WP-Safety

WP Post Author – Author Box, Co-Authors & Guest Authors Security & Risk Analysis

wordpress.org/plugins/wp-post-author

WP Post Author provides a complete solution for displaying author information, managing multiple authors, collecting post ratings, and creating user r …

10K active installs v3.8.7 PHP + WP 3.0+ Updated Feb 24, 2026
author-bioauthor-boxauthor-profileauthor-social-iconsguest-author
92
A · Safe
CVEs total6
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is WP Post Author – Author Box, Co-Authors & Guest Authors Safe to Use in 2026?

Generally Safe

Score 92/100

WP Post Author – Author Box, Co-Authors & Guest Authors has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Dec 30, 2024Updated 1mo ago
Risk Assessment

The "wp-post-author" plugin v3.8.7 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped output, significant concerns remain regarding its attack surface and past vulnerability history. The presence of three AJAX handlers without authentication checks represents a notable risk, as these could be exploited by unauthenticated users to perform unintended actions. Although the static analysis did not reveal any critical taint flows, the plugin's history of six known CVEs, including one critical and one high severity vulnerability, is a significant red flag. The common vulnerability types (SQL Injection, XSS, Missing Authorization, Privilege Management) indicate recurring weaknesses in input sanitization, authorization checks, and privilege handling. This history, combined with the unprotected AJAX endpoints, suggests a pattern of potential security oversights that require careful attention.

Key Concerns

  • Unprotected AJAX handlers found
  • High number of past CVEs (6 total)
  • Past critical severity CVE found
  • Past high severity CVE found
  • Bundled library (Freemius) outdated (v1.0)
Vulnerabilities
6

WP Post Author – Author Box, Co-Authors & Guest Authors Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
5 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
4

6 total CVEs

CVE-2024-56247medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Post Author <= 3.8.2 - Authenticated (Administrator+) SQL Injection

Dec 30, 2024 Patched in 3.8.3 (10d)
CVE-2024-8757high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection

Oct 11, 2024 Patched in 3.8.2 (1d)
CVE-2024-37101medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Post Author <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 20, 2024 Patched in 3.6.8 (7d)
CVE-2024-34387medium · 4.3Missing Authorization

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation

May 6, 2024 Patched in 3.6.5 (23d)
CVE-2024-34389medium · 4.3Missing Authorization

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.7.4 - Missing Authorization

May 6, 2024 Patched in 3.7.5 (114d)
WF-155e3de1-e115-4683-bb4d-a0c5667dc3d3-wp-post-authorcritical · 9.8Improper Privilege Management

WP Post Author <= 3.2.3 - Privilege Escalation

Jun 28, 2023 Patched in 3.3.0 (209d)
Code Analysis
Analyzed Mar 16, 2026

WP Post Author – Author Box, Co-Authors & Guest Authors Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
48 prepared
Unescaped Output
45
391 escaped
Nonce Checks
8
Capability Checks
16
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

89% prepared54 total queries

Output Escaping

90% escaped436 total outputs
Attack Surface
3 unprotected

WP Post Author – Author Box, Co-Authors & Guest Authors Attack Surface

Entry Points7
Unprotected3

AJAX Handlers 3

authwp_ajax_awpa_pro_api_post_rating_reviewincludes\core.php:40
authwp_ajax_awpa_pro_api_post_rating_review_user_listincludes\core.php:41
noprivwp_ajax_awpa_pro_api_post_rating_review_user_listincludes\core.php:42

