WP-Safety

Advanced Category Column Security & Risk Analysis

wordpress.org/plugins/advanced-category-column

The Advanced Category Column is a very customizable multi-widget for your sidebar.

30 active installs v3.5 PHP + WP 2.9+ Updated Feb 26, 2016
categorycolumnnewspapersidebarwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Category Column Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Category Column has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'advanced-category-column' v3.5 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices with all SQL queries using prepared statements and no external HTTP requests or bundled libraries. Its attack surface is currently zero, and there's no recorded vulnerability history, suggesting a generally stable codebase. However, significant concerns arise from the static analysis. The presence of the `create_function` is a critical red flag, as it is deprecated and can be a source of serious security vulnerabilities if not handled with extreme care, especially concerning user-supplied input. Furthermore, the low rate of proper output escaping (30%) is a substantial risk, indicating a high potential for cross-site scripting (XSS) vulnerabilities. The taint analysis also reveals flows with unsanitized paths, which, while not currently flagged as critical or high severity, warrant attention as they could be exploited under specific conditions.

Key Concerns

  • Use of dangerous function: create_function
  • Low percentage of properly escaped output
  • Flows with unsanitized paths
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Advanced Category Column Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Advanced Category Column Release Timeline

v3.5Current
v3.4.2
v3.4.1
v3.4
v3.3
v3.2.2
v3.2.1
v3.2
v3.1
v3.0
v2.9
v2.8.2
v2.8.1
v2.8
v2.7.5
v2.7.4
v2.7.3
v2.7.2
v2.7.1
v2.7
Code Analysis
Analyzed Apr 16, 2026

Advanced Category Column Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
66
28 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("Advanced_Category_Column_Widclass-lib/ACC_WidgetClass.php:404

SQL Query Safety

100% prepared2 total queries

Output Escaping

30% escaped94 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
file_template (class-lib/A5_DynamicFileClass.php:68)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Advanced Category Column Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actioninitadvanced-cc.php:64
actionwp_before_admin_bar_renderadvanced-cc.php:68
actionsave_postadvanced-cc.php:76
actiondeleted_postadvanced-cc.php:77
actionswitch_themeadvanced-cc.php:78
actionadmin_enqueue_scriptsadvanced-cc.php:80
filterplugin_row_metaadvanced-cc.php:82
filterplugin_action_linksadvanced-cc.php:83
actioninitclass-lib/A5_DynamicFileClass.php:43
actiontemplate_redirectclass-lib/A5_DynamicFileClass.php:44
actionadmin_initclass-lib/ACC_AdminClass.php:20
actionadmin_menuclass-lib/ACC_AdminClass.php:21
actionadmin_enqueue_scriptsclass-lib/ACC_AdminClass.php:22
actionwidgets_initclass-lib/ACC_WidgetClass.php:404
Maintenance & Trust

Advanced Category Column Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedFeb 26, 2016
PHP min version
Downloads16K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

Advanced Category Column Alternatives

Featured Category Widget

Featured Category Widget

category-feature

A
85

The Featured Category Widget is basically a Featured Post Widget for a category.

100 No CVEs
Category Column

Category Column

category-coloumn

A
85

The Category Column does simply, what the name says; it will show excerpts of the latest posts in your sidebar.

20 No CVEs
List Custom Taxonomy Widget

List Custom Taxonomy Widget

list-custom-taxonomy-widget

A
92

The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto …

9K 1 CVE
Recent Posts by Category Widget

Recent Posts by Category Widget

recent-posts-by-category-widget

A
85

Just like the default Recent Posts widget except you can choose a category to pull posts from.

4K No CVEs
LJ Multi Column Archive

LJ Multi Column Archive

lj-multi-column-archive

A
85

LJ Multi Column Archive is a Wordpress plugin/widget that allows you to display your archive list with multiple columns.

1K No CVEs
Developer Profile

Advanced Category Column Developer Profile

tepelstreel

11 plugins · 3K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Category Column

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-category-column/ta-expander.min.js/wp-content/plugins/advanced-category-column/ta-expander.js
Script Paths
/wp-content/plugins/advanced-category-column/ta-expander.min.js/wp-content/plugins/advanced-category-column/ta-expander.js
Version Parameters
advanced-category-column/ta-expander.min.js?ver=advanced-category-column/ta-expander.js?ver=

HTML / DOM Fingerprints

CSS Classes
acc-categories-wrapacc-categories-list
HTML Comments
<!--BEGIN ACC-POST-CONTENT--><!--END ACC-POST-CONTENT--><!--BEGIN ACC-IMG-WRAP--><!--END ACC-IMG-WRAP-->+4 more
Data Attributes
data-acc-post-iddata-acc-category-iddata-acc-post-excerpt
JS Globals
window.acc_settings
FAQ

Frequently Asked Questions about Advanced Category Column