WP-Safety

Accordions – Responsive Accordion & FAQ Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/accordions-wp

Responsive, lightweight, and fully customizable accordion plugin for WordPress. Perfect for FAQs, content organization, and improving user experience.

1K active installs v3.0.5 PHP + WP 4.0+ Updated Feb 9, 2026
accordionaccordionsaccordions-shortcodejquery-accordionsresponsive-accordions
96
A · Safe
CVEs total3
Unpatched0
Last CVEJan 7, 2026
Plugin page Download
Safety Verdict

Is Accordions – Responsive Accordion & FAQ Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 96/100

Accordions – Responsive Accordion & FAQ Plugin for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 7, 2026Updated 1mo ago
Risk Assessment

The "accordions-wp" plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by employing prepared statements for all SQL queries and including a substantial number of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The absence of direct file operations and external HTTP requests further reduces potential attack vectors.

However, concerns arise from the static analysis results. While the total number of entry points is low, the presence of a taint flow with unsanitized paths, particularly one identified as high severity, is a significant risk. This suggests that user-supplied data is not being properly validated or neutralized before being used in a sensitive operation, potentially leading to cross-site scripting or other injection vulnerabilities.

The plugin's vulnerability history, with three previously disclosed medium-severity CVEs, all related to Cross-site Scripting, reinforces the concern raised by the taint analysis. Although there are currently no unpatched vulnerabilities, the recurring nature of XSS issues suggests a persistent weakness in input sanitization. The outdated bundled library (Select2 v3.4.5) also presents a minor, but nonetheless real, security concern as older versions often contain known vulnerabilities. The overall risk is moderate, with the high-severity taint flow being the most pressing issue.

Key Concerns

  • High severity taint flow with unsanitized paths
  • Bundled outdated library: Select2 v3.4.5
  • 3 known medium severity CVEs historically
  • 78% output escaping (22% unescaped)
Vulnerabilities
3

Accordions – Responsive Accordion & FAQ Plugin for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-69350medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 3.0.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Jan 7, 2026 Patched in 3.0.4 (7d)
CVE-2023-47809medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 2.6 - Authenticated (Editor+) Stored Cross-Site Scripting via accordion settings

Nov 15, 2023 Patched in 2.7 (69d)
CVE-2023-5666medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accordion <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 29, 2023 Patched in 2.7 (86d)
Code Analysis
Analyzed Mar 16, 2026

Accordions – Responsive Accordion & FAQ Plugin for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
81
281 escaped
Nonce Checks
7
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select23.4.5

Output Escaping

78% escaped362 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
request_image_ajax_callback (metabox\classes.fields.php:561)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Accordions – Responsive Accordion & FAQ Plugin for WordPress Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_cmb2_oembed_handlerinc\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerinc\cmb2\includes\CMB2_Ajax.php:52
authwp_ajax_cmb_request_imagemetabox\classes.fields.php:581
authwp_ajax_cmb_post_selectmetabox\classes.fields.php:1261

