Does About Author have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is About Author compatible with WordPress 6.9.4?

According to WordPress.org data, About Author 1.6.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is About Author updated?

About Author was last updated on Feb 23, 2026. Frequent updates are generally a positive security signal.

What is About Author's security score?

About Author has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

About Author Security & Risk Analysis

wordpress.org/plugins/about-author

Display Blog Authors Information In Style you can publish blog users profile into any Page or Post in your WordPress sites.

200 active installs v1.6.8 PHP + WP + Updated Feb 23, 2026

authorauthor-bioblog-writercontent-writerwordpress-author

A · Safe

CVEs total2

Unpatched0

Last CVEMar 27, 2025

Plugin page Download

Safety Verdict

Is About Author Safe to Use in 2026?

Generally Safe

Score 99/100

About Author has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Mar 27, 2025Updated 2mo ago

Risk Assessment

The 'about-author' plugin v1.6.8 exhibits a mixed security posture. While it has a small attack surface with no unprotected entry points and a high percentage of properly escaped outputs, significant concerns arise from its code signals and vulnerability history. The presence of the `unserialize` function is a critical red flag, especially when paired with a single SQL query that does not utilize prepared statements. This combination presents a potential risk for arbitrary code execution and SQL injection if unsanitized data is processed by `unserialize` or the SQL query.

The plugin's vulnerability history, with two known medium-severity CVEs, both related to Cross-Site Scripting (XSS), suggests a recurring pattern of input sanitization issues. Although no CVEs are currently unpatched, the past vulnerabilities highlight a weakness in how the plugin handles user-supplied data. The taint analysis, while showing no critical or high-severity unsanitized paths, does indicate at least one flow with an unsanitized path, which, combined with the other signals, warrants careful consideration.

Overall, the plugin shows some good practices like output escaping and nonce/capability checks. However, the reliance on `unserialize`, the lack of prepared statements for SQL, and the past XSS vulnerabilities indicate areas that require immediate attention to mitigate potential risks. The absence of current unpatched vulnerabilities is positive, but the underlying code weaknesses and historical issues suggest a need for ongoing vigilance and potential code refactoring.

Key Concerns

Dangerous function 'unserialize' present
SQL queries without prepared statements
Flow with unsanitized paths found
Past medium severity CVEs (2 total)

Vulnerabilities

2 published

About Author Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-30808medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

About Author <= 1.6.2 - Reflected Cross-Site Scripting

Mar 27, 2025 Patched in 1.6.3 (7d)

WF-0ff67beb-638e-4d74-8d0e-6aece9207bb9-about-authormedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

About Author <= 1.3.9 - Authenticated Stored Cross-Site Scripting

Oct 25, 2019 Patched in 1.4.0 (1551d)

Version History

About Author Release Timeline

v1.6.8Current

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.21 CVE

v1.6.11 CVE

v1.6.01 CVE

v1.5.91 CVE

v1.5.81 CVE

v1.5.71 CVE

v1.5.61 CVE

v1.5.51 CVE

v1.5.41 CVE

v1.5.31 CVE

v1.5.21 CVE

v1.5.11 CVE

v1.5.01 CVE

v1.4.91 CVE

Code Analysis

Analyzed Mar 16, 2026

About Author Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

677 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$Weblizar_sets = unserialize(get_post_meta( $ID, $weblizar_Settings, true));about-author-use-shortcode.php:18

unserialize$Weblizar_io_settings = unserialize(get_option('author_info_Settings'));about-author.php:468

unserialize$Weblizar_io_settings = unserialize(get_option('author_info_Settings'));about-author.php:487

unserialize$Weblizar_sets = unserialize( get_post_meta( $ID, $weblizar_Settings, true ) );author-setting\about-author-use-shortcode2.php:28

unserialize$Weblizar_Settings = unserialize( get_option( 'author_info_Settings' ) );author-setting\shortcode-files\template1-shortcode.php:2

unserialize$Author_all_data = unserialize( get_post_meta( $Author_short_code, 'weblizar_Settings_' . $Author_shauthor-setting\shortcode-files\template1-shortcode.php:18

unserialize$Weblizar_Settings = unserialize(get_option('author_info_Settings'));author-setting\shortcode-files\template2-shortcode.php:2

unserialize$Author_all_data = unserialize(get_post_meta($Author_short_code , 'weblizar_Settings_'.$Author_shortauthor-setting\shortcode-files\template2-shortcode.php:19

unserialize$Weblizar_io_settings = unserialize(get_option('author_info_Settings'));author-settings.php:33

unserialize$Weblizar_Settings = unserialize( get_post_meta( $postid, $weblizar_Settings, true ) );settings\general-settings.php:4

unserialize$Weblizar_Settings = unserialize(get_post_meta( $post->ID, $weblizar_Settings, true));settings\template-settings.php:4

unserialize$Weblizar_Settings = unserialize(get_post_meta( $post->ID, $weblizar_Settings, true));settings\template1.php:4

unserialize$Weblizar_Settings = unserialize(get_post_meta( $post->ID, $weblizar_Settings, true));settings\template2.php:4

