Unlimited Security & Risk Analysis
wordpress.org/plugins/unlimitedInifinite scrolling plugin. Choose from Load on scroll, Load more button and Ajax Pagination. Includes scroll to top and opt-out button.
Is Unlimited Safe to Use in 2026?
Generally Safe
Score 85/100Unlimited has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "unlimited" v0.5 plugin presents a significant security risk due to its unprotected AJAX handlers. While the plugin shows good practices by not using dangerous functions, avoiding raw SQL queries, and having no known vulnerability history, the presence of three AJAX handlers without any authentication or capability checks is a major concern. This creates a large attack surface that could be exploited by unauthenticated users to execute arbitrary actions within the WordPress site.
The static analysis reveals no critical or high-severity taint flows, which is a positive sign. However, the lack of proper output escaping on half of the detected outputs is also a point of weakness, potentially leading to cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on these AJAX handlers further exacerbates the risk, as it allows for easy cross-site request forgery (CSRF) attacks.
Overall, the plugin's security posture is mixed. It demonstrates some good development practices, but the critical oversight of leaving AJAX endpoints exposed without proper authorization and sanitization makes it vulnerable to exploitation. The lack of historical vulnerabilities is encouraging, but it doesn't negate the immediate risks identified in the current code. Users should be cautious, and developers should prioritize addressing the unprotected AJAX handlers and output escaping issues.
Key Concerns
- Unprotected AJAX handlers
- Missing nonce checks on AJAX
- Unescaped output
Unlimited Security Vulnerabilities
Unlimited Code Analysis
Output Escaping
Unlimited Attack Surface
AJAX Handlers 3
WordPress Hooks 4
Maintenance & Trust
Unlimited Maintenance & Trust
Maintenance Signals
Community Trust
Unlimited Alternatives
Buttons to Edit Next/Previous Post
buttons-to-edit-next-previous-post
This plugin will add easy shortcut buttons to edit next and previous post in admin edit-post page. You can directly navigate to next and previous post …
Ambrosite Next/Previous Page Link Plus
ambrosite-nextprevious-page-link-plus
Creates two new template tags for generating next/previous page navigation links.
TP Next & Previous Button on Single Product Page
tp-next-previous-button-in-single-product-page
Shows next and previous product in single product view in same category.
Linchpin – PrevNextPage
linchpin-next-page-link-previous-page-link
Create sibling page links. Similar to next_post_link() & previous_post_link() but for pages. Great for utilizing Wordpress for Presentations or it …
Page navigation by menu
page-navigation-by-menu
Create navigation to next/previous pages similar to navigation for posts. Previous and next pages are determined from menu.
Unlimited Developer Profile
5 plugins · 10K total installs
How We Detect Unlimited
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/unlimited/css/dash.css/wp-content/plugins/unlimited/js/settings.js/wp-content/plugins/unlimited/js/un.jsunlimited/css/dash.css?ver=unlimited/js/settings.js?ver=unlimited/css/style.css?ver=HTML / DOM Fingerprints
pb-un-wrapperpb-un-itemspb-un-editorpbc-feedbackdata-themedata-siteunlimited_server_values/wp-admin/admin-ajax.php?action=pb_un_get/wp-admin/admin-ajax.php?action=pb_un_save/wp-admin/admin-ajax.php?action=pb_un_delete