Does CC Child Pages have any unpatched vulnerabilities?

No. All known vulnerabilities in CC Child Pages have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CC Child Pages compatible with WordPress 6.9.4?

According to WordPress.org data, CC Child Pages 2.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CC Child Pages compatible with PHP 7.4+?

CC Child Pages requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CC Child Pages updated?

CC Child Pages was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is CC Child Pages's security score?

CC Child Pages has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CC Child Pages Security & Risk Analysis

wordpress.org/plugins/cc-child-pages

Display WordPress child pages in a responsive grid or list using a shortcode, Gutenberg block or Elementor widget.

10K active installs v2.1.1 PHP 7.4+ WP 6.7+ Updated Mar 5, 2026

child-pageselementorpage-listpage-navigationsubpages

A · Safe

CVEs total2

Unpatched0

Last CVEDec 15, 2025

Plugin page Download

Safety Verdict

Is CC Child Pages Safe to Use in 2026?

Generally Safe

Score 98/100

CC Child Pages has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 15, 2025Updated 29d ago

Risk Assessment

The 'cc-child-pages' plugin version 2.1.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a relatively small attack surface, with only one shortcode entry point and no unprotected AJAX handlers or REST API routes. The code also demonstrates good practices by utilizing prepared statements for a majority of its SQL queries, implementing nonce checks, and performing capability checks. There are no reported file operations or external HTTP requests, further limiting potential attack vectors. However, a significant concern arises from the output escaping, where only 64% of outputs are properly escaped. This suggests a risk of cross-site scripting (XSS) vulnerabilities if user-controlled data is not adequately sanitized before being displayed. The vulnerability history, while showing no currently unpatched CVEs, indicates a past pattern of two medium-severity Cross-site Scripting (XSS) vulnerabilities. This history, coupled with the static analysis findings on output escaping, suggests that while the plugin has made improvements, the potential for XSS remains a notable weakness. The absence of critical or high-severity issues in the history and static analysis is positive, but the ongoing concern with output escaping warrants attention.

Key Concerns

Output escaping is not consistently applied (36% unescaped)
Past history of medium severity XSS vulnerabilities

Vulnerabilities

CC Child Pages Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-13608medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode

Dec 15, 2025 Patched in 2.0.1 (1d)

CVE-2022-4776medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 5, 2023 Patched in 1.43 (383d)

Code Analysis

Analyzed Mar 16, 2026

CC Child Pages Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

70 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

64% escaped109 total outputs

Attack Surface

CC Child Pages Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[child_pages] index.php:77

WordPress Hooks 22

filtermce_external_pluginsincludes\ccchildpages.php:1317

filtermce_buttonsincludes\ccchildpages.php:1318

actionelementor/widgets/registerincludes\elementor\class-elementor-integration.php:18

actionelementor/elements/categories_registeredincludes\elementor\class-elementor-integration.php:19

actioninitindex.php:69

actionwp_enqueue_scriptsindex.php:78

actionplugins_loadedindex.php:79

actionwidgets_initindex.php:86

actionwp_dashboard_setupindex.php:89

actionadmin_post_ccchildpages_dismiss_widgetindex.php:92

actioninitindex.php:95

actioninitindex.php:98

filterplugin_row_metaindex.php:104

actionadmin_initindex.php:110

actionadmin_menuindex.php:113

filterquery_varsindex.php:116

actionpre_get_postsindex.php:119

filterno_texturize_shortcodesindex.php:122

actionenqueue_block_editor_assetsindex.php:124

filterblock_categories_allindex.php:168

filterblock_categoriesindex.php:170

actionplugins_loadedindex.php:177

Maintenance & Trust

CC Child Pages Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads159K

Community Trust

Rating98/100

Number of ratings49

Active installs10K

Alternatives

CC Child Pages Alternatives

Page-list

page-list

[pagelist], [subpages], [siblings] and [pagelist_ext] shortcodes

40K 3 CVEs

WP Subpages

wp-subpages

WP Subpages Widget is a simple plugin to allow for multiple instances to show child pages.

10 No CVEs

Elementor Website Builder – More Than Just a Page Builder

elementor

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Developer Profile

CC Child Pages Developer Profile

caterhamcomputing

2 plugins · 10K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

192 days

View full developer profile

Detection Fingerprints

How We Detect CC Child Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cc-child-pages/build/index.css/wp-content/plugins/cc-child-pages/build/index.js/wp-content/plugins/cc-child-pages/css/cc-child-pages.css/wp-content/plugins/cc-child-pages/js/cc-child-pages.js

Script Paths

/wp-content/plugins/cc-child-pages/build/index.js/wp-content/plugins/cc-child-pages/js/cc-child-pages.js

Version Parameters

cc-child-pages/build/index.css?ver=cc-child-pages/build/index.js?ver=cc-child-pages/css/cc-child-pages.css?ver=cc-child-pages/js/cc-child-pages.js?ver=

HTML / DOM Fingerprints

CSS Classes

cc-child-pages

Data Attributes

data-cc-uid

JS Globals

cc_child_pages_argscc_child_pages_options

Shortcode Output

[child_pages][child_pages title=""][child_pages posts_per_page=""][child_pages limit=""]

FAQ