
Archives by Category Security & Risk Analysis
wordpress.org/plugins/archives-by-category-v20This will create a list of all your posts. They will be ordered alphabetically by category. Category names will be anchor links so you
Is Archives by Category Safe to Use in 2026?
Generally Safe
Score 85/100Archives by Category has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "archives-by-category-v20" plugin v1.0 presents a mixed security profile. On the positive side, the static analysis indicates a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Crucially, the code signals show that all identified output is properly escaped, and there are no dangerous functions, file operations, or external HTTP requests. The lack of known CVEs and past vulnerabilities is also a strong indicator of a generally secure development practice.
However, a significant concern arises from the SQL queries. The analysis reveals three SQL queries, none of which utilize prepared statements. This means that if any user-controlled data is ever incorporated into these queries, the plugin would be vulnerable to SQL injection attacks. The absence of nonce and capability checks, while not directly exploitable due to the lack of other entry points, suggests a potential for future vulnerabilities if new entry points are introduced without proper security considerations. The taint analysis showing zero flows is good but may be limited by the scope of the analysis or the plugin's limited functionality.
In conclusion, while the plugin exhibits good practices in output escaping and has a clean vulnerability history, the unescaped SQL queries represent a critical potential security flaw. The plugin's strengths lie in its limited attack surface and proper output handling, but the reliance on raw SQL without prepared statements is a notable weakness that requires immediate attention.
Key Concerns
- Raw SQL queries without prepared statements
Archives by Category Security Vulnerabilities
Archives by Category Release Timeline
Archives by Category Code Analysis
SQL Query Safety
Archives by Category Attack Surface
WordPress Hooks 2
Maintenance & Trust
Archives by Category Maintenance & Trust
Maintenance Signals
Community Trust
Archives by Category Alternatives
No alternatives data available yet.
Archives by Category Developer Profile
6 plugins · 80 total installs
How We Detect Archives by Category
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
<!-- archivesbycategory --><li><h3><a name=""></a></h3></li><li><a href="">