Archives by Category Security & Risk Analysis

wordpress.org/plugins/archives-by-category-v20

This will create a list of all your posts. They will be ordered alphabetically by category. Category names will be anchor links so you

10 active installs v1.0 PHP + WP 2.3.0+ Updated Oct 17, 2007
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Archives by Category Safe to Use in 2026?

Generally Safe

Score 85/100

Archives by Category has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 18yr ago
Risk Assessment

The "archives-by-category-v20" plugin v1.0 presents a mixed security profile. On the positive side, the static analysis indicates a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Crucially, the code signals show that all identified output is properly escaped, and there are no dangerous functions, file operations, or external HTTP requests. The lack of known CVEs and past vulnerabilities is also a strong indicator of a generally secure development practice.

However, a significant concern arises from the SQL queries. The analysis reveals three SQL queries, none of which utilize prepared statements. This means that if any user-controlled data is ever incorporated into these queries, the plugin would be vulnerable to SQL injection attacks. The absence of nonce and capability checks, while not directly exploitable due to the lack of other entry points, suggests a potential for future vulnerabilities if new entry points are introduced without proper security considerations. The taint analysis showing zero flows is good but may be limited by the scope of the analysis or the plugin's limited functionality.

In conclusion, while the plugin exhibits good practices in output escaping and has a clean vulnerability history, the unescaped SQL queries represent a critical potential security flaw. The plugin's strengths lie in its limited attack surface and proper output handling, but the reliance on raw SQL without prepared statements is a notable weakness that requires immediate attention.

Key Concerns

  • Raw SQL queries without prepared statements
Vulnerabilities
None known

Archives by Category Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Archives by Category Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Archives by Category Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries
Attack Surface

Archives by Category Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
filterthe_contentArchivesByCategoryV1.0.php:81
filterthe_contentArchivesByCategoryV2.0.php:75
Maintenance & Trust

Archives by Category Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedOct 17, 2007
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Archives by Category Alternatives

No alternatives data available yet.

Developer Profile

Archives by Category Developer Profile

ljmacphee

6 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Archives by Category

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
<!-- archivesbycategory -->
Shortcode Output
<li><h3><a name=""></a></h3></li><li><a href="">
FAQ

Frequently Asked Questions about Archives by Category