Does Advanced Blogroll have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Blogroll have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Blogroll compatible with WordPress 2.8.4?

According to WordPress.org data, Advanced Blogroll 1.4 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is Advanced Blogroll updated?

Advanced Blogroll was last updated on Aug 28, 2009. Frequent updates are generally a positive security signal.

What is Advanced Blogroll's security score?

Advanced Blogroll has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Blogroll Security & Risk Analysis

wordpress.org/plugins/advanced-blogroll

Advanced Blogroll Widget displays your bookmarks as you want. You can customize your blogroll.

100 active installs v1.4 PHP + WP 2.3+ Updated Aug 28, 2009

advanced-blogrollblogrollblogroll-widgetwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advanced Blogroll Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Blogroll has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The advanced-blogroll plugin v1.4 exhibits a mixed security posture. While the static analysis shows no identified attack surface from AJAX, REST API, shortcodes, or cron events, and no dangerous functions or file operations are detected, there are significant concerns regarding output escaping. A concerning 100% of the 38 identified output operations are not properly escaped, leaving the plugin highly susceptible to cross-site scripting (XSS) vulnerabilities. Furthermore, the lack of any capability checks or nonce checks on the identified entry points (though none are present) means that if any were introduced in future versions without proper security measures, they would be unprotected. The plugin's vulnerability history is currently clean, with no known CVEs. This, combined with the absence of dangerous functions and SQL injection risks due to prepared statements, suggests a generally good effort in core secure coding practices, but the critical flaw in output sanitization poses a severe, exploitable risk.

Key Concerns

0% of outputs properly escaped
No capability checks
No nonce checks

Vulnerabilities

None known

Advanced Blogroll Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Advanced Blogroll Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped38 total outputs

Attack Surface

Advanced Blogroll Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionplugins_loadedadvanced_blogroll.php:339

actionwidgets_initadvanced_blogroll.php:345

Maintenance & Trust

Advanced Blogroll Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedAug 28, 2009

PHP min version

Downloads17K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Advanced Blogroll Alternatives

RSS Blogroll

rss-blogroll

Sidebar widget that links to recent entries from RSS/Atom feeds.

100 No CVEs

Google Reader Blogroll Widget

google-reader-blogroll-widget

100

Simple widget(s) to list your Google Reader subscriptions as blogroll.

10 No CVEs

WP-LinkEX

wp-linkex

This plugin allows you to easily display the links included in your LinkEX installation directly in a WordPress widget.

10 No CVEs

WPW-Linkslist

wpw-linkslist

A flexible replacement for the standard links widget, for wordpress 2.0.x only.

10 No CVEs

Classic Widgets

classic-widgets

100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs

Developer Profile

Advanced Blogroll Developer Profile

yakuphan

4 plugins · 660 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Blogroll

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

ab_bookmarksab_imageslinkimg

Data Attributes

data-widget-id

Shortcode Output

<ul class="ab_bookmarks"><div class="ab_images">

FAQ

Advanced Blogroll Security & Risk Analysis

Is Advanced Blogroll Safe to Use in 2026?

Generally Safe

Key Concerns

Advanced Blogroll Security Vulnerabilities

Advanced Blogroll Code Analysis

Output Escaping

Advanced Blogroll Attack Surface

Advanced Blogroll Maintenance & Trust

Maintenance Signals

Community Trust

Advanced Blogroll Alternatives

RSS Blogroll

Google Reader Blogroll Widget

WP-LinkEX

WPW-Linkslist

Classic Widgets

Advanced Blogroll Developer Profile

How We Detect Advanced Blogroll

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Advanced Blogroll