Does Simple TOC have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple TOC compatible with WordPress 4.7.0?

According to WordPress.org data, Simple TOC 0.9.0 has been tested up to WordPress 4.7.0. Check the plugin's changelog for the latest compatibility information.

How often is Simple TOC updated?

Simple TOC was last updated on Dec 11, 2016. Frequent updates are generally a positive security signal.

What is Simple TOC's security score?

Simple TOC has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple TOC Security & Risk Analysis

wordpress.org/plugins/bainternet-simple-toc

create a wiki like TOC (table of contents) in your posts or pages using shortcode.

200 active installs v0.9.0 PHP + WP 3.4.0+ Updated Dec 11, 2016

table-of-contentstocwiki-like-toc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple TOC Safe to Use in 2026?

Generally Safe

Score 85/100

Simple TOC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The bainternet-simple-toc plugin version 0.9.0 exhibits a strong security posture based on the provided static analysis. The plugin has no identifiable attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. Furthermore, the code demonstrates good practices by avoiding dangerous functions, exclusively using prepared statements for SQL queries, and properly escaping all identified output. There are no file operations or external HTTP requests, and importantly, no taint analysis revealed any unsanitized paths, indicating a lack of critical or high-severity vulnerabilities within the analyzed code.

The vulnerability history for this plugin is completely clean, with zero known CVEs recorded across all severity levels and no recent or past vulnerabilities. This lack of historical issues, combined with the positive static analysis results, suggests a well-maintained and secure codebase. While the plugin has a very limited attack surface, the presence of capability checks indicates a conscious effort to protect certain functionalities, which is a positive sign. The complete absence of any vulnerabilities in its history and the thoroughness of the static analysis suggest a low-risk profile.

Vulnerabilities

None known

Simple TOC Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple TOC Release Timeline

v0.9.0Current

v0.8.1

v0.8.0

v0.7.4

v0.7.3

v0.7.1

v0.7

v0.6

v0.5

v0.4

v0.3

v0.2

v0.1

Code Analysis

Analyzed Mar 16, 2026

Simple TOC Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Attack Surface

Simple TOC Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_headsimple-toc.php:35

filterthe_contentsimple-toc.php:36

filterthe_contentsimple-toc.php:37

filterthe_contentsimple-toc.php:38

filterplugin_row_metasimple-toc.php:40

actionadmin_enqueue_scriptssimple-toc.php:42

filtermce_external_pluginssimple-toc.php:52

filtermce_buttonssimple-toc.php:53

Maintenance & Trust

Simple TOC Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.0

Last updatedDec 11, 2016

PHP min version

Downloads16K

Community Trust

Rating66/100

Number of ratings3

Active installs200

Alternatives

Simple TOC Alternatives

LH Table of Contents

lh-table-of-contents

create a wiki like TOC (table of contents) in your posts or pages using shortcode.

50 No CVEs

Easy Table of Contents

easy-table-of-contents

Adds a user friendly and fully automatic way to create and display a table of contents generated from the page content.

600K 6 CVEs

Table of Contents Plus

table-of-contents-plus

A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.

200K 5 CVEs

LuckyWP Table of Contents

luckywp-table-of-contents

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs

Rich Table of Contents

rich-table-of-content

RTOC is a table of contents generation plugin from Japan that allows anyone to easily create a table of contents. Equipped with the functions of the c …

20K 2 CVEs

Developer Profile

Simple TOC Developer Profile

Bainternet

19 plugins · 9K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple TOC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bainternet-simple-toc/assets/css/simple_toc.css

Script Paths

/wp-content/plugins/bainternet-simple-toc/assets/js/simple.toc.js

Version Parameters

bainternet-simple-toc/assets/css/simple_toc.css?ver=bainternet-simple-toc/assets/js/simple.toc.js?ver=

HTML / DOM Fingerprints

CSS Classes

toctoc-headtoc_listtoc_item

Data Attributes

name="toc-href="#toc-name="toc-href="#toc-

JS Globals

simple_toc

Shortcode Output

<div class="toc"><div class="toc-head"><div class="toc_list"><ul><li class="toc_item"><a href="#toc-

FAQ