BF3 Infobox Security & Risk Analysis

wordpress.org/plugins/bf3-infobox

2013 Update! Display your Battlefield 3 Player Statistics from bf3stats.com as a sidebar widget.

10 active installs v1.0.1 PHP + WP 3.0+ Updated Apr 2, 2013
battlefieldbattlefield-3battlefield3bf3bf4
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is BF3 Infobox Safe to Use in 2026?

Generally Safe

Score 85/100

BF3 Infobox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The 'bf3-infobox' plugin v1.0.1 exhibits a strong foundational security posture based on the provided static analysis. The absence of any identified entry points (AJAX, REST API, shortcodes, cron events) significantly reduces the potential attack surface. Furthermore, the complete reliance on prepared statements for SQL queries and the lack of dangerous function usage are excellent security practices. There are no recorded vulnerabilities in its history, suggesting a mature and stable codebase.

However, there are notable areas for improvement. The most concerning aspect is the extremely low output escaping rate (25%), indicating a high likelihood of cross-site scripting (XSS) vulnerabilities. The presence of an external HTTP request without further context on its security (e.g., validation of incoming data or escaping of outgoing data) is also a potential risk. The complete absence of capability checks and nonce checks, while potentially justified by the zero entry points, leaves the plugin vulnerable should any new entry points be introduced in the future without proper security controls. The lack of taint analysis results also means that complex data flows that could lead to vulnerabilities might not have been detected.

In conclusion, 'bf3-infobox' v1.0.1 benefits from a limited attack surface and secure database practices. Its clean vulnerability history is a positive sign. Nevertheless, the critical weakness in output escaping and the potential risks associated with the external HTTP request, coupled with the lack of robust authentication/authorization checks, warrant careful consideration and remediation to ensure comprehensive security.

Key Concerns

  • Low output escaping rate
  • External HTTP request without further checks
  • No capability checks
  • No nonce checks
Vulnerabilities
None known

BF3 Infobox Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BF3 Infobox Release Timeline

v1.0.1Current
v1.0
Code Analysis
Analyzed Mar 16, 2026

BF3 Infobox Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

25% escaped4 total outputs
Attack Surface

BF3 Infobox Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionwidgets_initbf3infobox.php:44
actionwp_enqueue_scriptsbf3infobox.php:49
actionadmin_menubf3infobox.php:56
actionadmin_initbf3infobox.php:61
filterplugin_row_metabf3infobox.php:72
actioninitbf3infobox.php:85
Maintenance & Trust

BF3 Infobox Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedApr 2, 2013
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

BF3 Infobox Developer Profile

Calaelen

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BF3 Infobox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bf3-infobox/style.css
Version Parameters
bf3-infobox/style.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about BF3 Infobox