Does WP Featured Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Featured Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Featured Posts compatible with WordPress 6.9.4?

According to WordPress.org data, WP Featured Posts 1.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Featured Posts compatible with PHP 7.4+?

WP Featured Posts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Featured Posts updated?

WP Featured Posts was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is WP Featured Posts's security score?

WP Featured Posts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Featured Posts Security & Risk Analysis

wordpress.org/plugins/wp-featured-posts

WP Featured Posts is a plugin choose featured posts, sortable and sticky custom post type and compatible with WPML.

300 active installs v1.1.1 PHP 7.4+ WP 4.7+ Updated Feb 20, 2026

feature-postsfeature-postfeatured-postfeatured-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Featured Posts Safe to Use in 2026?

Generally Safe

Score 100/100

WP Featured Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "wp-featured-posts" v1.1.1 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent adherence to secure coding practices by utilizing prepared statements for all SQL queries and ensuring a high percentage of output escaping. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface. Crucially, all identified AJAX handlers are protected with nonce checks, which is a significant mitigating factor against common WordPress exploits. The lack of any recorded vulnerabilities in its history also suggests a history of security consciousness from the developers.

However, a notable concern is the complete absence of capability checks across its entry points. While nonce checks are present, they primarily protect against Cross-Site Request Forgery (CSRF) and do not inherently restrict access based on user roles or permissions. This could allow any authenticated user, regardless of their privileges, to interact with the AJAX handlers. The fact that all 3 AJAX handlers are unprotected by capability checks is a significant weakness. Despite the clean taint analysis and lack of critical vulnerabilities in its history, this missing layer of authorization represents a potential avenue for privilege escalation or unauthorized actions if an attacker can bypass the nonce or exploit a logic flaw within the AJAX handlers themselves.

In conclusion, "wp-featured-posts" v1.1.1 has strong foundational security practices in place, particularly regarding SQL injection prevention and output sanitization. Its vulnerability-free history is commendable. The primary weakness lies in the missing capability checks, which, while not immediately indicative of a exploitable vulnerability without further context, represents a significant oversight in authorization for its AJAX endpoints. This plugin is likely secure against many common threats but could be more robust by implementing role-based access control for its administrative functions.

Key Concerns

Missing capability checks on AJAX handlers

Vulnerabilities

None known

WP Featured Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Featured Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped66 total outputs

Attack Surface

WP Featured Posts Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_save_featured_sortingwp-featured-posts.php:63

authwp_ajax_delete_featured_sortingwp-featured-posts.php:64

authwp_ajax_order_featured_sortingwp-featured-posts.php:65

WordPress Hooks 11

actionadmin_enqueue_scriptsinc\wp-featured-posts-setting.php:22

actionadmin_menuinc\wp-featured-posts-setting.php:23

actionadmin_initinc\wp-featured-posts-setting.php:24

actionadmin_enqueue_scriptswp-featured-posts.php:60

actionadmin_menuwp-featured-posts.php:61

actionpre_get_postswp-featured-posts.php:67

filterthe_postswp-featured-posts.php:68

actionafter_setup_themewp-featured-posts.php:85

filterthe_titlewp-featured-posts.php:91

actionwp_headwp-featured-posts.php:92

filterthe_postswp-featured-posts.php:641

Maintenance & Trust

WP Featured Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version7.4

Downloads4K

Community Trust

Rating86/100

Number of ratings3

Active installs300

Alternatives

WP Featured Posts Alternatives

Featured Post Creative

featured-post-creative

Display Featured post on your website with 2 shortcode and 1 widget. Also work with Gutenberg shortcode block.

1K 2 CVEs

Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft

relevant

Add related, featured, latest, and popular posts to your WordPress website. Connect your blog readers with a relevant content.

900 2 CVEs

Recent & Featured Posts Widget

recent-featured-posts-widget

Display recent posts or manually selected posts with thumbnail images. Show the excerpt directly on the page or as a dropdown.

600 No CVEs

AK Featured Post Widget

akfeatured-post-widget

A widget that you can use to display your blog posts, custom post types, or woocommerce products!

400 No CVEs

Nelio Featured Posts

nelio-featured-posts

Select the featured posts you want to show at any time and include them in your theme using a widget.

400 No CVEs

Developer Profile

WP Featured Posts Developer Profile

nutttaro

5 plugins · 5K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

203 days

View full developer profile

Detection Fingerprints

How We Detect WP Featured Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-featured-posts/assets/css/style.min.css/wp-content/plugins/wp-featured-posts/assets/js/main.min.js

Script Paths

/wp-content/plugins/wp-featured-posts/assets/js/main.min.js

Version Parameters

wp-featured-posts/assets/css/style.min.css?ver=wp-featured-posts/assets/js/main.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpfp-delete-featured-sortingwpfp-featured-post-itemwpfp-save-featured-sortingwpfp-delete-btnwpfp-reorder-btn

HTML Comments

Data Attributes

data-featured-iddata-post-typedata-post-id

JS Globals

wtfp_admin_global

FAQ