WP Multi Author Security & Risk Analysis
wordpress.org/plugins/wp-multi-authorOne post, multiple contributors!
Is WP Multi Author Safe to Use in 2026?
Generally Safe
Score 85/100WP Multi Author has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-multi-author" v1.0.1 plugin exhibits a generally good security posture, with no known vulnerabilities or critical static analysis findings. The plugin effectively utilizes nonce checks and capability checks for its single AJAX handler, and there are no obvious attack vectors through REST API, shortcodes, or cron events. The code also demonstrates a reasonable approach to output escaping, with a high percentage of outputs being properly sanitized. This suggests developers have prioritized core security practices.
However, a notable area for improvement lies in the handling of SQL queries. While the plugin uses prepared statements for half of its queries, the remaining 50% are not explicitly detailed. This presents a potential risk if these non-prepared queries are susceptible to SQL injection, especially if they involve user-supplied data. The absence of taint analysis results is also worth noting, though this could simply mean no exploitable flows were detected by the tools used, rather than a complete absence of potential issues. The use of an older version of Select2 (v3.5.2) is a minor concern, as outdated libraries can sometimes harbor their own security vulnerabilities.
Overall, "wp-multi-author" v1.0.1 is a relatively secure plugin with a clean vulnerability history. The primary area of concern is the potential for unaddressed SQL injection risks in non-prepared queries and the use of an outdated bundled library. Addressing these would significantly strengthen its security profile.
Key Concerns
- SQL queries not using prepared statements
- Bundled outdated library (Select2 v3.5.2)
WP Multi Author Security Vulnerabilities
WP Multi Author Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
WP Multi Author Attack Surface
AJAX Handlers 1
WordPress Hooks 7
Maintenance & Trust
WP Multi Author Maintenance & Trust
Maintenance Signals
Community Trust
WP Multi Author Alternatives
Wpi Multiple Contributors
wpi-multiple-contributors
This plugin facilitates in assigning and displaying more than one author on a post.
Coopso Contributors
coopso-contributors
WordPress contributors plugin. The user(admin, author, and editor) can select the multiple users who contribute to the post and at the front end after …
Post CoAuthors
pcauthors
Assign multiple contributors to posts and display them on the frontend. Lightweight and admin-friendly.
WP Meta and Date Remover
wp-meta-and-date-remover
Remove meta author and date information from posts and pages. Hide from Humans and Search engines.SEO friendly and most advance plugin.
Co-Authors Plus
co-authors-plus
Assign multiple bylines to posts, pages, and custom post types with a search-as-you-type input box.
WP Multi Author Developer Profile
1 plugin · 90 total installs
How We Detect WP Multi Author
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-multi-author/assets/css/backend.css/wp-content/plugins/wp-multi-author/assets/js/backend.js/wp-content/plugins/wp-multi-author/assets/css/frontend.css/wp-content/plugins/wp-multi-author/assets/js/backend.jswp-multi-author/assets/css/backend.css?ver=wp-multi-author/assets/js/backend.js?ver=wp-multi-author/assets/css/frontend.css?ver=HTML / DOM Fingerprints
wpmat-select2wpmat-contributors-wrapper<!-- Required CSS and JS --><!-- Security pass 1 - Nonce verification. --><!-- Security pass 2 - Check if current user is allowed to manage contributors or not. --><!-- Security pass 3 - Validate contributors ID. -->+3 moredata-placeholderdata-actiondata-multipledata-allow_cleardata-selectedwpmatBackend/wp-json/wp-multi-author/v1/get_contributors_list