WP Over Network Security & Risk Analysis
wordpress.org/plugins/wp-over-networkAdd ability to get posts from over your network sites. Supports widget, shortcode, and customizable original function.
Is WP Over Network Safe to Use in 2026?
Generally Safe
Score 85/100WP Over Network has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-over-network" plugin v0.4.4 presents a generally good security posture based on the provided static analysis. The absence of direct SQL injection risks due to 100% prepared statement usage and the lack of file operations or external HTTP requests are significant strengths. Furthermore, the plugin has no recorded vulnerability history, which suggests a level of diligence in its development and maintenance.
However, there are notable areas for improvement. The plugin exhibits a concerning lack of security checks in its entry points. With 3 shortcodes acting as potential entry points, the complete absence of nonce checks and capability checks is a significant weakness. While the attack surface of AJAX and REST API routes is currently zero, this can change with future updates, and the lack of fundamental checks on existing shortcodes sets a poor precedent. Additionally, a substantial 49% of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is rendered directly without sanitization.
In conclusion, while the plugin benefits from secure SQL practices and a clean vulnerability history, the lack of authentication and authorization checks on its shortcodes, coupled with the high percentage of unescaped output, presents a tangible risk. Addressing these specific weaknesses should be a priority to improve the plugin's overall security.
Key Concerns
- Missing nonce checks on shortcodes
- Missing capability checks on shortcodes
- Unescaped output (49% of total)
WP Over Network Security Vulnerabilities
WP Over Network Code Analysis
SQL Query Safety
Output Escaping
WP Over Network Attack Surface
Shortcodes 3
WordPress Hooks 5
Maintenance & Trust
WP Over Network Maintenance & Trust
Maintenance Signals
Community Trust
WP Over Network Alternatives
Multisite Directory
multisite-directory
Add a browseable, flexible directory of the sites in a WP Multisite network. Each subsite gets its own page.
Multisite Post Cloner
multisite-post-cloner
Multisite Post Cloner allows you to clone posts and pages across sites in your WordPress multisite network.
Toggle Admin Bar Menu
toggle-admin-bar-menu
Replaces the WordPress admin bar menu with a compact menu icon. Clicking the icon toggles the visibility of the full admin bar.
Multisite Network Repost
multisite-network-repost
Repost your stories to selected sites in the multisite network, preserving attachments, custom fields, categories, tags etc.
Unconfirmed
unconfirmed
Allows WordPress admins to manage unactivated users, by activating them manually, deleting their pending registrations, or resending the activation em …
WP Over Network Developer Profile
1 plugin · 90 total installs
How We Detect WP Over Network
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-over-network/css/wp_over_network.css/wp-content/plugins/wp-over-network/js/wp_over_network.js/wp-content/plugins/wp-over-network/js/wp_over_network.jswp-over-network/css/wp_over_network.css?ver=wp-over-network/js/wp_over_network.js?ver=HTML / DOM Fingerprints
wponw[wponw_recent_post_list][wponw_post_list][wponw_reset_query]