Shortcodes 1

[tcpaccordion] custom-accordion-wp.php:178
WordPress Hooks 66
actionplugins_loadedcustom-accordion-wp.php:36
actionwp_enqueue_scriptscustom-accordion-wp.php:49
actionadmin_enqueue_scriptscustom-accordion-wp.php:67
filtercmb_meta_boxescustom-accordion-wp.php:120
filterenter_title_herecustom-accordion-wp.php:132
actionadmin_initcustom-accordion-wp.php:141
actionadmin_menucustom-accordion-wp.php:156
actioninitinc\accordions-wp-post-type.php:58
actionadd_meta_boxesinc\accordions-wp-post-type.php:69
actionsave_postinc\accordions-wp-post-type.php:348
filtermanage_accordion_tp_posts_columnsinc\accordions-wp-post-type.php:366
actionmanage_accordion_tp_posts_custom_columninc\accordions-wp-post-type.php:378
actionedit_form_after_titleinc\accordions-wp-post-type.php:428
actioncmb2_admin_initinc\cmb2\example-functions.php:105
actioncmb2_admin_initinc\cmb2\example-functions.php:467
actioncmb2_admin_initinc\cmb2\example-functions.php:498
actioncmb2_admin_initinc\cmb2\example-functions.php:563
actioncmb2_admin_initinc\cmb2\example-functions.php:633
actioncmb2_admin_initinc\cmb2\example-functions.php:675
actioncmb2_initinc\cmb2\example-functions.php:777
filterwp_prepare_attachment_for_jsinc\cmb2\includes\CMB2.php:1469
actionadmin_enqueue_scriptsinc\cmb2\includes\CMB2.php:1486
actioncmb2_save_options-page_fieldsinc\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadatainc\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadatainc\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_oninc\cmb2\includes\CMB2_hookup.php:79
actionedit_form_topinc\cmb2\includes\CMB2_hookup.php:115
actionedit_form_before_permalinkinc\cmb2\includes\CMB2_hookup.php:119
actionedit_form_after_titleinc\cmb2\includes\CMB2_hookup.php:123
actionedit_form_after_editorinc\cmb2\includes\CMB2_hookup.php:127
actionadd_meta_boxesinc\cmb2\includes\CMB2_hookup.php:131
actionadd_meta_boxesinc\cmb2\includes\CMB2_hookup.php:134
actionadd_attachmentinc\cmb2\includes\CMB2_hookup.php:135
actionedit_attachmentinc\cmb2\includes\CMB2_hookup.php:136
actionsave_postinc\cmb2\includes\CMB2_hookup.php:137
actionadd_meta_boxes_commentinc\cmb2\includes\CMB2_hookup.php:150
actionedit_commentinc\cmb2\includes\CMB2_hookup.php:151
filtermanage_edit-comments_columnsinc\cmb2\includes\CMB2_hookup.php:154
actionmanage_comments_custom_columninc\cmb2\includes\CMB2_hookup.php:155
actionshow_user_profileinc\cmb2\includes\CMB2_hookup.php:164
actionedit_user_profileinc\cmb2\includes\CMB2_hookup.php:165
actionuser_new_forminc\cmb2\includes\CMB2_hookup.php:166
actionpersonal_options_updateinc\cmb2\includes\CMB2_hookup.php:168
actionedit_user_profile_updateinc\cmb2\includes\CMB2_hookup.php:169
actionuser_registerinc\cmb2\includes\CMB2_hookup.php:170
filtermanage_users_columnsinc\cmb2\includes\CMB2_hookup.php:173
filtermanage_users_custom_columninc\cmb2\includes\CMB2_hookup.php:174
actioncreated_terminc\cmb2\includes\CMB2_hookup.php:222
actionedited_termsinc\cmb2\includes\CMB2_hookup.php:223
actiondelete_terminc\cmb2\includes\CMB2_hookup.php:224
actioncmb2_do_oembedinc\cmb2\includes\helper-functions.php:131
filteris_protected_metainc\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitinc\cmb2\init.php:126
actionadd_meta_boxesmetabox\class.cmb-meta-box.php:27
actioncmb_init_fieldsmetabox\class.cmb-meta-box.php:28
actionadmin_headmetabox\class.cmb-meta-box.php:33
actionadmin_menumetabox\class.cmb-meta-box.php:35
actionsave_postmetabox\class.cmb-meta-box.php:36
actioncmb_save_fieldsmetabox\class.cmb-meta-box.php:37
actionadmin_enqueue_scriptsmetabox\class.cmb-meta-box.php:39
actionadmin_enqueue_scriptsmetabox\class.cmb-meta-box.php:40
filtercmb_show_onmetabox\class.cmb-meta-box.php:42
filtercmb_show_onmetabox\class.cmb-meta-box.php:43
actioninitmetabox\custom-meta-boxes.php:81
filterquerymetabox\custom-meta-boxes.php:172
filtercmb_meta_boxesmetabox\example-functions.php:104
Maintenance & Trust

Accordions – Responsive Accordion & FAQ Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 9, 2026
PHP min version
Downloads58K

Community Trust

Rating92/100
Number of ratings9
Active installs1K
Alternatives

Accordions – Responsive Accordion & FAQ Plugin for WordPress Alternatives

Smart Accordion

Smart Accordion

smart-accordion

A
100

Smart Accordion is an stylish and customizable tool to shape and display on your website a list of the most frequent customer questions with answers.

10 No CVEs
WP Accordions

WP Accordions

wp-accordions

A
100

WP Accordions with font color, background color styling options and 100% resposinve.

0 No CVEs
Accordion Blocks

Accordion Blocks

accordion-blocks

A
85

Gutenberg block for creating responsive accordion drop-downs.

10K No CVEs
Meks Flexible Shortcodes

Meks Flexible Shortcodes

meks-flexible-shortcodes

A
97

Add some cool elements to your post/page content with flexible shortcodes.

10K 3 CVEs
Gutena Accordion – Beautiful FAQ Accordion Block

Gutena Accordion – Beautiful FAQ Accordion Block

gutena-accordion

A
100

Gutena Accordion is a WordPress Plugin which makes accordion dropdown creation really easy inside the block editor. Furthermore, it is very light weig &hellip;

5K No CVEs
Developer Profile

Accordions – Responsive Accordion & FAQ Plugin for WordPress Developer Profile

Themepoints

19 plugins · 10K total installs

84
trust score
Avg Security Score
94/100
Avg Patch Time
66 days
View full developer profile
Detection Fingerprints

How We Detect Accordions – Responsive Accordion & FAQ Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accordions-wp/css/responsive-accordion.css/wp-content/plugins/accordions-wp/css/style.css/wp-content/plugins/accordions-wp/js/responsive-accordion.min.js/wp-content/plugins/accordions-wp/admin/css/accordion-backend-admin.css/wp-content/plugins/accordions-wp/admin/js/accordion-backend-admin.js/wp-content/plugins/accordions-wp/admin/js/color-picker.js
Script Paths
/wp-content/plugins/accordions-wp/js/responsive-accordion.min.js/wp-content/plugins/accordions-wp/admin/js/accordion-backend-admin.js/wp-content/plugins/accordions-wp/admin/js/color-picker.js

HTML / DOM Fingerprints

CSS Classes
accordion-titleaccordion-detailstcpaccordion
Data Attributes
data-accordion-id
JS Globals
TCP_accordions_wordpress_table_body
Shortcode Output
[tcpaccordion
FAQ

Frequently Asked Questions about Accordions – Responsive Accordion & FAQ Plugin for WordPress