WP-Safety

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Security & Risk Analysis

wordpress.org/plugins/wp-post-author

WP Post Author is the ultimate solution for an Author Box, Multiple Authors, Guest Authors, and Local Avatars. Easily manage Author Bios, Co-authors, …

10K active installs v3.9.0 PHP + WP 3.0+ Updated Apr 1, 2026
author-bioauthor-boxcustom-avatarsguest-authorlocal-avatars
92
A · Safe
CVEs total6
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Safe to Use in 2026?

Generally Safe

Score 92/100

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: Dec 30, 2024Updated 1mo ago
Risk Assessment

The "wp-post-author" plugin v3.8.7 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped output, significant concerns remain regarding its attack surface and past vulnerability history. The presence of three AJAX handlers without authentication checks represents a notable risk, as these could be exploited by unauthenticated users to perform unintended actions. Although the static analysis did not reveal any critical taint flows, the plugin's history of six known CVEs, including one critical and one high severity vulnerability, is a significant red flag. The common vulnerability types (SQL Injection, XSS, Missing Authorization, Privilege Management) indicate recurring weaknesses in input sanitization, authorization checks, and privilege handling. This history, combined with the unprotected AJAX endpoints, suggests a pattern of potential security oversights that require careful attention.

Key Concerns

  • Unprotected AJAX handlers found
  • High number of past CVEs (6 total)
  • Past critical severity CVE found
  • Past high severity CVE found
  • Bundled library (Freemius) outdated (v1.0)
Vulnerabilities
6 published

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
5 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
4

6 total CVEs

CVE-2024-56247medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Post Author <= 3.8.2 - Authenticated (Administrator+) SQL Injection

Dec 30, 2024 Patched in 3.8.3 (10d)
CVE-2024-8757high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection

Oct 11, 2024 Patched in 3.8.2 (1d)
CVE-2024-37101medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Post Author <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 20, 2024 Patched in 3.6.8 (7d)
CVE-2024-34387medium · 4.3Missing Authorization

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation

May 6, 2024 Patched in 3.6.5 (23d)
CVE-2024-34389medium · 4.3Missing Authorization

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.7.4 - Missing Authorization

May 6, 2024 Patched in 3.7.5 (114d)
WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-authorcritical · 9.8Improper Privilege Management

WP Post Author <= 3.2.3 - Privilege Escalation

Jun 28, 2023 Patched in 3.3.0 (209d)
Version History

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Release Timeline

v3.8.02 CVEs
CVE-2024-56247 CVE-2024-8757
v3.7.43 CVEs
CVE-2024-56247 CVE-2024-8757 CVE-2024-34389
v3.7.23 CVEs
CVE-2024-56247 CVE-2024-8757 CVE-2024-34389
v3.6.05 CVEs
CVE-2024-37101 CVE-2024-34387 CVE-2024-56247 +2 more
v3.5.55 CVEs
CVE-2024-37101 CVE-2024-34387 CVE-2024-56247 +2 more
v3.5.35 CVEs
CVE-2024-37101 CVE-2024-34387 CVE-2024-56247 +2 more
v3.5.25 CVEs
CVE-2024-37101 CVE-2024-34387 CVE-2024-56247 +2 more
v3.4.15 CVEs
CVE-2024-37101 CVE-2024-34387 CVE-2024-56247 +2 more
v3.3.05 CVEs
CVE-2024-37101 CVE-2024-34387 CVE-2024-56247 +2 more
v2.7.46 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v2.7.36 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v2.0.36 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v2.0.26 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v2.0.16 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v2.0.06 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v1.0.86 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v1.0.76 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v1.0.66 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v1.0.56 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
v1.0.46 CVEs
CVE-2024-37101 WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-author CVE-2024-34387 +3 more
Code Analysis
Analyzed Mar 16, 2026

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
48 prepared
Unescaped Output
45
391 escaped
Nonce Checks
8
Capability Checks
16
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

89% prepared54 total queries

Output Escaping

90% escaped436 total outputs
Attack Surface
3 unprotected

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Attack Surface

Entry Points7
Unprotected3

AJAX Handlers 3

authwp_ajax_awpa_pro_api_post_rating_reviewincludes\core.php:40
authwp_ajax_awpa_pro_api_post_rating_review_user_listincludes\core.php:41
noprivwp_ajax_awpa_pro_api_post_rating_review_user_listincludes\core.php:42

