WP-Safety

Accordions Security & Risk Analysis

wordpress.org/plugins/accordions

Create sleek accordions, tabs, FAQs, and image accordions with a React builder featuring advanced styling, animations, OpenAI support, and customizati …

20K active installs v2.3.23 PHP + WP 5.0+ Updated Jan 23, 2026
accordionai-faqimage-accordiontabswoocommerce-faq-tab
94
A · Safe
CVEs total8
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Accordions Safe to Use in 2026?

Generally Safe

Score 94/100

Accordions has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Sep 22, 2025Updated 3mo ago
Risk Assessment

The "accordions" plugin v2.3.23 exhibits a mixed security posture. On the positive side, the static analysis reveals a robust implementation of security best practices. The plugin boasts a significant number of entry points (52) but impressively, none are unprotected by authentication or permission checks. Furthermore, the vast majority of output (98%) is properly escaped, and a healthy number of nonce and capability checks are present. The absence of external HTTP requests and bundled libraries also contributes to a reduced attack surface.

However, several areas raise concern. The presence of the "unserialize" function, a known risky operation, is a notable red flag. While taint analysis found no critical or high severity issues, the single flow with unsanitized paths warrants attention. The plugin's historical vulnerability record is concerning, with 8 known CVEs, although none are currently unpatched. The distribution of these CVEs (1 high, 7 medium) and the common vulnerability types (Deserialization of Untrusted Data, Missing Authorization, XSS) suggest a recurring pattern of potential weaknesses that attackers could exploit if not carefully addressed in future updates. The last vulnerability being from 2025 also indicates a recent history of security issues.

In conclusion, while "accordions" v2.3.23 has implemented many good security practices, the historical prevalence of deserialization and authorization vulnerabilities, coupled with the presence of the unserialize function, necessitates a cautious approach. Continuous vigilance and thorough security audits of new versions are recommended to mitigate potential risks.

Key Concerns

  • Presence of dangerous function: unserialize
  • Taint analysis: unsanitized paths found
  • Vulnerability history: 1 high severity CVE
  • Vulnerability history: 7 medium severity CVEs
  • Vulnerability history: Common types (Deserialization, Auth, XSS)
Vulnerabilities
8 published

Accordions Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
7

8 total CVEs

CVE-2025-58678medium · 4.3Missing Authorization

Accordion <= 2.3.15 - Missing Authorization

Sep 22, 2025 Patched in 2.3.16 (5d)
CVE-2025-53421medium · 4.3Missing Authorization

Accordion <= 2.3.14 - Missing Authorization

Sep 16, 2025 Patched in 2.3.16 (50d)
CVE-2025-32143high · 8.8Deserialization of Untrusted Data

Accordion <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection

Apr 9, 2025 Patched in 2.3.12 (58d)
CVE-2024-47342medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 2.2.99 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 27, 2024 Patched in 2.2.100 (7d)
CVE-2024-1641medium · 5.4Missing Authorization

Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

Mar 13, 2024 Patched in 2.2.97 (141d)
WF-48758ada-4c7f-4a7f-8b43-535f820e6b3c-accordionsmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 2.2.43 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 17, 2022 Patched in 2.2.43 (524d)
CVE-2021-24283medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 2.2.29 - Reflected Cross-Site Scripting

Apr 21, 2021 Patched in 2.2.30 (1007d)
CVE-2020-13644medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 2.2.8 - Unprotected AJAX Action to Stored/Reflected Cross-Site Scripting

Mar 18, 2020 Patched in 2.2.9 (1406d)
Version History

Accordions Release Timeline

v2.3.22
v2.3.21
v2.3.20
v2.3.19
v2.3.18
v2.3.17
v2.3.16
v2.3.142 CVEs
CVE-2025-53421 CVE-2025-58678
v2.3.132 CVEs
CVE-2025-53421 CVE-2025-58678
v2.3.122 CVEs
CVE-2025-53421 CVE-2025-58678
v2.3.113 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.103 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.93 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.83 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.73 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.63 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.53 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.43 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.33 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
v2.3.23 CVEs
CVE-2025-53421 CVE-2025-32143 CVE-2025-58678
Code Analysis
Analyzed Mar 16, 2026

