Does WP Reading List have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Reading List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Reading List compatible with WordPress 6.1.10?

According to WordPress.org data, WP Reading List 4.0.1 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is WP Reading List updated?

WP Reading List was last updated on Oct 28, 2022. Frequent updates are generally a positive security signal.

What is WP Reading List's security score?

WP Reading List has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Reading List Security & Risk Analysis

wordpress.org/plugins/wp-reading-list

WP Reading List is a plugin designed to help organize and display books, magazines, articles, and anything else that you have read lately.

50 active installs v4.0.1 PHP + WP 3.0+ Updated Oct 28, 2022

custom-postimagespostsreading-listworks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Reading List Safe to Use in 2026?

Generally Safe

Score 85/100

WP Reading List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The wp-reading-list plugin v4.0.1 demonstrates a generally good security posture based on the provided static analysis. The plugin has no recorded vulnerabilities, which is a strong indicator of its historical security. Furthermore, the code analysis reveals no dangerous functions, no external HTTP requests, no file operations, and all SQL queries are properly prepared. The presence of nonce and capability checks, along with a small attack surface (one shortcode with no apparent direct unprotected entry points), are positive security attributes. However, a significant concern arises from the output escaping. With 50 total outputs and only 36% properly escaped, there's a high likelihood of cross-site scripting (XSS) vulnerabilities. This is a substantial weakness that could be exploited if untrusted data is rendered without adequate sanitization. While the plugin excels in some areas, the lack of robust output escaping presents a critical risk that overshadows its other strengths. The absence of taint analysis data makes it difficult to assess the exact impact of this output escaping issue, but it should be treated as a serious potential threat.

Key Concerns

Insufficient output escaping identified

Vulnerabilities

None known

WP Reading List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Reading List Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

36% escaped50 total outputs

Attack Surface

WP Reading List Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wprl] wp-reading-list-functions.php:289

WordPress Hooks 23

actioninitwp-reading-list-functions.php:15

actionpre_get_postswp-reading-list-functions.php:88

actionwp_enqueue_scriptswp-reading-list-functions.php:99

filtermanage_posts_columnswp-reading-list-functions.php:166

actionmanage_posts_custom_columnwp-reading-list-functions.php:167

filtermanage_edit-works_sortable_columnswp-reading-list-functions.php:174

actiontemplate_redirectwp-reading-list-functions.php:211

actioninitwp-reading-list-functions.php:243

filterwidget_textwp-reading-list-functions.php:250

actionadmin_initwprl-admin\wp-reading-list-admin.php:96

actionadmin_menuwprl-admin\wp-reading-list-admin.php:97

actionadmin_enqueue_scriptswprl-admin\wp-reading-list-admin.php:98

actionedit_form_advancedwprl-admin\wp-reading-list-admin.php:99

filteradmin_post_thumbnail_htmlwprl-admin\wp-reading-list-admin.php:100

filtergettextwprl-admin\wp-reading-list-admin.php:101

filterngettextwprl-admin\wp-reading-list-admin.php:102

actionadd_meta_boxeswprl-core\wp-reading-list-meta.php:9

actionsave_postwprl-core\wp-reading-list-meta.php:11

actionload-post.phpwprl-core\wp-reading-list-taxonomies.php:56

actionload-post-new.phpwprl-core\wp-reading-list-taxonomies.php:57

actioninitwprl-core\wp-reading-list-taxonomies.php:97

filterpost_updated_messageswprl-core\wp-reading-list-taxonomies.php:118

actionadmin_headwprl-core\wp-reading-list-taxonomies.php:171

Maintenance & Trust

WP Reading List Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedOct 28, 2022

PHP min version

Downloads9K

Community Trust

Rating60/100

Number of ratings3

Active installs50

Alternatives

WP Reading List Alternatives

Duplicate Page

duplicate-page

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs

Intuitive Custom Post Order

intuitive-custom-post-order

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K 4 CVEs

Simple Custom Post Order

simple-custom-post-order

Easily reorder posts, pages, custom post types, and taxonomies with intuitive drag-and-drop sorting in the WordPress admin.

300K 1 CVE

Duplicate Page and Post

duplicate-wp-page-post

Duplicate post, Duplicate page and Duplicate custom post or clone page and clone post.

80K 1 unpatched

Developer Profile

WP Reading List Developer Profile

Mike Stumpf

1 plugin · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Reading List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-reading-list/wprl-theme/default.css

Version Parameters

wp-reading-list/wprl-theme/default.css?ver=

HTML / DOM Fingerprints

FAQ