Does WP My Favourites have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP My Favourites compatible with WordPress 4.8.28?

According to WordPress.org data, WP My Favourites 1.1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is WP My Favourites updated?

WP My Favourites was last updated on Sep 25, 2017. Frequent updates are generally a positive security signal.

What is WP My Favourites's security score?

WP My Favourites has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP My Favourites Security & Risk Analysis

wordpress.org/plugins/wp-my-favourites

Choose your favourite posts, pages, comments, media and reorder them to display anywhere on your website.

0 active installs v1.1.0 PHP + WP 3.0.1+ Updated Sep 25, 2017

commentsfavouritesmediapoststheme-development

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP My Favourites Safe to Use in 2026?

Generally Safe

Score 85/100

WP My Favourites has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "wp-my-favourites" v1.1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates a commitment to secure database practices by using prepared statements for all SQL queries and has no recorded vulnerabilities or CVEs. This suggests a generally well-maintained codebase in terms of these aspects. However, significant concerns arise from its attack surface. The plugin exposes 13 AJAX handlers without any authentication or capability checks, creating a large entry point for potential attacks. Furthermore, a critical finding is that 100% of its 26 output operations are not properly escaped. This, combined with the taint analysis revealing 2 flows with unsanitized paths, strongly indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities that could be exploited through the unprotected AJAX endpoints.

Key Concerns

13 AJAX handlers without auth checks
0% output escaping
2 flows with unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

WP My Favourites Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP My Favourites Release Timeline

v1.1.0Current

Code Analysis

Analyzed Mar 17, 2026

WP My Favourites Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

Output Escaping

0% escaped26 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wp_myfavourites_reorder_favourites (includes\class-wp-myfavourites-ajax.php:768)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

WP My Favourites Attack Surface

Entry Points16

Unprotected13

AJAX Handlers 13

authwp_ajax_get_postsincludes\class-wp-myfavourites.php:177

authwp_ajax_mark_favourite_postincludes\class-wp-myfavourites.php:178

authwp_ajax_get_favourite_postsincludes\class-wp-myfavourites.php:179

authwp_ajax_get_commentsincludes\class-wp-myfavourites.php:181

authwp_ajax_mark_favourite_commentincludes\class-wp-myfavourites.php:182

authwp_ajax_get_favourite_commentsincludes\class-wp-myfavourites.php:183

authwp_ajax_get_mediaincludes\class-wp-myfavourites.php:185

authwp_ajax_mark_favourite_mediaincludes\class-wp-myfavourites.php:186

authwp_ajax_get_favourite_mediaincludes\class-wp-myfavourites.php:187

authwp_ajax_reorder_favouritesincludes\class-wp-myfavourites.php:189

authwp_ajax_save_posts_settingsincludes\class-wp-myfavourites.php:193

authwp_ajax_save_comments_settingsincludes\class-wp-myfavourites.php:194

authwp_ajax_save_media_settingsincludes\class-wp-myfavourites.php:195

Shortcodes 3

[show-favourite-posts] includes\class-wp-myfavourites.php:214

[show-favourite-comments] includes\class-wp-myfavourites.php:215

[show-favourite-media] includes\class-wp-myfavourites.php:216

WordPress Hooks 9

actionplugins_loadedincludes\class-wp-myfavourites.php:151

actionadmin_enqueue_scriptsincludes\class-wp-myfavourites.php:166

actionadmin_enqueue_scriptsincludes\class-wp-myfavourites.php:167

actionadmin_menuincludes\class-wp-myfavourites.php:168

actiontransition_post_statusincludes\class-wp-myfavourites.php:170

actiontransition_comment_statusincludes\class-wp-myfavourites.php:171

actiondelete_attachmentincludes\class-wp-myfavourites.php:172

actionwp_enqueue_scriptsincludes\class-wp-myfavourites.php:210

actionwp_enqueue_scriptsincludes\class-wp-myfavourites.php:211

Maintenance & Trust

WP My Favourites Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 25, 2017

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

WP My Favourites Alternatives

Smart Bulk Delete & Content Cleaner for WordPress

smart-bulk-content-remover

100

Safely bulk delete posts, pages, media, and comments with flexible filters and a clean interface.

80 No CVEs

Moving Contents

moving-contents

100

Supports the transfer of Contents between servers.

70 No CVEs

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

Bulk Datetime Change

bulk-datetime-change

100

Bulk change date/time for posts.

7K 1 CVE

No External Links

mihdan-no-external-links

Convert external links into internal links, site wide or post/page specific. Add NoFollow, Click logging, and more...

7K 2 CVEs

Developer Profile

WP My Favourites Developer Profile

Neelkanth Kaushik

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP My Favourites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-my-favourites/css/wp-myfavourites-admin.css/wp-content/plugins/wp-my-favourites/css/dataTables.bootstrap.min.css/wp-content/plugins/wp-my-favourites/css/rowReorder.dataTables.min.css/wp-content/plugins/wp-my-favourites/css/jqueryui/jquery-ui.min.css/wp-content/plugins/wp-my-favourites/js/wp-myfavourites-admin.js/wp-content/plugins/wp-my-favourites/js/dataTables.bootstrap.min.js/wp-content/plugins/wp-my-favourites/js/dataTables.min.js/wp-content/plugins/wp-my-favourites/js/jquery.dataTables.min.js+3 more

Script Paths

js/wp-myfavourites-admin.jsjs/dataTables.bootstrap.min.jsjs/dataTables.min.jsjs/jquery.dataTables.min.jsjs/jquery.validate.jsjs/jquery-ui.min.js+1 more

Version Parameters

/wp-content/plugins/wp-my-favourites/css/wp-myfavourites-admin.css?ver=/wp-content/plugins/wp-my-favourites/css/dataTables.bootstrap.min.css?ver=/wp-content/plugins/wp-my-favourites/css/rowReorder.dataTables.min.css?ver=/wp-content/plugins/wp-my-favourites/css/jqueryui/jquery-ui.min.css?ver=/wp-content/plugins/wp-my-favourites/js/wp-myfavourites-admin.js?ver=/wp-content/plugins/wp-my-favourites/js/dataTables.bootstrap.min.js?ver=/wp-content/plugins/wp-my-favourites/js/dataTables.min.js?ver=/wp-content/plugins/wp-my-favourites/js/jquery.dataTables.min.js?ver=/wp-content/plugins/wp-my-favourites/js/jquery.validate.js?ver=/wp-content/plugins/wp-my-favourites/js/jquery-ui.min.js?ver=/wp-content/plugins/wp-my-favourites/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-my-favouriteswp-myfavourites-admin-wrap

Data Attributes

data-wpmf-post-typedata-wpmf-post-id

JS Globals

wp_my_favourites_ajax_object

FAQ