Does WP Random Post Inside have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Random Post Inside have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Random Post Inside compatible with WordPress 6.7.5?

According to WordPress.org data, WP Random Post Inside 1.6.6 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is WP Random Post Inside compatible with PHP 7.4+?

WP Random Post Inside requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Random Post Inside updated?

WP Random Post Inside was last updated on Nov 10, 2024. Frequent updates are generally a positive security signal.

What is WP Random Post Inside's security score?

WP Random Post Inside has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Random Post Inside Security & Risk Analysis

wordpress.org/plugins/wp-random-post-inside

The WP Random Post Inside plugin displays random posts within a post, reducing bounce rate and boosting SEO by linking internal pages.

200 active installs v1.6.6 PHP 7.4+ WP 4.0+ Updated Nov 10, 2024

random-posts-insiderelated-posts-insidewordpress-random-postswp-related-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Random Post Inside Safe to Use in 2026?

Generally Safe

Score 92/100

WP Random Post Inside has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "wp-random-post-inside" v1.6.6 plugin demonstrates a generally good security posture, with no critical vulnerabilities identified in static analysis, taint flows, or its vulnerability history. The plugin utilizes prepared statements for all SQL queries and has a good rate of output escaping, indicating developers are aware of common web security practices. The absence of file operations and external HTTP requests further limits potential attack vectors. However, there are a few areas that could be improved. The lack of nonce checks and capability checks on its single shortcode is a notable concern. While the attack surface is small (only one entry point), an unauthenticated user could potentially interact with this shortcode in unexpected ways. The vulnerability history being clean is a positive sign, suggesting consistent security focus from the developers, but this should not lead to complacency, especially with the identified potential weaknesses in input validation and authorization.

Key Concerns

Missing nonce checks on shortcode
Missing capability checks on shortcode
79% output escaping is not 100%

Vulnerabilities

None known

WP Random Post Inside Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Random Post Inside Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

79% escaped42 total outputs

Attack Surface

WP Random Post Inside Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wprpi] wprpi_functions.php:403

WordPress Hooks 10

actioninitindex.php:31

actionplugins_loadedindex.php:37

actionwp_loadedwprpi_functions.php:16

actionadmin_noticeswprpi_functions.php:31

actionadmin_initwprpi_functions.php:40

actionwp_headwprpi_functions.php:100

filterthe_contentwprpi_functions.php:251

actionadmin_enqueue_scriptswprpi_settings.php:20

actionadmin_initwprpi_settings.php:36

actionadmin_menuwprpi_settings.php:38

Maintenance & Trust

WP Random Post Inside Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 10, 2024

PHP min version7.4

Downloads11K

Community Trust

Rating84/100

Number of ratings5

Active installs200

Alternatives

WP Random Post Inside Alternatives

WP Related Post

wp-related-post

to Buy Premium Plugin Click Here

10 No CVEs

Developer Profile

WP Random Post Inside Developer Profile

MD. Anisur Rahman Bhuyan

1 plugin · 200 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Random Post Inside

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-random-post-inside/css/style.css

Script Paths

/wp-content/plugins/wp-random-post-inside/js/wprpi-init.js/wp-content/plugins/wp-random-post-inside/js/wprpi-color-settings.js

Version Parameters

wp-random-post-inside/css/style.css?ver=wprpi-init.js?ver=wprpi-color-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

wprpi_form_areawprpi-formwprpi_hide

Data Attributes

wprpi_related_by_catwprpi_related_by_tagwprpi_show_iconset_wprpi_iconwprpi_iconwprpi_link_color+5 more

FAQ