Does ArtPlacer Widget have any unpatched vulnerabilities?

Yes — ArtPlacer Widget currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is ArtPlacer Widget compatible with WordPress 6.8.5?

According to WordPress.org data, ArtPlacer Widget 2.23.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ArtPlacer Widget compatible with PHP 5.2.4+?

ArtPlacer Widget requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ArtPlacer Widget updated?

ArtPlacer Widget was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is ArtPlacer Widget's security score?

ArtPlacer Widget has a WP-Safety security score of 67/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ArtPlacer Widget Security & Risk Analysis

wordpress.org/plugins/artplacer-widget

Allow your visitors visualize how artworks look on walls as soon as they land on your website!

200 active installs v2.23.2 PHP 5.2.4+ WP 4.0+ Updated Mar 4, 2026

art-visualizationartworksaugmented-realityhomevisualize

C · Use Caution

CVEs total5

Unpatched1

Last CVEJan 22, 2026

Plugin page Download

Safety Verdict

Is ArtPlacer Widget Safe to Use in 2026?

Use With Caution

Score 67/100

ArtPlacer Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

5 known CVEs 1 unpatched Last CVE: Jan 22, 2026Updated 1mo ago

Risk Assessment

The 'artplacer-widget' v2.23.2 plugin exhibits a mixed security posture. While the static analysis reveals a relatively small attack surface with no directly unprotected AJAX handlers or REST API routes, and no file operations or external HTTP requests, significant concerns arise from the code signals and vulnerability history. The low percentage of SQL queries using prepared statements (18%) and the similarly low percentage of properly escaped output (5%) are major red flags. These indicate a high likelihood of vulnerabilities like SQL Injection and Cross-Site Scripting, which are corroborated by the plugin's past vulnerability history. The plugin has a concerning history of 5 known CVEs, with one still unpatched, and a majority of these being medium or high severity. Common vulnerability types include XSS, SQL Injection, CSRF, and Missing Authorization, all of which point to fundamental weaknesses in input validation and authorization. The presence of an unpatched high-severity vulnerability, coupled with the code's apparent lack of robust sanitization and escaping, suggests a substantial ongoing risk to WordPress sites using this plugin.

Key Concerns

Unpatched High Severity CVE
Low percentage of prepared SQL statements
Low percentage of properly escaped output
No capability checks found
5 known CVEs in history

Vulnerabilities

ArtPlacer Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2026-24555medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ArtPlacer Widget <= 2.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 22, 2026Unpatched

CVE-2025-67517medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ArtPlacer Widget <= 2.22.9.2 - Authenticated (Contributor+) SQL Injection

Nov 23, 2025 Patched in 2.23 (18d)

CVE-2023-7269medium · 6.1Cross-Site Request Forgery (CSRF)

ArtPlacer Widget <= 2.21.1 - Cross-Site Request Forgery

Jun 28, 2024 Patched in 2.21.2 (36d)

CVE-2023-7268medium · 4.3Missing Authorization

ArtPlacer Widget <= 2.21.1 - Missing Authorization to Widget Deletion

Jun 28, 2024 Patched in 2.21.2 (36d)

CVE-2023-6373high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ArtPlacer Widget <= 2.20.6 - Authenticated (Editor+) SQL Injection

Dec 7, 2023 Patched in 2.20.7 (47d)

Code Analysis

Analyzed Mar 16, 2026

ArtPlacer Widget Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

18% prepared11 total queries

Output Escaping

5% escaped38 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<edit> (includes\edit.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ArtPlacer Widget Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 1

authwp_ajax_artplacer_delincludes\functions.php:13

Shortcodes 2

[artplacer] artplacer-widget.php:115

[artplacer_widget] includes\functions.php:217

WordPress Hooks 16

actionupgrader_process_completeartplacer-widget.php:48

actionplugins_loadedartplacer-widget.php:49

actionadmin_enqueue_scriptsartplacer-widget.php:62

actionwp_enqueue_scriptsartplacer-widget.php:73

actionwp_footerartplacer-widget.php:149

filterterms_clausesincludes\add.php:188

filterget_termincludes\add.php:189

filterget_terms_argsincludes\add.php:190

filterterms_clausesincludes\edit.php:189

filterget_termincludes\edit.php:190

filterget_terms_argsincludes\edit.php:191

actionadmin_menuincludes\functions.php:39

actionwoocommerce_after_single_product_summaryincludes\functions.php:165

actionwoocommerce_before_single_product_summaryincludes\functions.php:178

actionwoocommerce_after_add_to_cart_buttonincludes\functions.php:191

actionwoocommerce_after_single_productincludes\functions.php:204

Maintenance & Trust

ArtPlacer Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 4, 2026

PHP min version5.2.4

Downloads13K

Community Trust

Rating86/100

Number of ratings6

Active installs200

Alternatives

ArtPlacer Widget Alternatives

Wizart Visualizer — AI-Powered Room Visualization

wizart-home-interior-design-solutions

100

We help thousands of home improvement retailers and manufacturers all over the globe to lower returns and sell more with Wizart visualizer.

100 No CVEs

Redirect 404 to Homepage

404-to-homepage

100

Redirect 404 missing pages to the homepage using SEO 301 redirection. Super lightweight!

70K No CVEs

Super Progressive Web Apps

super-progressive-web-apps

SuperPWA helps you convert your WordPress website into a Progressive Web App instantly.

50K 2 CVEs

Clever Fox

clever-fox

Clever Fox plugin to enhance the functionality of free themes made by Nayra Themes.

30K 2 CVEs

Desert Companion

desert-companion

100

Desert Companion Enhances Desert Themes with additional functionality.

20K No CVEs

Developer Profile

ArtPlacer Widget Developer Profile

artplacer

1 plugin · 200 total installs

trust score

Avg Security Score

67/100

Avg Patch Time

34 days

View full developer profile

Detection Fingerprints

How We Detect ArtPlacer Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/artplacer-widget/assets/css/style.css/wp-content/plugins/artplacer-widget/assets/js/custom.js/wp-content/plugins/artplacer-widget/assets/css/front.css/wp-content/plugins/artplacer-widget/assets/js/artplacer-widget-front.js

Script Paths

https://widget.artplacer.com/js/script.js/wp-content/plugins/artplacer-widget/assets/js/artplacer-widget.js

Version Parameters

artplacer-widget/assets/css/style.css?ver=artplacer-widget/assets/js/custom.js?ver=artplacer-widget/assets/css/front.css?ver=artplacer-widget/assets/js/artplacer-widget-front.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-artplacer-widgetartplacer-widget

JS Globals

artplacerWidgetartplacerWidgetConfig

REST Endpoints

/wp-json/artplacer-widget/v1

Shortcode Output

<artplacer>

FAQ