WP-Safety

Yandex News Feed Security & Risk Analysis

wordpress.org/plugins/yandex-news-feed

Generates a valid RSS 2.0 feed for the Yandex "Latest and most important news" program. Ensures full compliance with Yandex Webmaster requirements.

80 active installs v1.0.2 PHP 7.4+ WP 5.0+ Updated Nov 24, 2025
rsssearch-consoleseowebmasteryandex-news
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Yandex News Feed Safe to Use in 2026?

Generally Safe

Score 100/100

Yandex News Feed has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The yandex-news-feed plugin v1.0.2 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and the consistent use of prepared statements for SQL queries are significant strengths. Furthermore, the plugin demonstrates good practices by implementing nonce checks and capability checks for its entry points. The analysis also indicates no critical or high-severity issues identified through taint analysis, and importantly, no unsanitized paths were detected.

However, there are minor areas for improvement. The plugin has a moderate number of output escaping issues, with 27% of outputs not being properly escaped. While no dangerous functions or file operations were identified, the plugin does perform external HTTP requests, which can sometimes be a vector for vulnerabilities if not handled with care. The limited attack surface and the fact that the single AJAX handler is protected are positive signs, suggesting that immediate critical vulnerabilities are unlikely.

In conclusion, the yandex-news-feed plugin appears to be relatively secure, with a history of no vulnerabilities and solid implementation of core security practices. The primary concern lies in the percentage of unescaped output, which warrants attention to prevent potential cross-site scripting (XSS) vulnerabilities. The limited number of entry points and the absence of critical taint flows are reassuring.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

Yandex News Feed Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Yandex News Feed Release Timeline

v1.0.2Current
Code Analysis
Analyzed Mar 16, 2026

Yandex News Feed Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
15
41 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

73% escaped56 total outputs
Attack Surface

Yandex News Feed Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_yandex_news_validate_feedincludes\class-validator.php:19
WordPress Hooks 13
actionadmin_menuincludes\class-admin.php:24
actionadmin_initincludes\class-admin.php:25
actionadmin_enqueue_scriptsincludes\class-admin.php:26
actionadmin_noticesincludes\class-admin.php:27
actionadd_meta_boxesincludes\class-admin.php:28
actionsave_postincludes\class-admin.php:29
actionsave_postincludes\class-feed-generator.php:40
actiondelete_postincludes\class-feed-generator.php:41
actionadmin_enqueue_scriptsincludes\class-i18n.php:19
actionadmin_initincludes\class-i18n.php:22
actionload-post.phpincludes\class-i18n.php:23
actionload-post-new.phpincludes\class-i18n.php:24
actioninityandex-news-feed.php:62
Maintenance & Trust

Yandex News Feed Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 24, 2025
PHP min version7.4
Downloads316

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

Yandex News Feed Alternatives

SeoSamba for WordPress Webmasters

SeoSamba for WordPress Webmasters

seosamba-webmasters

A
91

This plugin is a gateway to the "SeoSamba" platform. SeoSamba provides both free and premium SEO and marketing automation tools for websites owners.

20 1 CVE
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

A
86

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

3.0M 20 CVEs
SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

A
97

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE
SEOPress – On-site SEO & Analytics

SEOPress – On-site SEO & Analytics

wp-seopress

A
94

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs
Developer Profile

Yandex News Feed Developer Profile

Mikhail Aivazian

1 plugin · 80 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Yandex News Feed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yandex-news-feed/assets/js/admin.js/wp-content/plugins/yandex-news-feed/assets/css/admin.css
Script Paths
/wp-content/plugins/yandex-news-feed/assets/js/admin.js
Version Parameters
yandex-news-feed/assets/js/admin.js?ver=yandex-news-feed/assets/css/admin.css?ver=

HTML / DOM Fingerprints

Data Attributes
name="yandex_news_exclude"id="yandex_news_exclude"name="yandex_news_feed_meta_box_nonce"id="yandex-news-feed-exclude"
FAQ

Frequently Asked Questions about Yandex News Feed