Accordions Code Analysis

Dangerous Functions
6
Raw SQL Queries
1
2 prepared
Unescaped Output
25
1162 escaped
Nonce Checks
13
Capability Checks
27
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$wpsm_accordion_data = unserialize($wpsm_accordion_data);includes\3rd-party\responsive-accordion-and-collapse\functions-data-import.php:46
unserialize$Accordion_Settings = unserialize($Accordion_Settings);includes\3rd-party\responsive-accordion-and-collapse\functions-data-import.php:49
unserialize$wpsm_tabs_r_data = unserialize($wpsm_tabs_r_data);includes\3rd-party\tabs-responsive\functions-data-import.php:45
unserialize$Tabs_R_Settings = unserialize($Tabs_R_Settings);includes\3rd-party\tabs-responsive\functions-data-import.php:48
unserialize$wpsm_accordion_data = unserialize($wpsm_accordion_data);includes\3rd-party\vc-tabs\functions-data-import.php:47
unserialize$Accordion_Settings = unserialize($Accordion_Settings);includes\3rd-party\vc-tabs\functions-data-import.php:50

SQL Query Safety

67% prepared3 total queries

Output Escaping

98% escaped1187 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
accordions_settings_save (includes\class-settings-hook.php:1204)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Accordions Attack Surface

Entry Points52
Unprotected0

AJAX Handlers 3

authwp_ajax_accordions_ajax_wc_get_accordionsincludes\functions-wc.php:77
noprivwp_ajax_accordions_ajax_wc_get_accordionsincludes\functions-wc.php:78
authwp_ajax_accordions_ajax_import_jsonincludes\functions.php:518

REST API Routes 16

POST/wp-json/accordions/v2/delete_postincludes\functions-rest.php:20
POST/wp-json/accordions/v2/duplicate_postincludes\functions-rest.php:31
POST/wp-json/accordions/v2/post_type_objectsincludes\functions-rest.php:42
POST/wp-json/accordions/v2/get_site_detailsincludes\functions-rest.php:54
POST/wp-json/accordions/v2/send_mailincludes\functions-rest.php:66
POST/wp-json/accordions/v2/update_optionsincludes\functions-rest.php:79
POST/wp-json/accordions/v2/check_licenseincludes\functions-rest.php:90
POST/wp-json/accordions/v2/get_optionsincludes\functions-rest.php:106
POST/wp-json/accordions/v2/get_postsincludes\functions-rest.php:121
POST/wp-json/accordions/v2/accordions_listincludes\functions-rest.php:135
POST/wp-json/accordions/v2/get_nav_menusincludes\functions-rest.php:147
POST/wp-json/accordions/v2/accordions_dataincludes\functions-rest.php:162
POST/wp-json/accordions/v2/update_post_dataincludes\functions-rest.php:174
POST/wp-json/accordions/v2/create_postincludes\functions-rest.php:186
POST/wp-json/accordions/v2/update_post_titleincludes\functions-rest.php:197
POST/wp-json/accordions/v2/user_roles_listincludes\functions-rest.php:209