Shortcodes 4

[wp-post-author] includes\awpa-shortcodes.php:112
[awpa-registration-form] includes\awpa-shortcodes.php:137
[awpa-user-login] includes\awpa-user-login.php:267
[awpa-rating-review] includes\rating\awpa-rating.php:34
WordPress Hooks 49
actioninitaft-wp-post-author.php:75
actionawpa_call_seeder_functionaft-wp-post-author.php:76
actionplugins_loadedaft-wp-post-author.php:118
actionadmin_menuincludes\admin\awpa-form-menu.php:59
actionadmin_enqueue_scriptsincludes\admin\awpa-form-meta.php:34
actionadd_meta_boxesincludes\admin\awpa-form-meta.php:81
actionsave_postincludes\admin\awpa-form-meta.php:149
actioninitincludes\admin\awpa-form-register.php:60
actionadmin_noticesincludes\admin\notice-upgrade.php:39
filterawpa_upgrade_notice_dismissincludes\admin\notice-upgrade.php:160
filterawpa_upgrade_notice_dismissincludes\admin\notice-upgrade.php:162
actioninitincludes\api-request\free\rating\class-ratings.php:11
actionwidgets_initincludes\awpa-backend.php:45
actionadmin_menuincludes\awpa-backend.php:47
actionadmin_enqueue_scriptsincludes\awpa-backend.php:51
filterplugin_row_metaincludes\awpa-backend.php:53
actionwp_enqueue_scriptsincludes\awpa-frontend.php:35
filterthe_contentincludes\awpa-functions.php:365
filteradmin_body_classincludes\awpa-functions.php:467
filteruser_contactmethodsincludes\awpa-user-fields.php:33
actioninitincludes\awpa-user-login.php:50
actionlogin_form_bottomincludes\awpa-user-login.php:328
actionrest_api_initincludes\core.php:39
actionadmin_initincludes\database\create-db.php:3
actionadmin_initincludes\database\create-db.php:36
actionwp_headincludes\fonts.php:13
actioninitincludes\init.php:29
actionenqueue_block_editor_assetsincludes\init.php:97
filtermanage_posts_columnsincludes\multi-authors\wpa-multi-authors.php:13
actionmanage_posts_custom_columnincludes\multi-authors\wpa-multi-authors.php:14
actionadd_meta_boxesincludes\multi-authors\wpa-multi-authors.php:15
actionsave_postincludes\multi-authors\wpa-multi-authors.php:16
actionadmin_enqueue_scriptsincludes\multi-authors\wpa-multi-authors.php:17
filteruser_has_capincludes\multi-authors\wpa-multi-authors.php:18
filterposts_whereincludes\multi-authors\wpa-multi-authors.php:21
filterposts_joinincludes\multi-authors\wpa-multi-authors.php:22
filterposts_distinctincludes\multi-authors\wpa-multi-authors.php:23
actionsave_postincludes\multi-authors\wpa-multi-authors.php:134
filterthe_postsincludes\multi-authors\wpa-multi-authors.php:454
actionadd_meta_boxesincludes\rating\awpa-rating.php:26
actionadmin_enqueue_scriptsincludes\rating\awpa-rating.php:27
actionsave_postincludes\rating\awpa-rating.php:28
filterthe_contentincludes\rating\awpa-rating.php:29
actionwp_enqueue_scriptsincludes\rating\awpa-rating.php:37
actiontheme_setupincludes\themes\multi-authors-list.php:13
filterthe_titleincludes\top-rated-post.php:82
filterpre_wp_nav_menuincludes\top-rated-post.php:95
filterthe_titleincludes\top-rated-post.php:101
filterwp_nav_menu_itemsincludes\top-rated-post.php:107
Maintenance & Trust

WP Post Author – Author Box, Co-Authors & Guest Authors Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version
Downloads972K

Community Trust

Rating88/100
Number of ratings20
Active installs10K
Alternatives

WP Post Author – Author Box, Co-Authors & Guest Authors Alternatives

Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Smart Author Box Widget

Smart Author Box Widget

smart-author-box-widget

A
100

Smart Author Box Widget displays author bio box with an image, description, and social links—perfect for multi-author blogs and personal sites.

70 No CVEs
Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

authorsy

A
98

Authorsy is a powerful WordPress author box plugin. Add customizable author profiles, multiple authors, guest authors, bios, social links, and post ra &hellip;

1K 2 CVEs
Cool Author Box – For Widget and Post Content

Cool Author Box – For Widget and Post Content

hm-cool-author-box-widget

A
98

Cool Author Box displays an responsive author box with social media links to your widget and post content area.

600 2 CVEs
Magic Author Box

Magic Author Box

magic-author-box

A
100

Display responsive customized author box with social icons on posts. Fully customizable templates for each author with separate UI design.

0 No CVEs
Developer Profile

WP Post Author – Author Box, Co-Authors & Guest Authors Developer Profile

AF themes

64 plugins · 96K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
160 days
View full developer profile
Detection Fingerprints

How We Detect WP Post Author – Author Box, Co-Authors & Guest Authors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-post-author/assets/css/awpa-backend-style.css/wp-content/plugins/wp-post-author/assets/dist/blocks.build.js
Script Paths
/wp-content/plugins/wp-post-author/assets/dist/blocks.build.js
Version Parameters
wp-post-author/assets/css/awpa-backend-style.css?ver=wp-post-author/assets/dist/blocks.build.js?ver=

HTML / DOM Fingerprints

CSS Classes
awpa-form-builder-container
Data Attributes
data-srcUrldata-rest_urldata-imgdata-pluginDirdata-all_pages
JS Globals
wpauthor_globals
FAQ

Frequently Asked Questions about WP Post Author – Author Box, Co-Authors & Guest Authors