Does Wp Subcribe Author have any unpatched vulnerabilities?

No. All known vulnerabilities in Wp Subcribe Author have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wp Subcribe Author compatible with WordPress 4.3.34?

According to WordPress.org data, Wp Subcribe Author 1.8 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Wp Subcribe Author updated?

Wp Subcribe Author was last updated on Jan 8, 2016. Frequent updates are generally a positive security signal.

What is Wp Subcribe Author's security score?

Wp Subcribe Author has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wp Subcribe Author Security & Risk Analysis

wordpress.org/plugins/wp-subscribe-author

Wp Subscribe Author plugin is help subscriber to follow his/her favorite author.

20 active installs v1.8 PHP + WP 2.8+ Updated Jan 8, 2016

authoremailnotificationnotifyuser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wp Subcribe Author Safe to Use in 2026?

Generally Safe

Score 85/100

Wp Subcribe Author has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The wp-subscribe-author plugin v1.8 presents a concerning security posture primarily due to its lack of robust input validation and authentication checks. While the plugin demonstrates good practices by largely utilizing prepared statements for its SQL queries and avoiding external HTTP requests and file operations, the static analysis reveals significant weaknesses. The presence of four unprotected AJAX handlers constitutes a substantial attack surface, making the plugin vulnerable to unauthorized actions if these handlers are exploitable. Furthermore, the taint analysis indicates seven critical flows with unsanitized paths, suggesting a high likelihood of injection vulnerabilities, particularly given the absence of any nonce or capability checks. The plugin's vulnerability history of zero known CVEs is a positive sign, but it does not negate the immediate risks identified in the code analysis. The lack of any recorded past vulnerabilities could imply either a history of strong security or simply a lack of discovery, which is a risky assumption when combined with the current code quality.

Key Concerns

4 unprotected AJAX handlers
7 critical taint flows with unsanitized paths
0 Nonce checks
0 Capability checks
4% properly escaped output
1 Dangerous function (create_function)

Vulnerabilities

None known

Wp Subcribe Author Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Wp Subcribe Author Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '', '$settings_api_tabs_wpsa_plugin = new Settings_APclasses\settings.php:212

SQL Query Safety

95% prepared19 total queries

Output Escaping

4% escaped25 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

subscribe_author_button_handler (classes\wpsa_shortcode.php:70)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Wp Subcribe Author Attack Surface

Entry Points6

Unprotected4

AJAX Handlers 4

authwp_ajax_wpsa_getauthor_actionwpsa-ajax.php:7

noprivwp_ajax_wpsa_getauthor_actionwpsa-ajax.php:8

authwp_ajax_wpsa_subscribe_authorwpsa-ajax.php:10

noprivwp_ajax_wpsa_subscribe_authorwpsa-ajax.php:11

Shortcodes 2

[favourite-author-posts] classes\wpsa_shortcode.php:12

[subscribe-author-button] classes\wpsa_shortcode.php:13

WordPress Hooks 16

actioninitclasses\settings.php:22

actionadmin_initclasses\settings.php:23

actionadmin_initclasses\settings.php:24

actionadmin_menuclasses\settings.php:25

actionplugins_loadedclasses\settings.php:212

actionnew_to_publishwp-subscribe-author.php:82

actiondraft_to_publishwp-subscribe-author.php:83

actioninitwp-subscribe-author.php:88

actionplugins_loadedwp-subscribe-author.php:89

actionwp_print_scriptswp-subscribe-author.php:92

actionwp_print_styleswp-subscribe-author.php:93

actionwp_print_scriptswp-subscribe-author.php:97

actionwp_print_styleswp-subscribe-author.php:98

actioninitwpsa-ajax.php:14

filterget_avatarwpsa-ajax.php:59

actioninitwpsa-unsubscribe.php:20

Maintenance & Trust

Wp Subcribe Author Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedJan 8, 2016

PHP min version

Downloads15K

Community Trust

Rating76/100

Number of ratings4

Active installs20

Alternatives

Wp Subcribe Author Alternatives

KolorWeb Access Admin Notification: extreme rescue for unauthorized admin logins

kolorweb-access-admin-notification

100

Extreme rescue for unauthorized admin logins.

70 No CVEs

Mail to Users

mail2users

Email to users about new posts and pages. Send custom emails. Email to users about latest woocommerce products. Emails privacy.

20 No CVEs

Manage Notification E-mails

manage-notification-emails

Enable and disable email notifications that WordPress sends to the admin and user. Works perfectly with many other plugins!

100K 2 CVEs

Customize WordPress Emails and Alerts – Better Notifications for WP

bnfw

Supercharge your WordPress email notifications using a WYSIWYG editor and shortcodes. Default and new notifications available. Add-ons available.

30K 2 CVEs

Notification – Custom Notifications and Alerts for WordPress

notification

100

Take full control of WordPress emails and notifications. Replace default messages, add custom triggers, and send alerts via email, webhook, Slack, and …

10K 1 CVE

Developer Profile

Wp Subcribe Author Developer Profile

gchokeen

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Wp Subcribe Author

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-subscribe-author/js/jquery.hovercard.min.js/wp-content/plugins/wp-subscribe-author/js/wpsa-subscribe-author.js

Script Paths