Does WP Latest Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Latest Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Latest Posts compatible with WordPress 6.8.5?

According to WordPress.org data, WP Latest Posts 5.0.11 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Latest Posts compatible with PHP 5.6+?

WP Latest Posts requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Latest Posts updated?

WP Latest Posts was last updated on Jul 28, 2025. Frequent updates are generally a positive security signal.

What is WP Latest Posts's security score?

WP Latest Posts has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Latest Posts Security & Risk Analysis

wordpress.org/plugins/wp-latest-posts

Load your content from posts, page, tags or custom post type and display it anywhere in WordPress including in Gutenberg editor

10K active installs v5.0.11 PHP 5.6+ WP 4.7+ Updated Jul 28, 2025

latest-postnews-widgetpostsrecent-post-widgetrecent-posts

A · Safe

CVEs total2

Unpatched0

Last CVEMay 7, 2024

Plugin page Download

Safety Verdict

Is WP Latest Posts Safe to Use in 2026?

Generally Safe

Score 99/100

WP Latest Posts has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2024Updated 8mo ago

Risk Assessment

The wp-latest-posts plugin, version 5.0.11, exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, a high percentage of properly escaped output, and a substantial number of nonce and capability checks. The plugin also has no bundled libraries, which can reduce the attack surface associated with outdated dependencies. However, there are significant areas of concern. The presence of 3 AJAX handlers without authentication checks presents a notable attack vector, as does the use of the dangerous 'exec' function, even if its usage context isn't detailed. The single taint flow with an unsanitized path is also a red flag, indicating a potential for input manipulation vulnerabilities, although it's not categorized as critical or high. The plugin's vulnerability history shows a pattern of medium severity issues related to code injection and cross-site scripting, with the most recent occurring in May 2024. While there are no currently unpatched vulnerabilities, this history suggests a recurring need for careful code review and patching. Overall, the plugin has strengths in its data handling but weaknesses in input validation for its AJAX endpoints and the inclusion of potentially dangerous functions.

Key Concerns

AJAX handlers without authentication checks
Presence of dangerous 'exec' function
Taint flow with unsanitized paths
Medium severity vulnerabilities in history

Vulnerabilities

WP Latest Posts Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-4135medium · 5.4Improper Control of Generation of Code ('Code Injection')

WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

May 7, 2024 Patched in 5.0.8 (1d)

CVE-2016-10913medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Latest Posts <= 3.7.4 - Reflected Cross-Site Scripting

Aug 15, 2015 Patched in 3.7.5 (3083d)

Code Analysis

Analyzed Mar 16, 2026

WP Latest Posts Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

494 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$gs = exec($command);jufeedback\ju-check-debug-data.php:557

SQL Query Safety

100% prepared23 total queries

Output Escaping

89% escaped556 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

<configuration> (inc\admin\views\configuration.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WP Latest Posts Attack Surface

Entry Points12

Unprotected3

AJAX Handlers 9

authwp_ajax_wplp_load_htmlinc\wplp-admin.inc.php:250

authwp_ajax_wplp_get_list_blockinc\wplp-admin.inc.php:251

authwp_ajax_change_cat_multisiteinc\wplp-admin.inc.php:284

authwp_ajax_change_source_type_by_languageinc\wplp-admin.inc.php:286

authwp_ajax_wplp_delete_blocksinc\wplp-admin.inc.php:290

authwp_ajax_wplp_duplicate_blockinc\wplp-admin.inc.php:291

authwp_ajax_wplp_set_close_notificationinc\wplp-admin.inc.php:292

authwp_ajax_wplp_get_count_postsinc\wplp-admin.inc.php:293

authwp_ajax_wplp_dismiss_notice_for_weekwp-latest-posts.php:200

Shortcodes 3

[wplp_fusion] inc\builder\avada\wplp-avada.php:17

[vc_wplp] inc\builder\bakery\wplp-bakery.php:71

[frontpage_news] inc\wplp-admin.inc.php:249

WordPress Hooks 68

actionfusion_builder_before_initinc\builder\avada\wplp-avada.php:118

actiondivi_extensions_initinc\builder\divi\wplp-divi.php:94

filterwplp_get_posts_by_languageinc\compatibility\class.language_content_wpml.php:17

filterwplp_get_category_by_languageinc\compatibility\class.language_content_wpml.php:18

filterwplp_get_pages_by_languageinc\compatibility\class.language_content_wpml.php:19

filterwplp_get_tags_by_languageinc\compatibility\class.language_content_wpml.php:20

filterwplp_get_custom_taxonomy_by_languageinc\compatibility\class.language_content_wpml.php:21

filterwplp_category_list_by_languageinc\compatibility\class.language_content_wpml.php:22

filterwplp_get_term_link_by_languageinc\compatibility\class.language_content_wpml.php:23

