Does Categories but exclude have any unpatched vulnerabilities?

No. All known vulnerabilities in Categories but exclude have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Categories but exclude compatible with WordPress 3.3.2?

According to WordPress.org data, Categories but exclude 1.0 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Categories but exclude updated?

Categories but exclude was last updated on Jun 13, 2012. Frequent updates are generally a positive security signal.

What is Categories but exclude's security score?

Categories but exclude has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Categories but exclude Security & Risk Analysis

wordpress.org/plugins/categories-but-exclude-widget

Displays all categories except those selected in widget preferences.

50 active installs v1.0 PHP + WP 2.8+ Updated Jun 13, 2012

categoriescategoryexcludewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Categories but exclude Safe to Use in 2026?

Generally Safe

Score 85/100

Categories but exclude has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "categories-but-exclude-widget" plugin version 1.0 exhibits a generally good security posture due to the absence of known vulnerabilities and the use of prepared statements for all SQL queries. The lack of external HTTP requests, file operations, and a non-existent attack surface from AJAX, REST API, shortcodes, and cron events are positive indicators. However, the presence of one dangerous function, `create_function`, is a notable concern. This function is deprecated and can be a source of security vulnerabilities if not handled with extreme care, as it allows for the execution of arbitrary PHP code. Additionally, only 31% of output is properly escaped, indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities if untrusted data is directly outputted without adequate sanitization.

Key Concerns

Use of deprecated and potentially unsafe create_function
Low percentage of properly escaped output (31%)

Vulnerabilities

None known

Categories but exclude Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Categories but exclude Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "catbutexclude_widget" );' ) );categories-but-exclude.php:116

Output Escaping

31% escaped13 total outputs

Attack Surface

Categories but exclude Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionplugins_loadedcategories-but-exclude.php:35

actionwidgets_initcategories-but-exclude.php:116

Maintenance & Trust

Categories but exclude Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedJun 13, 2012

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Categories but exclude Alternatives

Category Excluder Widget

category-excluder

This widget allows you to easily create a specific category list. You can exclude any categories you please.

100 No CVEs

Ultimate Category Excluder

ultimate-category-excluder

Ultimate Category Excluder allows you to quickly and easily exclude categories from your front page, archives, feeds, and search results.

50K 1 CVE

WP Categories Widget

wp-categories-widget

100

Display the list of categories for any taxonomies type (WooCommerce Product Category, Blog Category, Project Category...etc) in sidebar

7K 1 CVE

Exclude Category from Blog

wonderplugin-exclude-category

Exclude categories from WordPress blog page, home page and search

1K No CVEs

Developer Profile

Categories but exclude Developer Profile

PoseLab

2 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Categories but exclude

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

category_excluder_widget

FAQ