WP-Safety

Limit Posts by 99 Robots Security & Risk Analysis

wordpress.org/plugins/wpsite-limit-posts

Limit the number of posts or custom post types that can be published based on role (i.e, author) or user.

10 active installs v2.1.3 PHP + WP 4.9+ Updated Unknown
custom-post-limitslimit-author-postslimit-number-of-postslimit-postspost-creation-limits
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Limit Posts by 99 Robots Safe to Use in 2026?

Generally Safe

Score 100/100

Limit Posts by 99 Robots has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wpsite-limit-posts" v2.1.3 plugin exhibits a generally good security posture, with no known vulnerabilities or critical issues identified in the static analysis. The plugin demonstrates strong adherence to best practices by utilizing prepared statements for all SQL queries and incorporating both nonce and capability checks. The absence of external HTTP requests and file operations further reduces the attack surface.

However, a concern arises from the output escaping analysis, where only 33% of outputs are properly escaped. This suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled meticulously before being displayed. While no critical or high severity taint flows were found, one flow with an unsanitized path warrants attention, as it could potentially be exploited in certain scenarios, though its severity is not explicitly defined.

Given the lack of historical vulnerabilities, the plugin appears well-maintained and developed with security in mind. The strengths lie in its limited attack surface and robust data handling for database operations. The primary weakness identified is the incomplete output escaping, which is a common but significant security risk. Overall, the plugin is relatively secure, but the output escaping issue requires immediate attention.

Key Concerns

  • Insufficient output escaping
  • Taint flow with unsanitized path
Vulnerabilities
None known

Limit Posts by 99 Robots Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Limit Posts by 99 Robots Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
6 escaped
Nonce Checks
1
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

33% escaped18 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
posts_notice (wpsite-limit-posts.php:286)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Limit Posts by 99 Robots Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionplugins_loadedwpsite-limit-posts.php:118
actioninitwpsite-limit-posts.php:119
actionwp_insert_post_datawpsite-limit-posts.php:120
actionadmin_menuwpsite-limit-posts.php:127
actionadmin_noticeswpsite-limit-posts.php:128
Maintenance & Trust

Limit Posts by 99 Robots Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedUnknown
PHP min version
Downloads4K

Community Trust

Rating38/100
Number of ratings8
Active installs10
Alternatives

Limit Posts by 99 Robots Alternatives

WP Post Limiter

WP Post Limiter

wp-post-limiter

A
85

Restrict the number of possible posts for a Wordpress user.

10 No CVEs
Developer Profile

Limit Posts by 99 Robots Developer Profile

DraftPress Team

12 plugins · 613K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
1011 days
View full developer profile
Detection Fingerprints

How We Detect Limit Posts by 99 Robots

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
wpsite-limit-posts-wrap
Data Attributes
data-wpsite-limit-posts
FAQ

Frequently Asked Questions about Limit Posts by 99 Robots