Shortcodes 33

[accordions_import_cron_accordion_shortcodes] includes\3rd-party\accordion-shortcodes\functions-data-import.php:9
[accordions_import_cron_arconix_faq] includes\3rd-party\arconix-faq\functions-data-import.php:9
[accordions_import_cron_easy_accordion_free] includes\3rd-party\easy-accordion-free\functions-data-import.php:9
[accordions_import_cron_easy_responsive_tabs] includes\3rd-party\easy-responsive-tabs\functions-data-import.php:9
[accordions_import_cron_everest_tab_lite] includes\3rd-party\everest-tab-lite\functions-data-import.php:9
[accordions_import_cron_helpie_faq] includes\3rd-party\helpie-faq\functions-data-import.php:9
[accordions_import_cron_meks_flexible_shortcodes] includes\3rd-party\meks-flexible-shortcodes\functions-data-import.php:9
[accordions_import_cron_quick_easy_faqs] includes\3rd-party\quick-and-easy-faqs\functions-data-import.php:9
[accordions_import_cron_responsive_accordion_collapse] includes\3rd-party\responsive-accordion-and-collapse\functions-data-import.php:9
[accordions_import_cron_responsive_tabs] includes\3rd-party\responsive-tabs\functions-data-import.php:9
[accordions_import_cron_shortcodes_ultimate] includes\3rd-party\shortcodes-ultimate\functions-data-import.php:9
[accordions_import_cron_sp_faq] includes\3rd-party\sp-faq\functions-data-import.php:9
[accordions_import_cron_squelch_tabs_accordions] includes\3rd-party\squelch-tabs-and-accordions-shortcodes\functions-data-import.php:9
[accordions_import_cron_tabby_responsive_tabs] includes\3rd-party\tabby-responsive-tabs\functions-data-import.php:9
[accordions_import_cron_tabs_pro] includes\3rd-party\tabs-pro\functions-data-import.php:9
[accordions_import_cron_tabs_responsive] includes\3rd-party\tabs-responsive\functions-data-import.php:9
[accordions_import_cron_tabs_shortcode] includes\3rd-party\tabs-shortcode\functions-data-import.php:9
[accordions_import_cron_ultimate_faqs] includes\3rd-party\ultimate-faqs\functions-data-import.php:9
[accordions_import_cron_vc_tabs] includes\3rd-party\vc-tabs\functions-data-import.php:9
[accordions_import_cron_wc_shortcodes] includes\3rd-party\wc-shortcodes\functions-data-import.php:9
[accordions_import_cron_wonderplugin_tabs_trial] includes\3rd-party\wonderplugin-tabs-trial\functions-data-import.php:9
[accordions_import_cron_wp_shortcode] includes\3rd-party\wp-shortcode\functions-data-import.php:9
[accordions] includes\class-shortcodes.php:17
[accordions_pickplguins] includes\class-shortcodes.php:18
[accordions_pplugins] includes\class-shortcodes.php:19
[accordions_tabs] includes\class-shortcodes.php:21
[accordions_tabs_pickplguins] includes\class-shortcodes.php:22
[accordions_builder] includes\class-shortcodes.php:24
[accordions_cron_upgrade_settings] includes\functions-data-upgrade.php:6
[accordions_cron_upgrade_accordions] includes\functions-data-upgrade.php:49
[accordions_cron_reset_migrate] includes\functions-data-upgrade.php:367
[accordions_youtube] includes\functions.php:527
[accordions_vimeo] includes\functions.php:553
WordPress Hooks 81
actionwp_enqueue_scriptsaccordions.php:86
actionadmin_enqueue_scriptsaccordions.php:87
actionplugins_loadedaccordions.php:89
filtercron_schedulesaccordions.php:90
actionwidgets_initaccordions.php:95
actionbefore_woocommerce_initaccordions.php:96
filterwidget_textaccordions.php:99
actionaccordions_import_cron_accordion_shortcodesincludes\3rd-party\accordion-shortcodes\functions-data-import.php:10
actionaccordions_import_cron_arconix_faqincludes\3rd-party\arconix-faq\functions-data-import.php:10
actionaccordions_import_cron_easy_accordion_freeincludes\3rd-party\easy-accordion-free\functions-data-import.php:10
actionaccordions_import_cron_easy_responsive_tabsincludes\3rd-party\easy-responsive-tabs\functions-data-import.php:10
actionaccordions_import_cron_everest_tab_liteincludes\3rd-party\everest-tab-lite\functions-data-import.php:10
actionaccordions_import_cron_helpie_faqincludes\3rd-party\helpie-faq\functions-data-import.php:10
actionaccordions_import_cron_meks_flexible_shortcodesincludes\3rd-party\meks-flexible-shortcodes\functions-data-import.php:10
actionaccordions_import_cron_quick_easy_faqsincludes\3rd-party\quick-and-easy-faqs\functions-data-import.php:10
actionaccordions_import_cron_responsive_accordion_collapseincludes\3rd-party\responsive-accordion-and-collapse\functions-data-import.php:10
actionaccordions_import_cron_responsive_tabsincludes\3rd-party\responsive-tabs\functions-data-import.php:10
actionaccordions_import_cron_shortcodes_ultimateincludes\3rd-party\shortcodes-ultimate\functions-data-import.php:10
actionaccordions_import_cron_sp_faqincludes\3rd-party\sp-faq\functions-data-import.php:10
