Does Simple Category List have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Category List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Category List compatible with WordPress 6.7.5?

According to WordPress.org data, Simple Category List 1.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Category List compatible with PHP 8.2.0+?

Simple Category List requires PHP 8.2.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Category List updated?

Simple Category List was last updated on Feb 9, 2025. Frequent updates are generally a positive security signal.

What is Simple Category List's security score?

Simple Category List has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Category List Security & Risk Analysis

wordpress.org/plugins/categorylist

Major features in Simple category list include:

30 active installs v1.4 PHP 8.2.0+ WP 3.0.1+ Updated Feb 9, 2025

categorycategory-list-by-taxonomy-slugchild-category-listparent-category-listshow-categories

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Category List Safe to Use in 2026?

Generally Safe

Score 92/100

Simple Category List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "categorylist" v1.4 plugin exhibits a generally good security posture based on the provided static analysis. The absence of AJAX handlers and REST API routes significantly limits its external attack surface. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding file operations or external HTTP requests. However, there are notable areas of concern. The lack of nonce checks and capability checks on the single shortcode entry point is a significant weakness, potentially opening the door to Cross-Site Request Forgery (CSRF) attacks if the shortcode performs any sensitive actions. Furthermore, while the majority of output is escaped, a 28% rate of unescaped output, while not critical, is still a risk that could lead to Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is involved in those unescaped outputs. The complete lack of vulnerability history is positive, suggesting a history of secure development, but it does not negate the potential risks identified in the current code analysis.

Key Concerns

Missing nonce checks on entry point
Missing capability checks on entry point
Significant unescaped output rate

Vulnerabilities

None known

Simple Category List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Category List Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

72% escaped18 total outputs

Attack Surface

Simple Category List Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[category_list] category_list.php:202

WordPress Hooks 2

actionadmin_menucategory_list.php:19

actionadmin_initcategory_list.php:20

Maintenance & Trust

Simple Category List Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 9, 2025

PHP min version8.2.0

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

Simple Category List Alternatives

Category Order and Taxonomy Terms Order

taxonomy-terms-order

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs

No Category Base (WPML)

no-category-base-wpml

100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs

Pages with category and tag

pages-with-category-and-tag

100

Add Categories and Tags to Pages.

60K No CVEs

Categories Images

categories-images

100

The Categories Images is a Wordpress plugin allow you to add image to category, tag or custom taxonomy.

50K No CVEs

Custom Taxonomy Order

custom-taxonomy-order-ne

100

Allows for the ordering of categories and custom taxonomy terms through a simple drag-and-drop interface

50K No CVEs

Developer Profile

Simple Category List Developer Profile

nziniwal

1 plugin · 30 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Category List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

<h2>Copy this Shortcode and use it:</h2><code>[category_list custom_taxonomy="Use this shortcode in PHP: <code>echo do_shortcode('[category_list custom_taxonomy="<p><strong>No taxonomy name is set. Please configure the settings.</strong></p>

FAQ