SQL Query Safety

0% prepared1 total queries

Output Escaping

97% escaped697 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

ab_preview_box (about-author.php:215)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

About Author Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[Weblizar] about-author-use-shortcode.php:1

[ABINFO] author-setting\about-author-use-shortcode2.php:2

WordPress Hooks 21

actionwidgets_initabout-author-widget-code.php:109

filterwidget_textabout-author.php:14

actionplugins_loadedabout-author.php:16

actionadmin_menuabout-author.php:25

actionadmin_enqueue_scriptsabout-author.php:33

filterplugin_action_linksabout-author.php:69

actioninitabout-author.php:76

actionadd_meta_boxesabout-author.php:77

actionadmin_enqueue_scriptsabout-author.php:78

actionabout_me_save_postabout-author.php:79

actionsave_postabout-author.php:80

filtermanage_edit-about_author_columnsabout-author.php:158

actionmanage_about_author_posts_custom_columnabout-author.php:159

actionmedia_buttonsabout-author.php:339

actionadmin_footerabout-author.php:340

actionshow_user_profileabout-author.php:459

actionedit_user_profileabout-author.php:460

actionpersonal_options_updateabout-author.php:462

actionedit_user_profile_updateabout-author.php:463

filterthe_contentabout-author.php:482

filterthe_contentabout-author.php:505

Maintenance & Trust

About Author Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version

Downloads68K

Community Trust

Rating88/100

Number of ratings5

Active installs200

Alternatives

About Author Alternatives

Awesome WordPress Author Bio

awesome-wp-author-bio

Best WordPress Author Bio Plugin with Extensive Usability and Functionality

10 No CVEs

Simple Author Box

simple-author-box

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs

Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

publishpress-authors

PublishPress Authors is the best plugin for adding authors, co-authors, multiple authors and guest authors to WordPress posts.

20K 5 CVEs

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

molongui-authorship

All-in-One Authorship Solution: Seamless Author Box, Guest Authors, and Co-Authors to enhance your site's authority, credibility, engagement, and SEO.

10K 6 CVEs

Starbox – the Author Box for Humans

starbox

Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship

10K 6 CVEs

Developer Profile

About Author Developer Profile

Weblizar - WordPress Themes & Plugin

26 plugins · 56K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

952 days

View full developer profile

Detection Fingerprints

How We Detect About Author

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/about-author/css/aap-custom-css.css/wp-content/plugins/about-author/css/all.min.css/wp-content/plugins/about-author/css/bootstrap.min.css/wp-content/plugins/about-author/css/codemirror/codemirror.css/wp-content/plugins/about-author/css/codemirror/blackboard.css/wp-content/plugins/about-author/css/codemirror/show-hint.css/wp-content/plugins/about-author/js/popper.min.js/wp-content/plugins/about-author/js/bootstrap.min.js+4 more

Script Paths

/wp-content/plugins/about-author/js/popper.min.js/wp-content/plugins/about-author/js/bootstrap.min.js/wp-content/plugins/about-author/js/upload-media.js/wp-content/plugins/about-author/css/codemirror/codemirror.js/wp-content/plugins/about-author/css/codemirror/aa-css.js/wp-content/plugins/about-author/css/codemirror/css-hint.js

HTML / DOM Fingerprints

CSS Classes

aap-custom-cssauthor-settingsabout-author-meta-boxcustom_css_sectionadd_custom_css_sectionauthor-custom-cssauthor-codemirror-container

HTML Comments

Data Attributes

data-field-iddata-field-valuedata-iddata-titledata-colordata-content+5 more

JS Globals

WEBLIZAR_ABOUT_ME_PLUGIN_URLweblizar_about_author_obj

Shortcode Output

[about_author[display-about-author

FAQ

About Author Security & Risk Analysis

Is About Author Safe to Use in 2026?

Generally Safe

Key Concerns

About Author Security Vulnerabilities

CVEs by Year

Severity Breakdown

About Author Release Timeline

About Author Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

About Author Attack Surface

Shortcodes 2

About Author Maintenance & Trust

Maintenance Signals

Community Trust

About Author Alternatives

Awesome WordPress Author Bio

Simple Author Box

Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

Starbox – the Author Box for Humans

About Author Developer Profile

How We Detect About Author

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about About Author