts and pages so they cannot be trashed or deleted by non-admin users.

1K 1 CVE

Post Affiliate Pro

postaffiliatepro

This plugin integrates Post Affiliate Pro software into any WordPress installation. Post Affiliate Pro is the leading affiliate tracking tool with mor …

600 1 unpatched

Force Delete Posts

force-delete-posts

100

Deleting Posts has never been so fast! This lightweight plugin adds the ability for administrators to instantly delete posts by adding a Force Delete …

300 No CVEs

Developer Profile

Trashed By Developer Profile

Scott Reilly

63 plugins · 92K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

374 days

View full developer profile

Detection Fingerprints

How We Detect Trashed By

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

trashed-by/style.css?ver=trashed-by/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

column-trashed_bycolumn-trashed_on

Data Attributes

data-trashed-by

JS Globals

trashedByAdmin

REST Endpoints

/wp-json/trashed-by/v1/postmeta

FAQ