actionaccordions_import_cron_squelch_tabs_accordionsincludes\3rd-party\squelch-tabs-and-accordions-shortcodes\functions-data-import.php:10
actionaccordions_import_cron_tabby_responsive_tabsincludes\3rd-party\tabby-responsive-tabs\functions-data-import.php:10
actionaccordions_import_cron_tabs_proincludes\3rd-party\tabs-pro\functions-data-import.php:10
actionaccordions_import_cron_tabs_responsiveincludes\3rd-party\tabs-responsive\functions-data-import.php:10
actionaccordions_import_cron_tabs_shortcodeincludes\3rd-party\tabs-shortcode\functions-data-import.php:10
actionaccordions_import_cron_ultimate_faqsincludes\3rd-party\ultimate-faqs\functions-data-import.php:10
actionaccordions_import_cron_vc_tabsincludes\3rd-party\vc-tabs\functions-data-import.php:10
actionaccordions_import_cron_wc_shortcodesincludes\3rd-party\wc-shortcodes\functions-data-import.php:10
actionaccordions_import_cron_wonderplugin_tabs_trialincludes\3rd-party\wonderplugin-tabs-trial\functions-data-import.php:10
actionaccordions_import_cron_wp_shortcodeincludes\3rd-party\wp-shortcode\functions-data-import.php:10
actionadmin_noticesincludes\class-admin-notices.php:10
actionaccordions_metabox_content_shortcodeincludes\class-post-meta-accordions-hook.php:12
actionaccordions_metabox_content_generalincludes\class-post-meta-accordions-hook.php:173
actionaccordions_metabox_content_accordion_optionsincludes\class-post-meta-accordions-hook.php:336
actionaccordions_metabox_content_tabs_optionsincludes\class-post-meta-accordions-hook.php:434
actionaccordions_metabox_content_styleincludes\class-post-meta-accordions-hook.php:518
actionaccordions_metabox_content_contentincludes\class-post-meta-accordions-hook.php:1085
actionaccordions_metabox_content_custom_scriptsincludes\class-post-meta-accordions-hook.php:1204
actionaccordions_metabox_content_help_supportincludes\class-post-meta-accordions-hook.php:1259
actionaccordions_metabox_content_buy_proincludes\class-post-meta-accordions-hook.php:1353
actionaccordions_post_meta_saveincludes\class-post-meta-accordions-hook.php:1358
actionadd_meta_boxesincludes\class-post-meta-accordions.php:11
actionsave_postincludes\class-post-meta-accordions.php:12
actionadd_meta_boxesincludes\class-post-meta-product.php:11
actionsave_postincludes\class-post-meta-product.php:12
actioninitincludes\class-post-types.php:13
actionadmin_initincludes\class-post-types.php:14
actionaccordions_settings_content_generalincludes\class-settings-hook.php:16
actionaccordions_settings_content_help_supportincludes\class-settings-hook.php:228
actionaccordions_settings_content_3rd_party_importincludes\class-settings-hook.php:441
actionaccordions_settings_content_buy_proincludes\class-settings-hook.php:752
actionaccordions_settings_saveincludes\class-settings-hook.php:1202
actionadmin_menuincludes\class-settings.php:12
actionadmin_action_accordions_duplicate_post_as_draftincludes\duplicate-post.php:125
filterpost_row_actionsincludes\duplicate-post.php:140
actionaccordions_cron_upgrade_settingsincludes\functions-data-upgrade.php:7
actionaccordions_cron_upgrade_accordionsincludes\functions-data-upgrade.php:50
actionaccordions_cron_reset_migrateincludes\functions-data-upgrade.php:369
actionrest_api_initincludes\functions-rest.php:11
filterwoocommerce_product_tabsincludes\functions-wc.php:7
filterthe_contentincludes\functions.php:441
filterwp_kses_allowed_htmlincludes\functions.php:598
filtermanage_accordions_posts_columnsincludes\functions.php:621
actionmanage_accordions_posts_custom_columnincludes\functions.php:637
actionwp_footerincludes\functions.php:762
actionwp_footerincludes\functions.php:797
actionwp_footerincludes\functions.php:919
actionaccordions_maintemplates\accordion\accordion-hook.php:4
actionaccordions_maintemplates\accordion\accordion-hook.php:36
actionaccordions_maintemplates\accordion\accordion-hook.php:253
actionaccordions_maintemplates\accordion\accordion-hook.php:525
actionaccordions_maintemplates\accordion\accordion-hook.php:578
actionaccordions_main_no_contenttemplates\accordion\accordion-hook.php:654
actionaccordions_builder_accordiontemplates\accordions-builder\accordions-builder-hook.php:4
actionaccordions_builder_faqGridtemplates\faq-grid\faq-grid-hook.php:4
actionaccordions_builder_imageAccordiontemplates\image-accordion\index.php:4
actionaccordions_tabs_maintemplates\tabs\tabs-hook.php:36
actionaccordions_tabs_maintemplates\tabs\tabs-hook.php:286
actionaccordions_tabs_maintemplates\tabs\tabs-hook.php:478
actionaccordions_tabs_maintemplates\tabs\tabs-hook.php:511
actionaccordions_tabs_main_no_contenttemplates\tabs\tabs-hook.php:534
actionaccordions_builder_tabstemplates\tabs-builder\tabs-builder-hook.php:4

