Does Better RSS Feeds have any unpatched vulnerabilities?

No. All known vulnerabilities in Better RSS Feeds have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Better RSS Feeds compatible with WordPress 5.2.24?

According to WordPress.org data, Better RSS Feeds 2.0.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Better RSS Feeds updated?

Better RSS Feeds was last updated on Sep 6, 2019. Frequent updates are generally a positive security signal.

What is Better RSS Feeds's security score?

Better RSS Feeds has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Better RSS Feeds Security & Risk Analysis

wordpress.org/plugins/xslt

Better RSS Feeds improves the appearance of your RSS feeds.

100 active installs v2.0.1 PHP + WP 4.0.0+ Updated Sep 6, 2019

feedrssrss-feed

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Better RSS Feeds Safe to Use in 2026?

Generally Safe

Score 85/100

Better RSS Feeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "xslt" v2.0.1 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the analysis indicates a lack of dangerous function usage and a complete reliance on prepared statements for all SQL queries, which are excellent security practices. The plugin also has a clean vulnerability history with no known CVEs, suggesting a well-maintained codebase or a lack of historical discovery of vulnerabilities.

However, there are areas for improvement. The most notable concern is the low percentage of properly escaped output (30%). This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly rendered in the output without sufficient sanitization. The lack of nonce checks, while mitigated by the limited attack surface, is also a potential area of concern if new entry points are introduced in future versions without adequate protection. Despite these points, the overall security is good due to the minimal attack surface and absence of critical code signals and historical vulnerabilities.

Key Concerns

Low percentage of properly escaped output
No nonce checks found

Vulnerabilities

None known

Better RSS Feeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Better RSS Feeds Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

30% escaped53 total outputs

Attack Surface

Better RSS Feeds Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionadmin_menubetter-rss-feeds.php:39

actionafter_setup_themebetter-rss-feeds.php:47

actionwp_footerbetter-rss-feeds.php:49

actionrss_tag_prebetter-rss-feeds.php:52

actionrss2_nsbetter-rss-feeds.php:53

filterfeed_content_typebetter-rss-feeds.php:54

actionrss_itembetter-rss-feeds.php:94

actionrss2_itembetter-rss-feeds.php:95

filterthe_excerpt_rssbetter-rss-feeds.php:98

filterthe_content_feedbetter-rss-feeds.php:102

filterthe_content_feedbetter-rss-feeds.php:106

filterpre_option_rss_use_excerptbetter-rss-feeds.php:334

actionadmin_initwp-settings-framework.php:32

actionadmin_noticeswp-settings-framework.php:33

actionadmin_enqueue_scriptswp-settings-framework.php:34

Maintenance & Trust

Better RSS Feeds Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedSep 6, 2019

PHP min version

Downloads41K

Community Trust

Rating58/100

Number of ratings19

Active installs100

Alternatives

Better RSS Feeds Alternatives

PowerPress Podcasting plugin by Blubrry

powerpress

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs

Podcast Player – Your Podcasting Companion

podcast-player

100

Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.

10K No CVEs

Super RSS Reader – Add attractive RSS Feed Widget

super-rss-reader

100

Display any RSS feed(s) in widget with news ticker effect in multiple tabs, thumbnails, customizable color themes and more.

10K No CVEs

RSS Feed Retriever

wp-rss-retriever

The fastest RSS feeds plugin for WordPress. Includes excerpt & thumbnail image. Use as a news aggregator, autoblog, or RSS parsing.

8K 2 CVEs

Featured Image in RSS Feed by MailerLite

mailerlite-featured-image-in-rss-feed

This plugin automatically adds featured images of your posts into the RSS feed.

2K No CVEs

Developer Profile

Better RSS Feeds Developer Profile

Waterloo Plugins

4 plugins · 270 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Better RSS Feeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xslt/settings/better-rss-feeds-cfg.php

HTML / DOM Fingerprints

FAQ