Does WP Post Notifier For All have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Post Notifier For All have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Post Notifier For All compatible with WordPress 4.5.33?

According to WordPress.org data, WP Post Notifier For All 2.7.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is WP Post Notifier For All updated?

WP Post Notifier For All was last updated on May 24, 2016. Frequent updates are generally a positive security signal.

What is WP Post Notifier For All's security score?

WP Post Notifier For All has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Post Notifier For All Security & Risk Analysis

wordpress.org/plugins/wp-post-notifier-for-all

Notify all Wordpress users (and not only the admin) on every post publishing.

200 active installs v2.7.1 PHP + WP 3.0+ Updated May 24, 2016

notifiernotifypost

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Post Notifier For All Safe to Use in 2026?

Generally Safe

Score 85/100

WP Post Notifier For All has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The 'wp-post-notifier-for-all' v2.7.1 plugin exhibits a mixed security posture. On the positive side, the static analysis indicates no known CVEs, zero dangerous functions, and all SQL queries are prepared statements, suggesting good practices in these areas. The plugin also has a single capability check, which is a positive step towards access control. However, a significant concern is the complete lack of output escaping for all 19 identified outputs. This opens the door to cross-site scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly into the HTML without sanitization.

Furthermore, while the attack surface appears small with no AJAX handlers, REST API routes, shortcodes, or cron events, the analysis of taint flows is limited. The fact that only one flow was analyzed, and it yielded no unsanitized paths, is not necessarily indicative of a clean codebase but rather potentially limited static analysis scope or the plugin's simplicity. The absence of nonce checks on the zero AJAX handlers is a non-issue given there are no handlers, but it doesn't address potential vulnerabilities if functionality were to be added later. Overall, the lack of output escaping is the most prominent and actionable risk identified, outweighing the positive findings regarding SQL and known vulnerabilities.

Key Concerns

0% output escaping for 19 outputs

Vulnerabilities

None known

WP Post Notifier For All Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Post Notifier For All Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped19 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<wp-post-notifier-for-all> (wp-post-notifier-for-all.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Post Notifier For All Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterwp_mail_charsetwp-post-notifier-for-all.php:150

actionadmin_menuwp-post-notifier-for-all.php:437

actionpublish_postwp-post-notifier-for-all.php:438

Maintenance & Trust

WP Post Notifier For All Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedMay 24, 2016

PHP min version

Downloads17K

Community Trust

Rating86/100

Number of ratings4

Active installs200

Alternatives

WP Post Notifier For All Alternatives

Subscribe2 – Form, Email Subscribers & Newsletters

subscribe2

Sends a list of subscribers an email notification when you publish new posts.

20K 8 CVEs

Tools for Twitter

twitter-tools

Tools for Twitter is a plugin that creates a complete integration between your WordPress blog and your Twitter account.

1K No CVEs

Post Status Notifier Lite

post-status-notifier-lite

Notify on every post change: Flexible rules, custom placeholders and support for all post types and taxonomies.

800 3 CVEs

Publish Post Email Notification

publish-post-email-notification

Publish post notification is plugin which will send an automatic email to its author when the post is published and approved by WP admin.

600 2 CVEs

Post Notify Users

post-notify-users

100

Notified by e-mail to the user with the roles set at the time of new posting.

100 No CVEs

Developer Profile

WP Post Notifier For All Developer Profile

.fay

5 plugins · 380 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Post Notifier For All

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

[BLOG_NAME] - [AUTHOR] just published a new article: [TITLE]

[AUTHOR] just published a new article !<br /><br />
<h3>[TITLE]</h3>
In: [CATEGORIES]<br /><br />
[EXCERPT]<br /><br />
[CONTENT]<br /><br />
[LINK]<br /><br />
Good reading !<br /><br />

FAQ