WP-Safety

Advanced Categories Widget Security & Risk Analysis

wordpress.org/plugins/advanced-categories-widget

A highly customizable categories widget for WordPress with thumbnails and descriptions.

800 active installs v1.2 PHP + WP 4.4+ Updated Aug 11, 2016
categoriescategories-widgetcategorycategory-widgetpost-category
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Categories Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Categories Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "advanced-categories-widget" v1.2 plugin exhibits a generally positive security posture, primarily due to the absence of known vulnerabilities and the presence of secure coding practices in critical areas. The static analysis indicates no direct attack surface through AJAX, REST API, shortcodes, or cron events, and importantly, no dangerous functions or direct SQL queries without prepared statements are identified. However, a significant concern lies in the output escaping. With only 39% of the 119 identified outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is directly rendered in the frontend without adequate sanitization. Furthermore, the complete lack of nonce checks and capability checks on potential entry points (even though the identified attack surface is zero) suggests a potential oversight in WordPress security best practices, which could become a risk if new entry points were introduced in future versions. The plugin's clean vulnerability history is a strong positive, suggesting a history of secure development, but the identified output escaping issues represent a tangible risk that needs immediate attention. Overall, while the plugin demonstrates a good foundation by avoiding common pitfalls, the lack of robust output escaping significantly lowers its security score and requires remediation to be considered truly secure.

Key Concerns

  • Low output escaping percentage
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Advanced Categories Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Advanced Categories Widget Release Timeline

v1.2Current
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Advanced Categories Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
72
47 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

39% escaped119 total outputs
Attack Surface

Advanced Categories Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionplugins_loadedadvanced-categories-widget.php:51
actionwidgets_initinc\class-advanced-categories-widget-init.php:117
actionadmin_enqueue_scriptsinc\class-advanced-categories-widget-init.php:148
actioncustomize_controls_enqueue_scriptsinc\class-advanced-categories-widget-init.php:149
actionadmin_enqueue_scriptsinc\class-advanced-categories-widget-init.php:151
actioncustomize_controls_enqueue_scriptsinc\class-advanced-categories-widget-init.php:152
actioncustomize_controls_enqueue_scriptsinc\class-advanced-categories-widget-init.php:153
actionacatw_update_widgetinc\class-advanced-categories-widget-init.php:225
actioncustomize_save_widget_advanced-categories-widgetinc\class-advanced-categories-widget-init.php:226
actionwp_enqueue_scriptsinc\class-advanced-categories-widget-init.php:299
actiondelete_widgetinc\class-advanced-categories-widget-init.php:346
Maintenance & Trust

Advanced Categories Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedAug 11, 2016
PHP min version
Downloads22K

Community Trust

Rating100/100
Number of ratings8
Active installs800
Alternatives

Advanced Categories Widget Alternatives

WP Categories Widget

WP Categories Widget

wp-categories-widget

A
100

Display the list of categories for any taxonomies type (WooCommerce Product Category, Blog Category, Project Category...etc) in sidebar

7K 1 CVE
Simple Author Widget

Simple Author Widget

simple-author-widget

A
85

Easy way to display the Author profile with four social networking profiles using widget.

10 No CVEs
Show Custom Category

Show Custom Category

show-custom-category

A
85

Add specific or all categories to post pages with a simple shortcode.

0 No CVEs
Category Order and Taxonomy Terms Order

Category Order and Taxonomy Terms Order

taxonomy-terms-order

A
99

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs
Categories Images

Categories Images

categories-images

A
98

The Categories Images is a Wordpress plugin allow you to add image to category, tag or custom taxonomy.

50K 2 CVEs
Developer Profile

Advanced Categories Widget Developer Profile

darrinb

13 plugins · 2K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Categories Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-categories-widget/css/widgins.css/wp-content/plugins/advanced-categories-widget/css/admin.css/wp-content/plugins/advanced-categories-widget/js/widgins.js
Script Paths
/wp-content/plugins/advanced-categories-widget/js/widgins.js
Version Parameters
advanced-categories-widget/css/widgins.css?ver=advanced-categories-widget/css/admin.css?ver=advanced-categories-widget/js/widgins.js?ver=

HTML / DOM Fingerprints

CSS Classes
widget-advanced-categories-widget
Data Attributes
data-widget-id
JS Globals
widgins
FAQ

Frequently Asked Questions about Advanced Categories Widget