Does Collapsing Archives have any unpatched vulnerabilities?

No. All known vulnerabilities in Collapsing Archives have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Collapsing Archives compatible with WordPress 6.9.4?

According to WordPress.org data, Collapsing Archives 3.0.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Collapsing Archives updated?

Collapsing Archives was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is Collapsing Archives's security score?

Collapsing Archives has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Collapsing Archives Security & Risk Analysis

wordpress.org/plugins/collapsing-archives

This plugin uses Javascript to dynamically expand or collapse the set of months for each year and posts for each month in the archive listing of your …

3K active installs v3.0.8 PHP + WP 2.8+ Updated Feb 12, 2026

accordionarchivescollapsesidebarwidget

A · Safe

CVEs total1

Unpatched0

Last CVEAug 26, 2024

Plugin page Download

Safety Verdict

Is Collapsing Archives Safe to Use in 2026?

Generally Safe

Score 99/100

Collapsing Archives has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 26, 2024Updated 1mo ago

Risk Assessment

The plugin "collapsing-archives" v3.0.8 presents a mixed security posture. On the positive side, static analysis reveals no identifiable attack surface through AJAX handlers, REST API routes, shortcodes, or cron events that are not properly authenticated or permission-checked. Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and having no external HTTP requests, reducing common attack vectors. However, there are significant concerns regarding output escaping, with only 78% of outputs being properly escaped, leaving potential for cross-site scripting vulnerabilities. The absence of nonce checks and capability checks for any potential entry points, though currently none are identified, is a notable gap in defense-in-depth. The plugin's vulnerability history, specifically a medium-severity CVE discovered very recently (2024-08-26) related to Cross-site Scripting, is a red flag that underscores the potential for exploitable flaws despite the current lack of identified critical issues in static analysis.

Key Concerns

Output escaping is not comprehensive (78%)
No nonce checks present
No capability checks present
Medium severity CVE in vulnerability history

Vulnerabilities

Collapsing Archives Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-43934medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Collapsing Archives <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 26, 2024 Patched in 3.0.6 (10d)

Code Analysis

Analyzed Mar 16, 2026

Collapsing Archives Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

78% escaped9 total outputs

Attack Surface

Collapsing Archives Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actioninitcollapsArch.php:36

actioninitcollapsArch.php:174

Maintenance & Trust

Collapsing Archives Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version

Downloads146K

Community Trust

Rating82/100

Number of ratings21

Active installs3K

Alternatives

Collapsing Archives Alternatives

Expanding Archives

expanding-archives

This plugin adds a new widget where you can view your old posts by expanding certain years and months.

2K No CVEs

Ultimate Tabbed Widgets

ultimate-tabbed-widgets

A plugin that allows you to create widget areas that can be turned into tabs or

200 No CVEs

WPB Widgets Accordion for WooCommerce

wpb-woocommerce-widgets-accordion

100

WPB Widgets Accordion for WooCommerce will allow you to show your widgets in an accordion.

70 No CVEs

ARCW Popover Addon

arcw-popover-addon

Popover Addon for Archives Calendar Widget

30 No CVEs

Folding Archives

folding-archives

100

A simple widget providing a customisable, animated dropdown menu to display archives.

10 No CVEs

Developer Profile

Collapsing Archives Developer Profile

robfelty

7 plugins · 7K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Collapsing Archives

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/collapsing-archives/collapsArchStyles.php/wp-content/plugins/collapsing-archives/collapsFunctions.js/wp-content/plugins/collapsing-archives/symbols.php

Script Paths

/wp-content/plugins/collapsing-archives/collapsFunctions.js

Version Parameters

collapsing-archives/style.css?ver=collapsing-archives/collapsArchStyles.php?ver=collapsing-archives/collapsFunctions.js?ver=collapsing-archives/symbols.php?ver=

HTML / DOM Fingerprints

CSS Classes

widget-titlecollapsArch

HTML Comments

/* These variables are part of the Collapsing Archives Plugin
   * version: 3.0.8
   * revision: $Id: collapsArch.php 3459499 2026-02-12 03:40:52Z robfelty $

Data Attributes

widget-collapsArch-

JS Globals

collapsItemswidgetRootaddExpandCollapseArch

Shortcode Output

<h2 class='widget-title'>Archives</h2><ul id='widget-collapsArch-

FAQ