actionadmin_initinc\install.php:21

actionadmin_initinc\install.php:22

actionwidgets_initinc\wplp-admin.inc.php:235

actioninitinc\wplp-admin.inc.php:245

actionadmin_menuinc\wplp-admin.inc.php:256

actionload-toplevel_page_wplp-widgetinc\wplp-admin.inc.php:257

actionadmin_enqueue_scriptsinc\wplp-admin.inc.php:259

actionenqueue_block_editor_assetsinc\wplp-admin.inc.php:260

actionwp_print_scriptsinc\wplp-admin.inc.php:262

actionot_admin_styles_afterinc\wplp-admin.inc.php:264

actionadmin_initinc\wplp-admin.inc.php:270

actionin_admin_footerinc\wplp-admin.inc.php:271

actionmedia_buttonsinc\wplp-admin.inc.php:277

filterplugin_row_metainc\wplp-admin.inc.php:281

actionadmin_print_scriptsinc\wplp-admin.inc.php:296

actionsave_postinc\wplp-admin.inc.php:312

actionwp_headinc\wplp-admin.inc.php:315

actionwp_headinc\wplp-admin.inc.php:317

actionwp_print_stylesinc\wplp-admin.inc.php:322

actionthe_postsinc\wplp-admin.inc.php:327

filtercron_schedulesinc\wplp-admin.inc.php:329

actionwplp_update_post_viewsinc\wplp-admin.inc.php:336

filtermce_buttonsinc\wplp-admin.inc.php:2114

filtermce_external_pluginsinc\wplp-admin.inc.php:2115

filtermce_cssinc\wplp-admin.inc.php:2116

actionadmin_footerinc\wplp-admin.inc.php:2201

actionwp_print_stylesinc\wplp-admin.inc.php:2454

actionwp_headinc\wplp-admin.inc.php:2455

actionwp_print_scriptsinc\wplp-admin.inc.php:2456

actionadmin_initinc\wplp-category-image.php:13

actionedit_terminc\wplp-category-image.php:15

actioncreate_terminc\wplp-category-image.php:16

actionquick_edit_custom_boxinc\wplp-category-image.php:19

actioninitinc\wplp-widget.inc.php:31

actionwp_print_stylesinc\wplp-widget.inc.php:49

actionwp_headinc\wplp-widget.inc.php:50

actionwp_print_scriptsinc\wplp-widget.inc.php:51

actioncurrent_screenjufeedback\jufeedback.php:112

actionadmin_initjufeedback\jufeedback.php:114

actionadmin_noticesjufeedback\jufeedback.php:124

actionadmin_footerjufeedback\jufeedback.php:230

actionload_textdomainjutranslation\jutranslation.php:70

actionadmin_initjutranslation\jutranslation.php:89

actionadmin_noticesrequirements.php:436

actionadmin_noticesrequirements.php:439

actionadmin_noticesrequirements.php:442

actionadmin_initrequirements.php:445

actionadmin_initwp-latest-posts.php:118

actionadmin_noticeswp-latest-posts.php:119

actionadmin_noticeswp-latest-posts.php:198

actionadmin_initwp-latest-posts.php:227

actionelementor/editor/after_enqueue_styleswp-latest-posts.php:291

actionelementor/widgets/widgets_registeredwp-latest-posts.php:303

actionelementor/controls/registerwp-latest-posts.php:317

actionvc_before_initwp-latest-posts.php:322

actionvc_backend_editor_enqueue_js_csswp-latest-posts.php:359

actionvc_frontend_editor_enqueue_js_csswp-latest-posts.php:362

actionadmin_enqueue_scriptswp-latest-posts.php:394

actioninitwp-latest-posts.php:398

Scheduled Events 1

wplp_update_post_views

Maintenance & Trust

WP Latest Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 28, 2025

PHP min version5.6

Downloads579K

Community Trust

Rating84/100

Number of ratings87

Active installs10K

Alternatives

WP Latest Posts Alternatives

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts

post-carousel

Display posts, pages, and taxonomies in beautiful carousel, slider, and grid layouts with advanced filtering. Customizable, Developer-friendly.

20K 4 CVEs

PE Recent Posts

pe-recent-posts

The simple plugin that allows you to display image slides with title, description and read more linked to posts from selected category.

2K No CVEs

Enhanced Recent Posts

enhanced-recent-posts

Enhance the built-in "Recent Posts" widget.

400 No CVEs

Latest Posts Widget

latest-posts-widget

Adds a widget that shows the most recent posts of your site with excerpt, featured image, date by sorting & ordering feature

300 No CVEs

WP Latest Posts Developer Profile

JoomUnited

3 plugins · 27K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

434 days

View full developer profile

Detection Fingerprints

How We Detect WP Latest Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-latest-posts/css/divi-widgets.css/wp-content/plugins/wp-latest-posts/js/imagesloaded.pkgd.min.js/wp-content/plugins/wp-latest-posts/themes/default/style.css/wp-content/plugins/wp-latest-posts/js/flexslider.min.js/wp-content/plugins/wp-latest-posts/js/swiper-bundle.min.js/wp-content/plugins/wp-latest-posts/js/wplp_front.js

Script Paths

wp-content/plugins/wp-latest-posts/js/imagesloaded.pkgd.min.jswp-content/plugins/wp-latest-posts/js/flexslider.min.jswp-content/plugins/wp-latest-posts/js/swiper-bundle.min.jswp-content/plugins/wp-latest-posts/js/wplp_front.js

Version Parameters

wp-latest-posts/css/divi-widgets.css?ver=wp-latest-posts/js/imagesloaded.pkgd.min.js?ver=wp-latest-posts/themes/default/style.css?ver=wp-latest-posts/js/flexslider.min.js?ver=wp-latest-posts/js/swiper-bundle.min.js?ver=wp-latest-posts/js/wplp_front.js?ver=

HTML / DOM Fingerprints

CSS Classes

wplp-sliderwplp-flex-sliderwplp-isotope-containerwplp-category-iconwplp-post-thumbnailwplp-post-titlewplp-post-datewplp-post-author+3 more

Data Attributes

data-wplp-slider-iddata-wplp-options

JS Globals

wplp_params

Shortcode Output

[wp_latest_posts]

FAQ