Advanced Featured Page Widget Security & Risk Analysis
wordpress.org/plugins/advanced-featured-page-widgetThis plugin allows you to add a featured page using a widget.
Is Advanced Featured Page Widget Safe to Use in 2026?
Generally Safe
Score 85/100Advanced Featured Page Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "advanced-featured-page-widget" plugin v1.2 exhibits a mixed security posture. On the positive side, there are no identified AJAX handlers, REST API routes, shortcodes, or cron events that expose an attack surface, and importantly, no known vulnerabilities or CVEs are recorded in its history. All SQL queries are correctly using prepared statements, and there are no file operations or external HTTP requests, which are excellent practices for reducing risk.
However, significant concerns arise from the static code analysis. The use of the `create_function` is a critical security anti-pattern, potentially leading to code injection vulnerabilities if user-supplied data is ever passed to it, even indirectly. Furthermore, a very low percentage (17%) of output escaping indicates a high likelihood of cross-site scripting (XSS) vulnerabilities. The complete absence of nonce and capability checks for any potential entry points, although the current attack surface appears minimal, leaves the plugin highly vulnerable if new entry points are introduced in future versions or if the static analysis missed something.
While the lack of vulnerability history is a strong positive signal, the presence of `create_function` and widespread output escaping deficiencies are serious weaknesses. The plugin has strengths in its limited attack surface and secure SQL usage but has critical flaws in output sanitization and code execution safety that require immediate attention.
Key Concerns
- Use of dangerous function 'create_function'
- Low percentage of properly escaped output (17%)
- No nonce checks found
- No capability checks found
Advanced Featured Page Widget Security Vulnerabilities
Advanced Featured Page Widget Code Analysis
Dangerous Functions Found
Output Escaping
Advanced Featured Page Widget Attack Surface
WordPress Hooks 1
Maintenance & Trust
Advanced Featured Page Widget Maintenance & Trust
Maintenance Signals
Community Trust
Advanced Featured Page Widget Alternatives
Feature A Page Widget
feature-a-page-widget
A widget to display an attractive summary of any page in any widget area.
Feature Me – CTA Widget
feature-me
A simple widget that allows you to feature any page or post on your website.
Classic Widgets
classic-widgets
Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor
elementskit-lite
Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget
Essential Addons for Elementor – Popular Elementor Templates & Widgets
essential-addons-for-elementor-lite
Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.
Advanced Featured Page Widget Developer Profile
2 plugins · 310 total installs
How We Detect Advanced Featured Page Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
byline<!--end post_class()-->id="advanced-featured-page-widget-name="advanced-featured-page-widget-for="advanced-featured-page-widget-wp_dropdown_pages( array( 'name' => $this->get_field_name( 'page_id' ), 'selected' => $instance['page_id'] ) );advanced_page_widget_get_additional_image_sizes();