Does WP Post Background have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Post Background have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Post Background compatible with WordPress 4.2.39?

According to WordPress.org data, WP Post Background 1.0.0 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is WP Post Background updated?

WP Post Background was last updated on May 16, 2015. Frequent updates are generally a positive security signal.

What is WP Post Background's security score?

WP Post Background has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Post Background Security & Risk Analysis

wordpress.org/plugins/wp-post-background

This plugin allows you to add and image as background of posts, pages or custom post type in general (in the same way as a thumbnail).

20 active installs v1.0.0 PHP + WP 3.0+ Updated May 16, 2015

attachmentbackgroundpost

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Post Background Safe to Use in 2026?

Generally Safe

Score 85/100

WP Post Background has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The wp-post-background plugin v1.0.0 exhibits a concerning security posture due to significant vulnerabilities in its handling of entry points. While it demonstrates good practices with SQL queries using prepared statements and a lack of file operations or external HTTP requests, these strengths are overshadowed by critical weaknesses. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential for data injection or manipulation if user-controlled input reaches these paths without proper sanitization. The absence of any known CVEs is positive but does not negate the inherent risks present in the code itself. The plugin needs immediate attention to address the unprotected entry points and unsanitized data flows to improve its overall security.

Key Concerns

AJAX handlers without authentication checks
Flows with unsanitized paths
Unescaped output
Missing capability checks on AJAX

Vulnerabilities

None known

WP Post Background Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Post Background Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

wppb_add_post_background (wp-post-background.php:139)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP Post Background Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wppb_add_post_backgroundwp-post-background.php:134

authwp_ajax_wppb_remove_post_backgroundwp-post-background.php:164

WordPress Hooks 4

actionplugins_loadedwp-post-background.php:14

actionadmin_initwp-post-background.php:25

actionadmin_headwp-post-background.php:91

filterattachment_fields_to_editwp-post-background.php:102

Maintenance & Trust

WP Post Background Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedMay 16, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WP Post Background Alternatives

Attachments

attachments

100

Attachments allows you to simply append any number of items from your WordPress Media Library to Posts, Pages, and Custom Post Types

9K No CVEs

Full Background Manager

fully-background-manager

Full Background Image Manager WordPress Plugin allows you to set separate background image of each page.

8K No CVEs

DX Delete Attached Media

dx-delete-attached-media

Automatically deletes attached media from posts and custom post types added via the Media button.

4K 2 CVEs

Autoremove Attachments

autoremove-attachments

Remove child attachments when parent post, page or custom post type is deleted.

3K No CVEs

LH Add Media From Url

lh-add-media-from-url

Upload files from an url to wordpress media library, either enter file urls in an onsite input box or click a bookmarklet.

2K 2 CVEs

Developer Profile

WP Post Background Developer Profile

jcchavezs

2 plugins · 220 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Post Background

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-post-background/wp-post-background.js

Script Paths