Shortcodes 4

[wp-post-author] includes\awpa-shortcodes.php:112
[awpa-registration-form] includes\awpa-shortcodes.php:137
[awpa-user-login] includes\awpa-user-login.php:267
[awpa-rating-review] includes\rating\awpa-rating.php:34
WordPress Hooks 49
actioninitaft-wp-post-author.php:75
actionawpa_call_seeder_functionaft-wp-post-author.php:76
actionplugins_loadedaft-wp-post-author.php:118
actionadmin_menuincludes\admin\awpa-form-menu.php:59
actionadmin_enqueue_scriptsincludes\admin\awpa-form-meta.php:34
actionadd_meta_boxesincludes\admin\awpa-form-meta.php:81
actionsave_postincludes\admin\awpa-form-meta.php:149
actioninitincludes\admin\awpa-form-register.php:60
actionadmin_noticesincludes\admin\notice-upgrade.php:39
filterawpa_upgrade_notice_dismissincludes\admin\notice-upgrade.php:160
filterawpa_upgrade_notice_dismissincludes\admin\notice-upgrade.php:162
actioninitincludes\api-request\free\rating\class-ratings.php:11
actionwidgets_initincludes\awpa-backend.php:45
actionadmin_menuincludes\awpa-backend.php:47
actionadmin_enqueue_scriptsincludes\awpa-backend.php:51
filterplugin_row_metaincludes\awpa-backend.php:53
actionwp_enqueue_scriptsincludes\awpa-frontend.php:35
filterthe_contentincludes\awpa-functions.php:365
filteradmin_body_classincludes\awpa-functions.php:467
filteruser_contactmethodsincludes\awpa-user-fields.php:33
actioninitincludes\awpa-user-login.php:50
actionlogin_form_bottomincludes\awpa-user-login.php:328
actionrest_api_initincludes\core.php:39
actionadmin_initincludes\database\create-db.php:3
actionadmin_initincludes\database\create-db.php:36
actionwp_headincludes\fonts.php:13
actioninitincludes\init.php:29
actionenqueue_block_editor_assetsincludes\init.php:97
filtermanage_posts_columnsincludes\multi-authors\wpa-multi-authors.php:13
actionmanage_posts_custom_columnincludes\multi-authors\wpa-multi-authors.php:14
actionadd_meta_boxesincludes\multi-authors\wpa-multi-authors.php:15
actionsave_postincludes\multi-authors\wpa-multi-authors.php:16
actionadmin_enqueue_scriptsincludes\multi-authors\wpa-multi-authors.php:17
filteruser_has_capincludes\multi-authors\wpa-multi-authors.php:18
filterposts_whereincludes\multi-authors\wpa-multi-authors.php:21
filterposts_joinincludes\multi-authors\wpa-multi-authors.php:22
filterposts_distinctincludes\multi-authors\wpa-multi-authors.php:23
actionsave_postincludes\multi-authors\wpa-multi-authors.php:134
filterthe_postsincludes\multi-authors\wpa-multi-authors.php:454
actionadd_meta_boxesincludes\rating\awpa-rating.php:26
actionadmin_enqueue_scriptsincludes\rating\awpa-rating.php:27
actionsave_postincludes\rating\awpa-rating.php:28
filterthe_contentincludes\rating\awpa-rating.php:29
actionwp_enqueue_scriptsincludes\rating\awpa-rating.php:37
actiontheme_setupincludes\themes\multi-authors-list.php:13
filterthe_titleincludes\top-rated-post.php:82
filterpre_wp_nav_menuincludes\top-rated-post.php:95
filterthe_titleincludes\top-rated-post.php:101
filterwp_nav_menu_itemsincludes\top-rated-post.php:107
Maintenance & Trust

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 1, 2026
PHP min version
Downloads1.0M

Community Trust

Rating88/100
Number of ratings20
Active installs10K
Alternatives

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Alternatives

Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

molongui-authorship

A
99

All-in-One Authorship Solution: Seamless Author Box, Guest Authors, and Co-Authors to enhance your site's authority, credibility, engagement, and SEO.

10K 6 CVEs
Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

authorsy

A
98

Authorsy is a powerful WordPress author box plugin. Add customizable author profiles, multiple authors, guest authors, bios, social links, and post ra &hellip;

1K 2 CVEs
Smart Author Box Widget

Smart Author Box Widget

smart-author-box-widget

A
92

Smart Author Box Widget displays author bio box with an image, description, and social links—perfect for multi-author blogs and personal sites.

70 No CVEs
Meta Author Box

Meta Author Box

meta-author-box

A
92

Add a responsive custom author box. Great author box for any site!

0 No CVEs
Developer Profile

WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Developer Profile

AF themes

64 plugins · 95K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
160 days
View full developer profile
Detection Fingerprints

How We Detect WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-post-author/assets/css/awpa-backend-style.css/wp-content/plugins/wp-post-author/assets/dist/blocks.build.js
Script Paths
/wp-content/plugins/wp-post-author/assets/dist/blocks.build.js
Version Parameters
wp-post-author/assets/css/awpa-backend-style.css?ver=wp-post-author/assets/dist/blocks.build.js?ver=

HTML / DOM Fingerprints

CSS Classes
awpa-form-builder-container
Data Attributes
data-srcUrldata-rest_urldata-imgdata-pluginDirdata-all_pages
JS Globals
wpauthor_globals
FAQ

Frequently Asked Questions about WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars