Does User Posts Per Page have any unpatched vulnerabilities?

No. All known vulnerabilities in User Posts Per Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User Posts Per Page compatible with WordPress 4.0.38?

According to WordPress.org data, User Posts Per Page 1.0.1 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is User Posts Per Page updated?

User Posts Per Page was last updated on Nov 20, 2014. Frequent updates are generally a positive security signal.

What is User Posts Per Page's security score?

User Posts Per Page has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Posts Per Page Security & Risk Analysis

wordpress.org/plugins/user-posts-per-page

Allows the user to dynamically set the number of posts to show per page on category pages, tag pages, author pages and all other archive pages.

10 active installs v1.0.1 PHP + WP 3.3+ Updated Nov 20, 2014

countmarketpresspaginationtaxonomiesuser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is User Posts Per Page Safe to Use in 2026?

Generally Safe

Score 85/100

User Posts Per Page has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "user-posts-per-page" plugin v1.0.1 exhibits a generally positive security posture based on the provided static analysis. The absence of any recorded vulnerabilities in its history and the lack of identified dangerous functions or external HTTP requests are strong indicators of careful development. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all its SQL queries. However, a significant concern arises from the complete lack of output escaping. With two identified output points and 0% being properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. This means that any user-supplied data that is displayed by the plugin is not sanitized, leaving the site vulnerable to malicious scripts being injected and executed in the browser of other users.

Key Concerns

Output is not escaped, high risk of XSS
No nonce checks present
No capability checks present

Vulnerabilities

None known

User Posts Per Page Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

User Posts Per Page Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

User Posts Per Page Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

User Posts Per Page Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedNov 20, 2014

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

User Posts Per Page Alternatives

Password Strength Settings for WooCommerce

wc-password-strength-settings

Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.

10K No CVEs

SysBasics Customize My Account for WooCommerce

customize-my-account-for-woocommerce

Optimize your WooCommerce My account page also add new endpoints and manage existing endpoints with ease.

9K 3 CVEs

Disable User Login

disable-user-login

100

Provides the ability to disable user accounts and prevent them from logging in.

5K 1 CVE

User IP and Location

user-ip-and-location

100

Want to show your website visitors their IP address, location, and other cool details? This plugin makes it super easy! Now works perfectly with cachi …

3K 1 CVE

Protect Admin

protect-admin-account

100

Protect admin accounts from being deleted or modified by other users. This plugin will always be hidden from all users other than the admin who instal …

2K No CVEs

Developer Profile

User Posts Per Page Developer Profile

Samer Bechara

8 plugins · 260 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User Posts Per Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-posts-per-page/lib/css/uppp.css/wp-content/plugins/user-posts-per-page/lib/js/uppp.js

Script Paths

/wp-content/plugins/user-posts-per-page/lib/js/uppp.js

Version Parameters

user-posts-per-page/lib/css/uppp.css?ver=user-posts-per-page/lib/js/uppp.js?ver=

HTML / DOM Fingerprints

FAQ