Does Blog Topics For WPMU have any unpatched vulnerabilities?

No. All known vulnerabilities in Blog Topics For WPMU have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blog Topics For WPMU compatible with WordPress 3.1.4?

According to WordPress.org data, Blog Topics For WPMU 1.2 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is Blog Topics For WPMU updated?

Blog Topics For WPMU was last updated on Apr 19, 2011. Frequent updates are generally a positive security signal.

What is Blog Topics For WPMU's security score?

Blog Topics For WPMU has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blog Topics For WPMU Security & Risk Analysis

wordpress.org/plugins/blog-topics

Allows users to categorize blogs by topic. Allows users to categorize blogs by topic. Includes multiple optional widgets and optional sample theme cod …

10 active installs v1.2 PHP + WP 2.9+ Updated Apr 19, 2011

wmpu-site-wide-categorieswordpress-muwordpress-multiuserwpmu-site-wide-topics

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Blog Topics For WPMU Safe to Use in 2026?

Generally Safe

Score 85/100

Blog Topics For WPMU has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "blog-topics" plugin v1.2 presents a mixed security posture. While it boasts zero known CVEs, a small attack surface, and a good percentage of SQL queries using prepared statements, several concerning code signals and taint analysis results warrant attention.

The significant number of flows with unsanitized paths, specifically six high-severity ones, is a critical red flag. This strongly suggests that user-supplied data is not being properly validated or escaped before being used in sensitive operations, potentially leading to cross-site scripting (XSS) or other injection vulnerabilities. Furthermore, the plugin uses the deprecated and inherently insecure `create_function` function twice, which can be a vector for code execution if not handled with extreme caution. The low rate of proper output escaping (7%) amplifies the risk posed by unsanitized inputs.

Despite the lack of historical vulnerabilities, the current static analysis reveals significant potential weaknesses. The plugin demonstrates good practices in avoiding external requests and file operations, and it includes some nonce and capability checks. However, the high number of high-severity taint flows and the poor output escaping significantly outweigh these positives. The conclusion is that while the plugin has not yet been exploited or publicly documented with vulnerabilities, the static analysis points to a high likelihood of exploitable issues, particularly around input sanitization and output encoding.

Key Concerns

High severity unsanitized taint flows
Use of dangerous function 'create_function'
Low percentage of properly escaped output
Some capability checks present
Some nonce checks present

Vulnerabilities

None known

Blog Topics For WPMU Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Blog Topics For WPMU Code Analysis

Dangerous Functions

Raw SQL Queries

45 prepared

Unescaped Output

116

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("cets_bt_featured_topic_with_widgets\cets_bt_featured_topic_with_posts.php:130

create_functionadd_action('widgets_init', create_function('', 'return register_widget("cets_bt_topics_with_posts");widgets\cets_bt_topics_with_posts.php:146

SQL Query Safety

85% prepared53 total queries

Output Escaping

7% escaped125 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths

custom_image_utility (cets_blog_topics_sampletheme\functions.php:86)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Blog Topics For WPMU Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 25

actionsignup_blogformcets_blogtopics.php:1129

filterwpmu_new_blogcets_blogtopics.php:1130

actionsignup_finishedcets_blogtopics.php:1131

actionadmin_noticescets_blogtopics.php:1133

actionadmin_initcets_blogtopics.php:1139

actionupdate_option_cets_topicexcludecets_blogtopics.php:1141

actionwp_headcets_blogtopics.php:1145

actionadmin_menucets_blogtopics.php:1149

actionnetwork_admin_menucets_blogtopics.php:1155

actionadmin_menucets_blogtopics.php:1163

actiondelete_blogcets_blogtopics.php:1169

actionwpmueditblogactioncets_blog_topics\miscactions.php:13

actionwpmu_update_blog_optionscets_blog_topics\miscactions.php:18

actionwpmuadmineditcets_blog_topics\miscactions.php:22

actionadmin_menucets_blog_topics_sampletheme\functions.php:84

filtergenerate_rewrite_rulescets_blog_topics_sampletheme\rewrites.php:4

actioninitcets_blog_topics_sampletheme\rewrites.php:17

filterquery_varscets_blog_topics_sampletheme\rewrites.php:31

filterquery_varscets_blog_topics_sampletheme\rewrites.php:38

actiontemplate_redirectcets_blog_topics_sampletheme\rewrites.php:43

actionwidgets_initwidgets\cets_bt_featured_topic_with_posts.php:130

actionplugins_loadedwidgets\cets_bt_related_blogs_widget.php:136

actionplugins_loadedwidgets\cets_bt_related_posts_widget.php:158

actionplugins_loadedwidgets\cets_bt_topicname_widget.php:130

actionwidgets_initwidgets\cets_bt_topics_with_posts.php:146

Maintenance & Trust

Blog Topics For WPMU Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedApr 19, 2011

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Blog Topics For WPMU Alternatives

WPMU Plugin Stats

wpmu-plugin-stats

Gives network admins an easy way to see what plugins are actively used on the sites of a multisite installation

10 No CVEs

WPML Widgets

wpml-widgets

WPML Widgets is a simple to use extension to add a language selector dropdown to your widgets.

10K No CVEs

Disable User Gravatar

disable-user-gravatar

Stops WordPress from grabbing a user avatar using their registrated email from gravatar.com.

3K No CVEs

YD Network-wide Options

yd-wpmu-sitewide-options

This plugin has been thoroughly tested and is fully compatible with WordPress 3.0x multisite or with WPMU 2.9.

30 No CVEs

YD WPMU Bloglist Widget

yd-wpmu-bloglist-widget

Sidebar widget and template function to display an ordered blog list of subsites (with post count) on a page of the WordPress MU main site.

20 No CVEs

Developer Profile

Blog Topics For WPMU Developer Profile

DeannaS

7 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Blog Topics For WPMU

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-blog_iddata-topic_id

JS Globals

cets_blog_topicscets_blogtopics_setup

Shortcode Output

[blog_topics]

FAQ