WP-Safety

WP Post Status Notifications Security & Risk Analysis

wordpress.org/plugins/wp-post-status-notifications

Configure email notifications for post/page status changes.

10 active installs v1.0 PHP + WP 4.1+ Updated Apr 14, 2015
pagepostpost-emailpost-statuswp-post-status-notifications
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Post Status Notifications Safe to Use in 2026?

Generally Safe

Score 85/100

WP Post Status Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "wp-post-status-notifications" v1.0 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerability history. This suggests a developer who is mindful of common pitfalls. However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, and critically, both lack any authentication or capability checks. This creates a direct path for unauthenticated users to interact with potentially sensitive plugin functionality, which is a major security risk. Furthermore, the low percentage of properly escaped output (31%) indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site's content.

Key Concerns

  • AJAX handlers without auth checks
  • Low output escaping percentage
Vulnerabilities
None known

WP Post Status Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Post Status Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

31% escaped26 total outputs
Attack Surface
2 unprotected

WP Post Status Notifications Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wpps_del_groupwp_post_status_notifications.php:52
authwp_ajax_wpps_del_rulewp_post_status_notifications.php:54
WordPress Hooks 9
actionplugins_loadedwp_post_status_notifications.php:45
actionadmin_initwp_post_status_notifications.php:48
actionadmin_menuwp_post_status_notifications.php:50
actiontransition_post_statuswp_post_status_notifications.php:56
actionadmin_noticeswp_post_status_notifications.php:524
actionadmin_noticeswp_post_status_notifications.php:541
actionadmin_noticeswp_post_status_notifications.php:557
actionadmin_noticeswp_post_status_notifications.php:584
actionadmin_noticeswp_post_status_notifications.php:614
Maintenance & Trust

WP Post Status Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedApr 14, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Post Status Notifications Alternatives

OneClickPublish

OneClickPublish

oneclickpublish

A
85

This is a very basic plugin to simple toggle the status of your posts between publish and post

20 No CVEs
Extra Post Pages Menu

Extra Post Pages Menu

extra-posts-pages-menu

A
85

Adds extra and individual menus for all available post/page statuses like drafts, pending, trash including count of number of posts in each status.

10 No CVEs
Duplicate Page

Duplicate Page

duplicate-page

A
98

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs
Duplicate Post

Duplicate Post

copy-delete-posts

A
99

Duplicate post

300K 2 CVEs
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

custom-facebook-feed

A
95

Formerly "Custom Facebook Feed". Display completely customizable Facebook feeds of a Facebook page. Supports Facebook oEmbeds.

200K 8 CVEs
Developer Profile

WP Post Status Notifications Developer Profile

Josh

5 plugins · 41K total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Post Status Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-post-status-notifications/css/wpps-admin-style.css/wp-content/plugins/wp-post-status-notifications/js/wpps-admin-script.js
Script Paths
/wp-content/plugins/wp-post-status-notifications/js/wpps-admin-script.js
Version Parameters
/wp-content/plugins/wp-post-status-notifications/css/wpps-admin-style.css?ver=/wp-content/plugins/wp-post-status-notifications/js/wpps-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
nav-tabnav-tab-activewrapwppse_tabbed_content
Data Attributes
data-wp-post-status-notifications
JS Globals
wpps_admin
FAQ

Frequently Asked Questions about WP Post Status Notifications