Does Author Box by Nocksoft have any unpatched vulnerabilities?

No. All known vulnerabilities in Author Box by Nocksoft have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Author Box by Nocksoft compatible with WordPress 6.7.5?

According to WordPress.org data, Author Box by Nocksoft 1.1.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Author Box by Nocksoft updated?

Author Box by Nocksoft was last updated on Nov 16, 2024. Frequent updates are generally a positive security signal.

What is Author Box by Nocksoft's security score?

Author Box by Nocksoft has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Author Box by Nocksoft Security & Risk Analysis

wordpress.org/plugins/author-box-by-nocksoft

Adds a modern author info box at the end of your posts and implements local avatars as an alternative to Gravatar.

100 active installs v1.1.1 PHP + WP 5.3+ Updated Nov 16, 2024

about-authorabout-meauthor-bioauthor-boxauthor-description

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Author Box by Nocksoft Safe to Use in 2026?

Generally Safe

Score 92/100

Author Box by Nocksoft has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The author-box-by-nocksoft plugin version 1.1.1 exhibits a generally positive security posture, with no critical or high-severity vulnerabilities identified in its history. The static analysis reveals a minimal attack surface with only one shortcode, and importantly, no unprotected entry points like unauthenticated AJAX handlers or REST API routes. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and performing file operations and external HTTP requests, which are absent. However, a significant concern lies in the output escaping. With 39% of outputs properly escaped out of 70 total, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks, while not directly impacting the identified entry points, suggests a potential oversight in ensuring request integrity, especially if the plugin were to evolve with more dynamic functionalities. The absence of any recorded vulnerabilities in its history is a strength, but it should not overshadow the identified code-level weaknesses, particularly the insufficient output escaping.

Key Concerns

Insufficient output escaping
Missing nonce checks

Vulnerabilities

None known

Author Box by Nocksoft Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Author Box by Nocksoft Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

39% escaped70 total outputs

Attack Surface

Author Box by Nocksoft Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[authorbox] php\authorbox.php:4

WordPress Hooks 10

actionadmin_enqueue_scriptsauthor-box-by-nocksoft.php:33

actionwp_enqueue_scriptsauthor-box-by-nocksoft.php:53

actionplugins_loadedauthor-box-by-nocksoft.php:68

filterthe_contentphp\authorbox.php:11

actionadmin_menuphp\settings-global.php:3

actionadmin_initphp\settings-global.php:16

actionshow_user_profilephp\settings-user.php:5

actionedit_user_profilephp\settings-user.php:6

actionpersonal_options_updatephp\settings-user.php:44

actionedit_user_profile_updatephp\settings-user.php:45

Maintenance & Trust

Author Box by Nocksoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 16, 2024

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Author Box by Nocksoft Alternatives

Kantbtrue about me

kantbtrue-about-me

An elegant about me widget and profile widget for blogs. With this plugin you can add title, description with links, profile image and social links.

400 No CVEs

WP Author Box

wp-author-box

100

Automatically add an author box below your post content, with social profile icons

10 No CVEs

Simple Author Box

simple-author-box

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

molongui-authorship

All-in-One Authorship Solution: Seamless Author Box, Guest Authors, and Co-Authors to enhance your site's authority, credibility, engagement, and SEO.

10K 6 CVEs

Starbox – the Author Box for Humans

starbox

Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship

10K 6 CVEs

Developer Profile

Author Box by Nocksoft Developer Profile

Rafael @ Nocksoft

2 plugins · 300 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Author Box by Nocksoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/author-box-by-nocksoft/css/style.css/wp-content/plugins/author-box-by-nocksoft/css/hidewordpressauthorbox.css/wp-content/plugins/author-box-by-nocksoft/js/colorpicker.js

Script Paths

/wp-content/plugins/author-box-by-nocksoft/js/colorpicker.js

HTML / DOM Fingerprints

CSS Classes

nstab_circle

Data Attributes

id='author-box-by-nocksoft'id='nstab_wrapper'id='nstab_authoravatar'id='nstab_authorbio'id='header'id='headline'+4 more

Shortcode Output

[authorbox]

FAQ