Does WZ Followed Posts – Display what visitors are reading have any unpatched vulnerabilities?

No. All known vulnerabilities in WZ Followed Posts – Display what visitors are reading have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WZ Followed Posts – Display what visitors are reading compatible with WordPress 6.9.4?

According to WordPress.org data, WZ Followed Posts – Display what visitors are reading 3.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WZ Followed Posts – Display what visitors are reading compatible with PHP 7.4+?

WZ Followed Posts – Display what visitors are reading requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is WZ Followed Posts – Display what visitors are reading's security score?

WZ Followed Posts – Display what visitors are reading has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WZ Followed Posts – Display what visitors are reading Security & Risk Analysis

wordpress.org/plugins/where-did-they-go-from-here

Show "Readers who viewed this page, also viewed" a.k.a. followed posts on your page. Much like Amazon.com's product pages.

400 active installs v3.1.2 PHP 7.4+ WP 6.3+ Updated Nov 29, 2025

followed-postsrelated-postswhere-did-they-go-from-here

A · Safe

CVEs total1

Unpatched0

Last CVEMay 6, 2025

Plugin page Download

Safety Verdict

Is WZ Followed Posts – Display what visitors are reading Safe to Use in 2026?

Generally Safe

Score 99/100

WZ Followed Posts – Display what visitors are reading has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 6, 2025Updated 4mo ago

Risk Assessment

The "where-did-they-go-from-here" plugin v3.1.2 exhibits a generally strong security posture based on the static analysis. The presence of nonce and capability checks on all identified entry points is a significant positive, indicating a good understanding of WordPress security best practices. The high percentage of properly escaped output and the use of prepared statements for the majority of SQL queries further bolster its security. The absence of critical or high severity taint flows is also reassuring.

However, there are a few areas that warrant attention. While the static analysis reports zero unprotected entry points, it's worth noting the presence of 5 AJAX handlers, which, even with checks, represent potential vectors if the checks are not robust or have implementation flaws. The history of one medium severity CVE, specifically Cross-Site Scripting, although patched, suggests that input sanitization and output escaping might have had past weaknesses that, while addressed, serve as a reminder for ongoing vigilance. The single file operation, while not inherently risky, should always be scrutinized for potential path traversal or unauthorized access vulnerabilities.

Overall, the plugin demonstrates good security development habits, particularly in its handling of entry points and data output. The past vulnerability, while concerning, has been addressed. Continuous monitoring and periodic security audits are recommended to maintain this favorable security profile and prevent recurrence of past issues.

Key Concerns

Past medium CVE for XSS

Vulnerabilities

WZ Followed Posts – Display what visitors are reading Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-4171medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WZ Followed Posts – Display what visitors are reading <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 6, 2025 Patched in 3.1.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

WZ Followed Posts – Display what visitors are reading Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

187 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

89% escaped211 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

process_settings_import (includes\admin\class-tools-page.php:234)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WZ Followed Posts – Display what visitors are reading Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 5