Scheduled Events 21

accordions_cron_upgrade_settings
accordions_cron_reset_migrate
accordions_import_cron_arconix_faq
accordions_import_cron_easy_accordion_free
accordions_import_cron_responsive_accordion_collapse
accordions_import_cron_responsive_tabs
accordions_import_cron_tabs_responsive
accordions_import_cron_tabby_responsive_tabs
accordions_import_cron_easy_responsive_tabs
accordions_import_cron_everest_tab_lite
accordions_import_cron_quick_easy_faqs
accordions_import_cron_shortcodes_ultimate
accordions_import_cron_sp_faq
accordions_import_cron_squelch_tabs_accordions
accordions_import_cron_ultimate_faqs
accordions_import_cron_tabs_shortcode
accordions_import_cron_wonderplugin_tabs_trial
accordions_import_cron_accordion_shortcodes
accordions_import_cron_wp_shortcode
accordions_import_cron_meks_flexible_shortcodes
accordions_cron_upgrade_accordions
Maintenance & Trust

Accordions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 23, 2026
PHP min version
Downloads1.3M

Community Trust

Rating90/100
Number of ratings90
Active installs20K
Alternatives

Accordions Alternatives

Meks Flexible Shortcodes

Meks Flexible Shortcodes

meks-flexible-shortcodes

A
97

Add some cool elements to your post/page content with flexible shortcodes.

10K 3 CVEs
Tabby Responsive Tabs

Tabby Responsive Tabs

tabby-responsive-tabs

A
100

Create responsive tabs inside your posts, pages or custom post content by adding simple shortcodes inside the post editor.

10K No CVEs
Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages

Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages

unlimited-elementor-inner-sections-by-boomdevs

A
99

Lightweight Elementor Addons plugin with essential Elementor widgets: Accordion, Tabs, CTA, Pricing Table, Testimonials, Post Grid, forms & more.

6K 2 CVEs
Responsive Tabs

Responsive Tabs

responsive-tabs

A
97

A responsive & clean way to display your content. Create new tabs in no-time (custom type) and copy-paste the shortcode into any post/page.

4K 5 CVEs
Tag Groups is the Advanced Way to Display Your Taxonomy Terms

Tag Groups is the Advanced Way to Display Your Taxonomy Terms

tag-groups

A
99

Tag Groups allows you to organize your WordPress taxonomy terms and show them in clouds, tabs, accordions, tables, lists and much more.

3K 2 CVEs
Developer Profile

Accordions Developer Profile

PickPlugins

14 plugins · 94K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
330 days
View full developer profile
Detection Fingerprints

How We Detect Accordions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accordions/assets/css/animate.min.css/wp-content/plugins/accordions/assets/frontend/js/scripts.js/wp-content/plugins/accordions/assets/frontend/css/style.css/wp-content/plugins/accordions/assets/global/css/style-tabs.css/wp-content/plugins/accordions/assets/global/css/themesTabs.style.css/wp-content/plugins/accordions/assets/global/css/font-awesome-5.css/wp-content/plugins/accordions/assets/global/css/font-awesome-4.css/wp-content/plugins/accordions/assets/frontend/css/jquery-ui.css+8 more
Script Paths
/wp-content/plugins/accordions/assets/frontend/js/scripts.js/wp-content/plugins/accordions/templates/accordions-builder/front-scripts.js/wp-content/plugins/accordions/templates/tabs-builder/front-scripts.js/wp-content/plugins/accordions/templates/image-accordion/front-scripts.js/wp-content/plugins/accordions/assets/admin/js/scripts.js
Version Parameters
accordions/style.css?ver=accordions_animate?ver=accordions_front_scripts?ver=tabs_front_scripts?ver=image_accordion_front_scripts?ver=accordions_js?ver=accordions-style?ver=style-tabs?ver=accordions-tabs?ver=fontawesome-5?ver=fontawesome-4?ver=jquery-ui?ver=accordions-themes?ver=bootstrap-icons?ver=fontawesome-icons?ver=icofont-icons?ver=accordions_admin_js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-accordionpp-tabpp-faq-gridpp-accordions-builderpp-tabs-builderpp-image-accordion
Data Attributes
data-pp-accordiondata-pp-tabdata-pp-faq-griddata-pp-accordions-builderdata-pp-tabs-builderdata-pp-image-accordion
JS Globals
accordions_ajax
Shortcode Output
[accordions[pp_accordions[pp_tabs[pp_faq_grid
FAQ

Frequently Asked Questions about Accordions