Does Archive Page have any unpatched vulnerabilities?

No. All known vulnerabilities in Archive Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Archive Page compatible with WordPress 6.9.4?

According to WordPress.org data, Archive Page 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Archive Page updated?

Archive Page was last updated on Dec 5, 2025. Frequent updates are generally a positive security signal.

What is Archive Page's security score?

Archive Page has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Archive Page Security & Risk Analysis

wordpress.org/plugins/archive-page

Make archive page easily with full customize and in all languages of the world.

600 active installs v1.0.3 PHP + WP 2.8.0+ Updated Dec 5, 2025

archivearchive-pagearchive-templatearchivesarchives-page

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 24, 2025

Plugin page Download

Safety Verdict

Is Archive Page Safe to Use in 2026?

Generally Safe

Score 99/100

Archive Page has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 24, 2025Updated 4mo ago

Risk Assessment

The "archive-page" plugin v1.0.3 exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, the use of prepared statements for all SQL queries, and proper output escaping demonstrate adherence to fundamental security practices. Furthermore, the lack of file operations, external HTTP requests, and the absence of critical or high-severity taint flows are positive indicators. However, the plugin's static analysis reveals a notable lack of security checks like nonce checks and capability checks, which are critical for protecting entry points, especially shortcodes. The existence of one past medium-severity CVE for Cross-site Scripting, even though it is now patched, suggests that there might be a tendency for input sanitization to be overlooked in certain contexts within the plugin's development.

While the current version shows no critical vulnerabilities and all historical CVEs are patched, the reliance on shortcodes as the sole entry points without explicit nonce or capability checks presents a significant concern. Attackers could potentially exploit these unchecked shortcodes if they can trigger them with malicious input, leading to cross-site scripting or other input-based vulnerabilities. The plugin's overall security is compromised by this oversight, despite its strong foundation in other areas.

Key Concerns

Missing nonce checks on shortcodes
Missing capability checks on shortcodes
Past medium severity XSS vulnerability

Vulnerabilities

Archive Page Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-27280medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Archive Page <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 24, 2025 Patched in 1.0.3 (53d)

Code Analysis

Analyzed Mar 16, 2026

Archive Page Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped32 total outputs

Attack Surface

Archive Page Attack Surface

Entry Points8

Unprotected0

Shortcodes 8

[obi_daily_archive] archive-page.php:158

[obi_monthly_archive] archive-page.php:195

[obi_yearly_archive] archive-page.php:232

[obi_latest_posts] archive-page.php:269

[obi_get_cats] archive-page.php:304

[obi_get_tags] archive-page.php:341

[obi_get_pages] archive-page.php:378

[obi_get_authors] archive-page.php:415

WordPress Hooks 2

filterplugin_row_metaarchive-page.php:49

actionadmin_menushortcodes-page.php:8

Maintenance & Trust

Archive Page Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 5, 2025

PHP min version

Downloads14K

Community Trust

Rating100/100

Number of ratings3

Active installs600

Alternatives

Archive Page Alternatives

Archive Control

archive-control

Quickly customize your custom post type and taxonomy archives with a custom headline, image, and editable content. Modify order and pagination.

1K No CVEs

Disable Archive Pages

disable-archive-pages

100

Disable unwanted archive pages like category, tag, author, date, and custom post type archives.

40 No CVEs

Disable Author Archives

disable-author-archives

100

Disable Author Archives completely removes author archives and makes the web server return status code 404 ('Not Found') instead.

10K No CVEs

Smart Archive Page Remove

smart-archive-page-remove

Completely remove unwanted Archive Pages from your Blog

7K No CVEs

Simple Yearly Archive

simple-yearly-archive

100

Simple Yearly Archive is a rather neat and simple Wordpress plugin that allows you to display your archives in a year-based list.

6K 1 CVE

Developer Profile

Archive Page Developer Profile

Alobaidi

22 plugins · 33K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

52 days

View full developer profile

Detection Fingerprints

How We Detect Archive Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

obi-archive-titleobi-archive-daily-tobi-archive-listobi-archive-daily-lobi-archive-monthly-tobi-archive-monthly-lobi-archive-yearly-tobi-archive-yearly-l+2 more

Shortcode Output

<h3 class="obi-archive-title obi-archive-daily-t">Daily Archive</h3><ol class="obi-archive-list obi-archive-daily-l"><li><a href="

FAQ