noprivwp_ajax_wherego_trackerincludes\class-tracker.php:31

authwp_ajax_wherego_trackerincludes\class-tracker.php:32

noprivwp_ajax_wherego_tag_searchincludes\options-api.php:299

authwp_ajax_wherego_tag_searchincludes\options-api.php:300

authwp_ajax_wherego_clear_cacheincludes\util\class-cache.php:28

Shortcodes 2

[wherego] includes\frontend\class-shortcodes.php:28

[wfp] includes\frontend\class-shortcodes.php:29

WordPress Hooks 41

actionwp_initialize_siteincludes\admin\class-activator.php:27

actionadmin_enqueue_scriptsincludes\admin\class-admin.php:113

filtermanage_posts_columnsincludes\admin\class-columns.php:30

filtermanage_pages_columnsincludes\admin\class-columns.php:31

filtermanage_media_columnsincludes\admin\class-columns.php:32

actionmanage_posts_custom_columnincludes\admin\class-columns.php:33

actionmanage_pages_custom_columnincludes\admin\class-columns.php:34

actionmanage_media_custom_columnincludes\admin\class-columns.php:35

actionadd_meta_boxesincludes\admin\class-metabox.php:34

actionsave_postincludes\admin\class-metabox.php:35

actionedit_attachmentincludes\admin\class-metabox.php:36

actionadmin_menuincludes\admin\class-tools-page.php:39

actionadmin_enqueue_scriptsincludes\admin\class-tools-page.php:40

filteradmin_initincludes\admin\class-tools-page.php:41

filteradmin_initincludes\admin\class-tools-page.php:42

actionadd_meta_boxesincludes\admin\settings\class-metabox-api.php:102

actionadmin_enqueue_scriptsincludes\admin\settings\class-metabox-api.php:104

actionadmin_menuincludes\admin\settings\class-settings-api.php:181

actionadmin_initincludes\admin\settings\class-settings-api.php:182

filteradmin_footer_textincludes\admin\settings\class-settings-api.php:183

actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-api.php:184

actionadmin_menuincludes\admin\settings\class-settings.php:148

filterplugin_row_metaincludes\admin\settings\class-settings.php:149

filteradmin_enqueue_scriptsincludes\admin\settings\class-settings.php:151

filterwherego_settings_sanitizeincludes\admin\settings\class-settings.php:152

filterwherego_after_setting_outputincludes\admin\settings\class-settings.php:153

filterwherego_setting_field_descriptionincludes\admin\settings\class-settings.php:154

actionwherego_settings_form_buttonsincludes\admin\settings\class-settings.php:155

actionwherego_settings_page_headerincludes\admin\settings\class-settings.php:156

actioninitincludes\class-main.php:131

actionwidgets_initincludes\class-main.php:132

filterthe_contentincludes\class-main.php:133

filterthe_excerpt_rssincludes\class-main.php:134

filterthe_content_feedincludes\class-main.php:135

actionwp_enqueue_scriptsincludes\class-tracker.php:30

actioninitincludes\frontend\blocks\class-blocks.php:28

actionenqueue_block_editor_assetsincludes\frontend\blocks\class-blocks.php:29

actionplugins_loadedincludes\frontend\class-language-handler.php:28

filterget_wherego_posts_idincludes\frontend\class-language-handler.php:29

actionwp_enqueue_scriptsincludes\frontend\class-styles-handler.php:38

actionplugins_loadedwhere-did-they-go-from-here.php:102

Maintenance & Trust

WZ Followed Posts – Display what visitors are reading Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 29, 2025

PHP min version7.4

Downloads44K

Community Trust

Rating60/100

Number of ratings2

Active installs400

Alternatives

WZ Followed Posts – Display what visitors are reading Alternatives

Inline Related Posts

intelly-related-posts

Inline Related Posts AUTOMATICALLY inserts related posts INSIDE your content, capturing immediately the reader's attention.

100K 7 CVEs

VK All in One Expansion Unit

vk-all-in-one-expansion-unit

This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.

100K 10 CVEs

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K 8 CVEs

Contextual Related Posts

contextual-related-posts

Keep visitors on your site longer with intelligent, fast-loading, contextually related posts. Block, shortcode, custom post type and widget ready.

60K 7 CVEs

WZ Followed Posts – Display what visitors are reading Developer Profile

Ajay

31 plugins · 89K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

825 days

View full developer profile

Detection Fingerprints

How We Detect WZ Followed Posts – Display what visitors are reading

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/where-did-they-go-from-here/assets/css/wz-frontend.css/wp-content/plugins/where-did-they-go-from-here/assets/js/wz-frontend.js

Script Paths

/wp-content/plugins/where-did-they-go-from-here/assets/js/wz-frontend.js

Version Parameters

where-did-they-go-from-here/assets/css/wz-frontend.css?ver=where-did-they-go-from-here/assets/js/wz-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

wherego-followed-postswz-followed-posts-list

Data Attributes

data-wherego-post-iddata-wherego-post-type

JS Globals

wherego_admin_data

Shortcode Output

[followed_posts][followedposts]

FAQ