Does WP More Feeds have any unpatched vulnerabilities?

No. All known vulnerabilities in WP More Feeds have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP More Feeds compatible with WordPress 2.6.3?

According to WordPress.org data, WP More Feeds 0.17 has been tested up to WordPress 2.6.3. Check the plugin's changelog for the latest compatibility information.

How often is WP More Feeds updated?

WP More Feeds was last updated on Oct 30, 2008. Frequent updates are generally a positive security signal.

What is WP More Feeds's security score?

WP More Feeds has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP More Feeds Security & Risk Analysis

wordpress.org/plugins/wp-more-feeds

Generate RSS feeds for category and tag archive pages.

10 active installs v0.17 PHP + WP 2.5+ Updated Oct 30, 2008

atomcategoriesfeedrsstags

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP More Feeds Safe to Use in 2026?

Generally Safe

Score 85/100

WP More Feeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The wp-more-feeds plugin v0.17 exhibits a mixed security posture. The absence of known CVEs and the use of prepared statements for all SQL queries are strong positive indicators. The plugin also has a very small attack surface, with no discoverable AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. However, the static analysis reveals significant concerns regarding output escaping, with only 27% of outputs being properly escaped. Furthermore, the taint analysis shows two flows with unsanitized paths, although thankfully these did not reach a critical or high severity level. The lack of any recorded vulnerabilities in its history could suggest either a well-developed plugin or a lack of thorough security auditing, which is not ideal. Overall, while the plugin avoids common pitfalls like raw SQL and large attack surfaces, the unescaped output and potential for unsanitized path flows present a notable risk that requires attention.

Key Concerns

Unsanitized path taint flows detected
Low percentage of properly escaped output
No capability checks found
No nonce checks found

Vulnerabilities

None known

WP More Feeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP More Feeds Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

27% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wp_more_feeds_options_subpanel (more-feeds.php:59)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP More Feeds Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwp_headmore-feeds.php:22

actionadmin_menumore-feeds.php:23

Maintenance & Trust

WP More Feeds Maintenance & Trust

Maintenance Signals

WordPress version tested2.6.3

Last updatedOct 30, 2008

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP More Feeds Alternatives

Disable Feeds

disable-feeds

Disables all RSS/Atom/RDF feeds on your WordPress site.

30K No CVEs

Disable Feeds WP

disable-feeds-wp

100

Disables all RSS/Atom/RDF feeds on your WordPress site.

10K No CVEs

FeedWordPress

feedwordpress

FeedWordPress syndicates content from feeds you choose into your WordPress weblog.

10K 5 CVEs

Advanced Category Excluder

advanced-category-excluder

The No.1 content separator, content manager, content excluder, sidebar widget manager plugin to enable CMS like functionality.

700 No CVEs

RSS Just Better

rss-just-better

Displays a list of RSS/Atom feed items given the feed URL and other parameters (optionals). Highly customizable.

400 No CVEs

Developer Profile

WP More Feeds Developer Profile

AndrewZhang

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP More Feeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

FAQ