Does User Frontend Post Submit have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is User Frontend Post Submit compatible with WordPress 4.3.34?

According to WordPress.org data, User Frontend Post Submit 1.0.0 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is User Frontend Post Submit updated?

User Frontend Post Submit was last updated on Sep 14, 2015. Frequent updates are generally a positive security signal.

What is User Frontend Post Submit's security score?

User Frontend Post Submit has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Frontend Post Submit Security & Risk Analysis

wordpress.org/plugins/user-frontend-post-submit

User Frontend Post Submit This plugin gives you all the post create scope, for any post type and any other extended options for displaying your very i …

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated Sep 14, 2015

category-base-postpostpost-with-set-feature-imageuser-fontend-post

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is User Frontend Post Submit Safe to Use in 2026?

Generally Safe

Score 85/100

User Frontend Post Submit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The user-frontend-post-submit plugin v1.0.0 exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped outputs. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. The plugin also incorporates nonce checks and shows no known vulnerabilities in its history, indicating a history of responsible development.

However, a few areas warrant attention. The presence of a single shortcode as an entry point, while currently unprotected by specific capability checks, represents a potential, albeit minor, attack surface. The taint analysis identified one flow with an unsanitized path, which, while not flagged as critical or high severity, still suggests a potential for improper handling of user-supplied data that could lead to unintended consequences if exploited. The lack of explicit capability checks on the shortcode is the most notable concern, as it means any authenticated user could potentially interact with it without specific permissions.

Overall, the plugin appears relatively secure, especially considering its lack of historical vulnerabilities and its adherence to many best practices. The primary areas for improvement are ensuring the shortcode entry point has appropriate capability checks and further investigation into the identified unsanitized path flow to mitigate any potential risks, even if currently rated low severity. The current version appears to be in a sound state for production use, with these minor points being recommended for future hardening.

Key Concerns

Shortcode entry point without capability checks
Flow with unsanitized path in taint analysis

Vulnerabilities

None known

User Frontend Post Submit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

User Frontend Post Submit Release Timeline

v1.0.2

Code Analysis

Analyzed Mar 17, 2026

User Frontend Post Submit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped24 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

save_admin_post (admin\class-vs-anonymous-post-admin.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User Frontend Post Submit Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[vs-ap-form] includes\class-vs-anonymous-post.php:181

WordPress Hooks 7

actionplugins_loadedincludes\class-vs-anonymous-post.php:150

actionadmin_menuincludes\class-vs-anonymous-post.php:164

actionadmin_enqueue_scriptsincludes\class-vs-anonymous-post.php:165

actionadmin_enqueue_scriptsincludes\class-vs-anonymous-post.php:166

actionwp_enqueue_scriptsincludes\class-vs-anonymous-post.php:182

actionwp_enqueue_scriptsincludes\class-vs-anonymous-post.php:183

actiontemplate_redirectincludes\class-vs-anonymous-post.php:184

Maintenance & Trust

User Frontend Post Submit Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 14, 2015

PHP min version

Downloads10K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

User Frontend Post Submit Alternatives

Yoast Duplicate Post

duplicate-post

The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.

4.0M 4 CVEs

Duplicate Page

duplicate-page

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs

Custom Post Type UI

custom-post-type-ui

Admin UI for creating custom content types like post types and taxonomies

1.0M 4 CVEs

Regenerate Thumbnails

regenerate-thumbnails

100

Regenerate the thumbnails for one or more of your image uploads. Useful when changing their sizes or your theme.

1.0M No CVEs

Post Types Order

post-types-order

100

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K No CVEs

Developer Profile

User Frontend Post Submit Developer Profile

templatesplugin

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User Frontend Post Submit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vs-anonymous-post/admin/css/vs-anonymous-post-admin.css/wp-content/plugins/vs-anonymous-post/admin/js/vs-anonymous-post-admin.js

Script Paths

/wp-content/plugins/vs-anonymous-post/admin/js/vs-anonymous-post-admin.js

Version Parameters

vs-anonymous-post/admin/css/vs-anonymous-post-admin.css?ver=vs-anonymous-post/admin/js/vs-anonymous-post-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

<!--
This function is provided for demonstration purposes only.

An instance of this class should be passed to the run() function
defined in Vs_Anonymous_Post_Loader as all of the hooks are defined
in that particular class.

The Vs_Anonymous_Post_Loader will then create the relationship
between the defined hooks and the functions defined in this
class.
-->

FAQ