Does Category and Subcategory List Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Category and Subcategory List Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Category and Subcategory List Widget compatible with WordPress 6.9.4?

According to WordPress.org data, Category and Subcategory List Widget 7.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Category and Subcategory List Widget compatible with PHP 8.0+?

Category and Subcategory List Widget requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Category and Subcategory List Widget updated?

Category and Subcategory List Widget was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Category and Subcategory List Widget's security score?

Category and Subcategory List Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Category and Subcategory List Widget Security & Risk Analysis

wordpress.org/plugins/category-subcategory-list-widget

This widget allows to add/update icons for category or icon for custom taxonomy. It lists Categories in horizontal menu pattern.

700 active installs v7.3 PHP 8.0+ WP 6.2+ Updated Dec 1, 2025

categorycategory-listsubcategorysubcategory-listwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Category and Subcategory List Widget Safe to Use in 2026?

Generally Safe

Score 100/100

Category and Subcategory List Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "category-subcategory-list-widget" plugin v7.3 demonstrates a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and raw SQL queries are all positive indicators. The high percentage of properly escaped output and the presence of nonce checks further contribute to a secure foundation.

However, a significant concern is the complete lack of capability checks. While nonce checks are present, relying solely on them for AJAX handlers can leave the plugin vulnerable to privilege escalation if an attacker can trick a privileged user into triggering the AJAX action. The limited attack surface with only one unprotected AJAX handler is a positive, but the absence of capability checks on it is a notable oversight.

With zero recorded vulnerabilities and no history of CVEs, the plugin has a good track record. This suggests a commitment to security by the developers, or simply a lack of discovery in past versions. Overall, the plugin is well-coded with good sanitization practices, but the absence of capability checks on its entry point represents a distinct weakness that warrants attention.

Key Concerns

Missing capability checks on AJAX handler

Vulnerabilities

None known

Category and Subcategory List Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Category and Subcategory List Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped54 total outputs

Attack Surface

Category and Subcategory List Widget Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_iclcat_new_iconcategory-list-widget.php:608

WordPress Hooks 2

actionwidgets_initcategory-list-widget.php:367

actionadmin_initcategory-list-widget.php:547

Maintenance & Trust

Category and Subcategory List Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version8.0

Downloads38K

Community Trust

Rating94/100

Number of ratings3

Active installs700

Alternatives

Category and Subcategory List Widget Alternatives

Most Popular Categories

most-popular-categories

Display your most popular categories in a widget

600 No CVEs

Multiple Category Selection Widget

multiple-category-selection-widget

100

Filter posts by selecting multiple categories using dropdown menus. Available as a widget, block, or shortcode.

200 No CVEs

Flynsarmy Subcategory List Widget

subcategory-list-widget

Adds a widget that can displays subcategories of a given category (or top level).

70 No CVEs

GNA Cate List

gna-cate-list

[catelist] shortcodes with any post, page and widget.

10 No CVEs

OVN Category List Widget for Elementor

ovn-category-list-widget-for-elementor

Show Category List or Custom Taxonomy List

10 No CVEs

Developer Profile

Category and Subcategory List Widget Developer Profile

Murali

2 plugins · 900 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

72 days

View full developer profile

Detection Fingerprints

How We Detect Category and Subcategory List Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wn_statuswidget-core_special_widgets_categories-2-wn_show

Data Attributes

data-widget_id

FAQ