Does BMI Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in BMI Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BMI Widget compatible with WordPress 4.1.42?

According to WordPress.org data, BMI Widget 1.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is BMI Widget updated?

BMI Widget was last updated on Feb 9, 2015. Frequent updates are generally a positive security signal.

What is BMI Widget's security score?

BMI Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BMI Widget Security & Risk Analysis

wordpress.org/plugins/bmi-widget

Adds a widget that displays a BMI calculator with standard or metric measurements and options for styling.

10 active installs v1.0 PHP + WP 3.0+ Updated Feb 9, 2015

bmibmi-calculatorbody-mass-index

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BMI Widget Safe to Use in 2026?

Generally Safe

Score 85/100

BMI Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The BMI Widget plugin v1.0 presents a generally good security posture based on the static analysis, exhibiting no immediately apparent vulnerabilities from dangerous functions, SQL injection risks, or file operations. The complete absence of cron events, shortcodes, and protected REST API/AJAX handlers significantly limits its attack surface, which is a strong indicator of secure coding practices. The fact that all SQL queries utilize prepared statements is also a commendable practice that mitigates a common vector for compromise.

However, a notable concern arises from the low percentage of properly escaped output (31%). This suggests that a significant portion of user-provided or dynamically generated content displayed by the widget might be vulnerable to Cross-Site Scripting (XSS) attacks. While the taint analysis reported no issues, this is likely due to the limited scope of flows analyzed or the absence of specific test cases designed to trigger them. The plugin also has no recorded vulnerability history, which is positive but does not guarantee future security, especially in light of the unescaped output.

In conclusion, the BMI Widget plugin has a strong foundation with its minimal attack surface and secure handling of database operations. The primary weakness lies in insufficient output sanitization, which could lead to XSS vulnerabilities. The lack of historical vulnerabilities is a good sign, but the identified code-level weakness requires attention to ensure a robust security profile.

Key Concerns

Low percentage of properly escaped output (31%)

Vulnerabilities

None known

BMI Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BMI Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

31% escaped39 total outputs

Attack Surface

BMI Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwidgets_initbmi-widget.php:12

actionwp_enqueue_scriptsbmi-widget.php:36

Maintenance & Trust

BMI Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedFeb 9, 2015

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BMI Widget Alternatives

BMI Calculator by Calculator.iO

ci-bmi-calculator

The free Body Mass Index calculator, also known as BMI, computes and classifies BMI for children and adults using data obtained from WHO and CDC.

100 No CVEs

Baseter body mass index calculator

baseter-body-mass-index-calculator

Provide your visitors the ability to calculate their body mass index to determine wheter their bmi in normal, they are underweight or they are overwei …

10 No CVEs

Greek BMI Calculator

greek-bmi-calculator

With this plugin you can calculate BMI and show the results and the category that the user belongs, in greek.

10 No CVEs

CC BMI Calculator

cc-bmi-calculator

Add a free simple customizable BMI Calculator to your web site.

900 2 CVEs

fitness calculators

fitness-calculators

Plugin for calculating Water intake, BMI calculator, protein Intake for the fitness freaks.

700 2 CVEs

Developer Profile

BMI Widget Developer Profile

swaincreates

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BMI Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bmi-widget/bmi-widget-style.css

Version Parameters

bmi-widget/bmi-widget-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

bmi-widgetbmi-widget-titlebmi-form-wrapper

HTML Comments

Data Attributes

id="height"id="weight"id="user_bmi"id="bmi_submit"class="bmi-widget"class="bmi-widget-title"+3 more

JS Globals

bmi_widgetBMI_Widget

FAQ