Does Hide Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Hide Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hide Posts compatible with WordPress 6.8.5?

According to WordPress.org data, Hide Posts 2.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Hide Posts compatible with PHP 7.3+?

Hide Posts requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hide Posts updated?

Hide Posts was last updated on Nov 24, 2025. Frequent updates are generally a positive security signal.

What is Hide Posts's security score?

Hide Posts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hide Posts Security & Risk Analysis

wordpress.org/plugins/whp-hide-posts

Allows you to hide any posts on the home page, category page, search page, tags page, authors page, RSS Feed, REST API, XML sitemaps, SEO integrations …

20K active installs v2.1.0 PHP 7.3+ WP 5.0+ Updated Nov 24, 2025

hidehide-postshide-productsshowvisibility

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Hide Posts Safe to Use in 2026?

Generally Safe

Score 100/100

Hide Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'whp-hide-posts' plugin v2.1.0 exhibits a generally strong security posture, adhering to several good practices. The absence of known CVEs and a clean vulnerability history are positive indicators. The code analysis reveals a robust implementation of security measures, with a high percentage of SQL queries using prepared statements and proper output escaping. Nonce and capability checks are also present for its entry points.

However, the taint analysis highlights two flows with unsanitized paths, both classified as high severity. This is a significant concern, suggesting that user-supplied data might be used in a way that could lead to vulnerabilities, even though no specific exploitable issues were identified in this static analysis. The plugin's attack surface, while currently protected, could present future risks if new entry points are added without adequate security checks.

Overall, while the plugin has strengths in its current security implementations and a clean history, the identified high-severity taint flows warrant immediate attention and thorough investigation to ensure they do not lead to actual exploits. The development team should prioritize addressing these unsanitized paths.

Key Concerns

High severity taint flows with unsanitized paths
Minor portion of SQL queries not using prepared statements
Minor portion of outputs not properly escaped

Vulnerabilities

None known

Hide Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Hide Posts Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

91% prepared33 total queries

Output Escaping

85% escaped26 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_quick_edit (inc\admin\class-post-hide-metabox.php:778)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hide Posts Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

authwp_ajax_whp_bulk_edit_saveinc\admin\class-post-hide-metabox.php:41

authwp_ajax_whp_quick_edit_saveinc\admin\class-post-hide-metabox.php:45

REST API Routes 2

GET/wp-json/whp/v1/hide-settings/(?P<id>\d+)inc\class-rest-api.php:39

POST/wp-json/whp/v1/hide-settings/(?P<id>\d+)inc\class-rest-api.php:59

WordPress Hooks 31

actionadmin_initinc\admin\class-dashboard.php:27

actionadmin_menuinc\admin\class-dashboard.php:28

actionadmin_noticesinc\admin\class-dashboard.php:29

actionadmin_initinc\admin\class-dashboard.php:30

actionadd_meta_boxesinc\admin\class-post-hide-metabox.php:29

actionadmin_enqueue_scriptsinc\admin\class-post-hide-metabox.php:37

actionbulk_edit_custom_boxinc\admin\class-post-hide-metabox.php:40

actionquick_edit_custom_boxinc\admin\class-post-hide-metabox.php:44

actiondelete_postinc\class-cache-manager.php:28

actionwp_trash_postinc\class-cache-manager.php:29

actionuntrash_postinc\class-cache-manager.php:30

actiontransition_post_statusinc\class-cache-manager.php:31

actionpre_get_postsinc\class-post-hide.php:36

actionparse_queryinc\class-post-hide.php:37

filterget_next_post_whereinc\class-post-hide.php:38

filterget_previous_post_whereinc\class-post-hide.php:39

filterwidget_posts_argsinc\class-post-hide.php:40

filterquery_loop_block_query_varsinc\class-post-hide.php:41

filterrender_block_core/latest-postsinc\class-post-hide.php:42

filterwoocommerce_rest_product_object_queryinc\class-post-hide.php:48

filterwoocommerce_rest_product_queryinc\class-post-hide.php:49

actionrest_api_initinc\class-rest-api.php:28

filterwp_sitemaps_posts_query_argsinc\class-seo-integration.php:37

filterwpseo_sitemap_exclude_post_typeinc\class-seo-integration.php:40

filterwpseo_breadcrumb_linksinc\class-seo-integration.php:41

filterwpseo_link_count_post_typesinc\class-seo-integration.php:42

filterposts_whereinc\class-seo-integration.php:146

actiondp_duplicate_postinc\class-yoast-duplicate-post.php:29

actiondp_duplicate_pageinc\class-yoast-duplicate-post.php:30

filterzeen_pagination_queryinc\class-zeen-theme.php:29

actionplugins_loadedwhp-hide-posts.php:64

Maintenance & Trust

Hide Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 24, 2025

PHP min version7.3

Downloads249K

Community Trust

Rating94/100

Number of ratings22

Active installs20K

Alternatives

Hide Posts Alternatives

WP-ShowHide

wp-showhide

Allows you to embed content within your blog post via WordPress ShortCode API and toggling the visibility of the content via a link.

10K 2 CVEs

Content Visibility for Divi Builder

content-visibility-for-divi-builder

100

Content Visibility for Divi Builder.

2K No CVEs

Unlisted Posts

unlisted-posts

Allows you to easily exclude posts from feeds, category pages, blog pages and more using one checkbox on posts.

90 No CVEs

Responsive Visibility for Blocks Editor (Hide/Show Blocks for Devices)

responsive-visibility

100

🌟 Enhance Your WordPress Site with Responsive Visibility for Gutenberg Blocks

50 No CVEs

Post Visibility Control

post-visibility-control

100

Control post visibility in archives and search results for all content types.

20 No CVEs

Developer Profile

Hide Posts Developer Profile

MartinCV

3 plugins · 20K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hide Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/whp-hide-posts/assets/css/backend.css/wp-content/plugins/whp-hide-posts/assets/js/backend.js/wp-content/plugins/whp-hide-posts/assets/js/bulk-edit.js/wp-content/plugins/whp-hide-posts/assets/js/quick-edit.js/wp-content/plugins/whp-hide-posts/assets/js/frontend.js

Version Parameters

whp-hide-posts/assets/css/backend.css?ver=whp-hide-posts/assets/js/backend.js?ver=whp-hide-posts/assets/js/bulk-edit.js?ver=whp-hide-posts/assets/js/quick-edit.js?ver=whp-hide-posts/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

whp-hide-post-wrapperwhp-hide-post-bulk-edit-wrapperwhp-hide-post-quick-edit-wrapper

Data Attributes

data-whp-iddata-whp-meta-key

JS Globals

whp_varswhp_bulk_varswhp_quick_vars

REST Endpoints

/wp-json/whp/v1/get-metas/wp-json/whp/v1/save-meta

FAQ