WP-Safety

WP Show Posts Security & Risk Analysis

wordpress.org/plugins/wp-show-posts

Add posts to your website from any post type using a simple shortcode.

70K active installs v1.1.6 PHP + WP 4.5+ Updated Apr 16, 2024
display-posts-shortcodegalleryportfoliopost-columnsshow-posts
90
A · Safe
CVEs total3
Unpatched0
Last CVEApr 16, 2024
Plugin page Download
Safety Verdict

Is WP Show Posts Safe to Use in 2026?

Generally Safe

Score 90/100

WP Show Posts has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 16, 2024Updated 1yr ago
Risk Assessment

The plugin wp-show-posts v1.1.6 demonstrates several good security practices, including 100% usage of prepared statements for SQL queries and a high percentage of properly escaped output. The static analysis reveals no critical or high severity taint flows, indicating robust input sanitization for the analyzed paths. The presence of nonce and capability checks on all identified entry points, including AJAX handlers and shortcodes, further contributes to a generally secure posture. However, a history of three medium severity CVEs, with the most recent one being on April 16, 2024, is a significant concern. These past vulnerabilities, including Improper Authorization and Cross-site Scripting, suggest potential recurring weaknesses in how user input is handled or how access control is implemented, even if current analysis shows no immediate exploitable flaws. While the current code analysis is positive, the historical vulnerability pattern warrants caution and suggests that the plugin may have had exploitable issues in the past that could potentially re-emerge with future updates or in different contexts.

Key Concerns

  • Multiple medium severity CVEs in history
  • Recent vulnerability (2024-04-16)
  • 88% output escaping (12% not escaped)
Vulnerabilities
3

WP Show Posts Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2023-6731medium · 4.3Improper Authorization

WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure

Apr 16, 2024 Patched in 1.1.6 (105d)
CVE-2024-1479medium · 5.3Incorrect Authorization

WP Show Posts <= 1.1.4 - Information Exposure

Mar 1, 2024 Patched in 1.1.5 (13d)
CVE-2022-4459medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 11, 2023 Patched in 1.1.4 (377d)
Code Analysis
Analyzed Mar 16, 2026

WP Show Posts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
175 escaped
Nonce Checks
5
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

88% escaped199 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wpsp_get_json_option (admin\ajax.php:11)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Show Posts Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_wpsp_get_json_optionadmin\ajax.php:6
authwp_ajax_wpsp_get_termsadmin\ajax.php:31
authwp_ajax_wpsp_get_taxonomiesadmin\ajax.php:65
authwp_ajax_wpsp_get_post_listsadmin\ajax.php:95

Shortcodes 1

[wp_show_posts] wp-show-posts.php:570
WordPress Hooks 39
actionadmin_print_scripts-post-new.phpadmin\admin.php:6
actionadmin_print_scripts-post.phpadmin\admin.php:7
actionadmin_headadmin\admin.php:27
actionadmin_initadmin\admin.php:43
filtermce_external_pluginsadmin\admin.php:56
filtermce_buttonsadmin\admin.php:57
actioninitadmin\butterbean\butterbean.php:19
actionload-post.phpadmin\butterbean\class-butterbean.php:203
actionload-post-new.phpadmin\butterbean\class-butterbean.php:204
actionbutterbean_registeradmin\butterbean\class-butterbean.php:207
actionbutterbean_registeradmin\butterbean\class-butterbean.php:208
actionbutterbean_registeradmin\butterbean\class-butterbean.php:209
actionbutterbean_registeradmin\butterbean\class-butterbean.php:210
actionadd_meta_boxesadmin\butterbean\class-butterbean.php:252
actionsave_postadmin\butterbean\class-butterbean.php:255
actionadmin_enqueue_scriptsadmin\butterbean\class-butterbean.php:258
actionbutterbean_enqueue_scriptsadmin\butterbean\class-butterbean.php:259
actionadmin_footeradmin\butterbean\class-butterbean.php:262
actionadmin_footeradmin\butterbean\class-butterbean.php:263
actionadmin_print_footer_scriptsadmin\butterbean\class-butterbean.php:266
actionadd_meta_boxesadmin\metabox.php:6
actionplugins_loadedadmin\metabox.php:70
actionbutterbean_registeradmin\metabox.php:81
actionadd_meta_boxes_wp_show_postsadmin\metabox.php:962
actioninitadmin\post-type.php:8
actionwidgets_initadmin\widget.php:107
filterwpsp_defaultsinc\compat.php:6
filterexcerpt_lengthinc\functions.php:32
filterexcerpt_moreinc\functions.php:33
actionwpsp_after_titleinc\functions.php:130
actionwpsp_after_contentinc\functions.php:140
actionwpsp_before_headerinc\functions.php:212
actionwpsp_before_contentinc\functions.php:222
actionwpsp_after_contentinc\functions.php:232
filterimage_resize_dimensionsinc\image-resizer.php:78
actionwpsp_before_wrapperinc\styling.php:7
actionplugins_loadedwp-show-posts.php:38
actionwp_enqueue_scriptswp-show-posts.php:48
filterpost_classwp-show-posts.php:442
Maintenance & Trust

WP Show Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedApr 16, 2024
PHP min version
Downloads605K

Community Trust

Rating94/100
Number of ratings80
Active installs70K
Alternatives

WP Show Posts Alternatives

Visual Portfolio, Photo Gallery & Post Grid

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

A
98

Modern photo gallery and portfolio plugin with advanced layouts editor. Clean gallery styles with powerful settings in the Gutenberg block.

60K 3 CVEs
Premium Portfolio Features for Phlox theme

Premium Portfolio Features for Phlox theme

auxin-portfolio

A
89

Showcase your projects beautifully in Phlox theme

40K 4 CVEs
WPZOOM Portfolio Lite – Filterable Portfolio Plugin

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

A
99

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs
Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

gallery-videos

A
95

Gallery is a user-friendly plugin to display user or hashtag-based gallery feeds as a responsive customizable gallery.

10K 5 CVEs
PowerFolio – Portfolio & Image Gallery for Elementor

PowerFolio – Portfolio & Image Gallery for Elementor

portfolio-elementor

A
96

A powerful portfolio and gallery plugin for WP, Elementor and Gutenberg. Create portfolio and image galleries in seconds using any page builder!

10K 4 CVEs
Developer Profile

WP Show Posts Developer Profile

Tom

9 plugins · 890K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
166 days
View full developer profile
Detection Fingerprints

How We Detect WP Show Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-show-posts/css/wp-show-posts.css/wp-content/plugins/wp-show-posts/css/wp-show-posts-min.css
Version Parameters
wp-show-posts/css/wp-show-posts.css?ver=wp-show-posts/css/wp-show-posts-min.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpsp-itemwpsp-item-inner
Data Attributes
data-wpsp-id
JS Globals
wpsp_id
FAQ

Frequently Asked Questions about WP Show Posts