Does AlphaListing have any unpatched vulnerabilities?

No. All known vulnerabilities in AlphaListing have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AlphaListing compatible with WordPress 6.9.4?

According to WordPress.org data, AlphaListing 4.3.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AlphaListing compatible with PHP 8.0+?

AlphaListing requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AlphaListing updated?

AlphaListing was last updated on Dec 8, 2025. Frequent updates are generally a positive security signal.

What is AlphaListing's security score?

AlphaListing has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AlphaListing Security & Risk Analysis

wordpress.org/plugins/alphalisting

Provides an A to Z index page and widget.

400 active installs v4.3.7 PHP 8.0+ WP 5.0+ Updated Dec 8, 2025

a-to-za-zindexlistingwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AlphaListing Safe to Use in 2026?

Generally Safe

Score 100/100

AlphaListing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "alphalisting" plugin v4.3.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries utilizing prepared statements and a high rate (96%) of properly escaped output, significantly mitigating the risk of SQL injection and Cross-Site Scripting (XSS) vulnerabilities originating from these areas. The absence of known CVEs and a clean vulnerability history is also a strong indicator of a generally well-maintained codebase. However, a significant concern arises from the presence of two AJAX handlers that lack authentication checks. This creates a direct attack vector where unauthenticated users could potentially trigger sensitive functionality within the plugin, leading to unintended consequences or information disclosure.

The static analysis reveals a total of three entry points into the plugin's code, with two of these being unprotected AJAX handlers. This is the most critical finding, as it represents a clear and present risk. The taint analysis, while showing zero flows with unsanitized paths or critical/high severity, does not negate the risk posed by the unprotected AJAX endpoints. The plugin's vulnerability history being completely clean is a positive sign, suggesting that the developers have historically addressed security issues effectively. In conclusion, while the "alphalisting" plugin scores well in several key security areas like SQL and output sanitization, the unprotected AJAX endpoints represent a substantial weakness that requires immediate attention to prevent potential exploitation.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

AlphaListing Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

AlphaListing Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

138 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

96% escaped144 total outputs

Attack Surface

2 unprotected

AlphaListing Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_alphalisting_get_autocomplete_post_titleswidgets\class-alphalisting-widget.php:584

noprivwp_ajax_alphalisting_get_autocomplete_post_titleswidgets\class-alphalisting-widget.php:585

Shortcodes 1

[alphalisting] src\Shortcode.php:26

WordPress Hooks 24

actioninitalphalisting.php:78

actionwp_enqueue_scriptsfunctions\enqueues.php:78

actioncustomize_controls_enqueue_scriptsfunctions\enqueues.php:81

actionwp_enqueue_scriptsfunctions\enqueues.php:103

actioninitfunctions\enqueues.php:106

filtersite_status_testsfunctions\health-check.php:30

filtersite_status_test_php_modulesfunctions\health-check.php:84

actionalphalisting_logfunctions\helpers.php:14

actionwp_enqueue_scriptsfunctions\scripts.php:48

filteralphalisting-alphabetsrc\Grouping.php:48

filterthe-a-z-letter-titlesrc\Grouping.php:49

filteralphalisting_extract_item_indicessrc\Indices.php:26

filteralphalisting-alphabetsrc\Numbers.php:47

filterthe-a-z-letter-titlesrc\Numbers.php:48

actionalphalisting_shortcode_startsrc\Shortcode\Extension.php:64

actionalphalisting_shortcode_endsrc\Shortcode\Extension.php:65

filteralphalisting_get_shortcode_attributessrc\Shortcode\Extension.php:68

filterposts_fieldssrc\Shortcode\PostsQuery.php:40

filteralphalisting_shortcode_query_typessrc\Shortcode\Query.php:37

actionadmin_enqueue_scriptswidgets\class-alphalisting-widget.php:48

actionwp_enqueue_scriptswidgets\class-alphalisting-widget.php:49

filterposts_searchwidgets\class-alphalisting-widget.php:535

actionwidgets_initwidgets\class-alphalisting-widget.php:596

actionadmin_enqueue_scriptswidgets\class-alphalisting-widget.php:607

Maintenance & Trust

AlphaListing Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 8, 2025

PHP min version8.0

Downloads2K

Community Trust

Rating100/100

Number of ratings4

Active installs400

Alternatives

AlphaListing Alternatives

Card Elements for Elementor

card-elements-for-elementor

Showcase useful elements with card style for elementor page builder.

3K 2 CVEs

NS Category Widget

ns-category-widget

100

A plugin to add widget for listing Categories and Taxonomies. Extending Default WordPress Category Widget.

1K No CVEs

Listings Post Type Enable

listings-post-type-enable

A simple plugin that creates a "listings" custom post type. It is also add a recent listings custom widget and a new category listings widge …

100 No CVEs

WP LIST PAGES BY CUSTOM TAXONOMY

wp-list-pages-by-custom-taxonomy

Widget to lists posts of any active post-type, filtering by any term of any active custom taxonomy. display title, or thumb, date and excerpt too.

100 No CVEs

BMI Calculator

bmi-calculator

This BMI calculator can give out the BMI value as well as basic understandings based on age, height, and weight.

90 No CVEs

Developer Profile

AlphaListing Developer Profile

Ethan Lin

2 plugins · 460 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AlphaListing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/alphalisting/css/alphalisting-default.css/wp-content/plugins/alphalisting/css/alphalisting-customize.css/wp-content/plugins/alphalisting/scripts/alphalisting-tabs.js/wp-content/plugins/alphalisting/scripts/alphalisting-widget-admin.js

Script Paths

/wp-content/plugins/alphalisting/scripts/alphalisting-tabs.js/wp-content/plugins/alphalisting/scripts/alphalisting-widget-admin.js

Version Parameters

alphalisting/css/alphalisting-default.css?ver=alphalisting/css/alphalisting-customize.css?ver=alphalisting/scripts/alphalisting-tabs.js?ver=alphalisting/scripts/alphalisting-widget-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

alphalisting-azalphalisting-az-headeralphalisting-az-indexalphalisting-az-listalphalisting-az-list-itemalphalisting-az-list-item-letteralphalisting-az-list-item-postalphalisting-az-list-item-term+8 more

Data Attributes

data-alphalisting-targetdata-alphalisting-viewdata-alphalisting-widget-instance

JS Globals

alphalisting_widget_admin

Shortcode Output

[alphalisting][alphalisting_posts][alphalisting_terms]

FAQ