WP-Safety

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Security & Risk Analysis

wordpress.org/plugins/columns-bws

Add columns with custom content to WordPress website pages, posts, widgets, etc.

30 active installs v1.0.3 PHP + WP 5.6+ Updated Jun 6, 2025
columncolumnsculumn-widgetpagesposts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Safe to Use in 2026?

Generally Safe

Score 100/100

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The "columns-bws" v1.0.3 plugin exhibits a generally good security posture, with no known vulnerabilities or CVEs recorded. The static analysis reveals a relatively small attack surface, with all identified entry points (AJAX handlers, shortcodes) appearing to have appropriate authentication or permission checks. The plugin also demonstrates a strong reliance on prepared statements for SQL queries and a high percentage of properly escaped output, which are excellent security practices.

However, there are a couple of areas that warrant attention. The presence of the `unserialize` function is a known risk, as it can lead to deserialization vulnerabilities if not handled with extreme caution and strict input validation. Furthermore, the taint analysis identified two flows with unsanitized paths, marked as high severity. These could potentially be exploited if user-supplied data is not properly sanitized before being used in file operations or other sensitive contexts. While no direct vulnerabilities have been recorded historically, the presence of these code signals indicates potential weaknesses that could be exploited by attackers.

In conclusion, "columns-bws" v1.0.3 has strong fundamental security practices, particularly in database interaction and output handling. The absence of historical vulnerabilities is a positive sign. The primary concerns lie in the use of `unserialize` and the identified high-severity unsanitized taint flows, which represent potential vulnerabilities that should be addressed to further harden the plugin's security.

Key Concerns

  • High severity unsanitized taint flow (x2)
  • Use of unserialize function
Vulnerabilities
None known

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Code Analysis

Dangerous Functions
2
Raw SQL Queries
7
20 prepared
Unescaped Output
60
453 escaped
Nonce Checks
19
Capability Checks
3
File Operations
2
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$column_single_settings = unserialize( $column_single_setting );columns-bws.php:616
unserialize$options = unserialize( $column_single_setting );includes\class-clmns-add-new.php:36

SQL Query Safety

74% prepared27 total queries

Output Escaping

88% escaped513 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths
bws_add_menu_render (bws_menu\bws_menu.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1452
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:432

Shortcodes 1

[print_clmns] columns-bws.php:993
WordPress Hooks 22
filterload_textdomain_mofilebws_menu\bws_functions.php:37
filtermce_external_pluginsbws_menu\bws_functions.php:1081
filtermce_buttonsbws_menu\bws_functions.php:1082
actionadmin_initbws_menu\bws_functions.php:1357
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1358
actionadmin_headbws_menu\bws_functions.php:1359
actionadmin_footerbws_menu\bws_functions.php:1360
actionadmin_noticesbws_menu\bws_functions.php:1362
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1364
actionadmin_menucolumns-bws.php:970
filterparent_filecolumns-bws.php:971
filtersubmenu_filecolumns-bws.php:972
actioninitcolumns-bws.php:973
actionadmin_initcolumns-bws.php:974
actionplugins_loadedcolumns-bws.php:976
actionadmin_enqueue_scriptscolumns-bws.php:978
actionwp_enqueue_scriptscolumns-bws.php:979
filterplugin_row_metacolumns-bws.php:982
filterplugin_action_linkscolumns-bws.php:983
filterset-screen-optioncolumns-bws.php:985
actionadmin_noticescolumns-bws.php:988
filterbws_shortcode_button_contentcolumns-bws.php:991
Maintenance & Trust

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 6, 2025
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Alternatives

WP Shortcodes Plugin — Shortcodes Ultimate

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A
88

A comprehensive collection of visual components for your site

400K 35 CVEs
WP Show Posts

WP Show Posts

wp-show-posts

A
90

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs
Sortable Word Count Reloaded

Sortable Word Count Reloaded

sortable-word-count-reloaded

A
100

Adds a sortable column to the posts and pages admin list with the word count of each page/post.

2K No CVEs
Posts Columns Manager

Posts Columns Manager

posts-columns-manager

A
85

Did you ever want to add some custom columns to the posts overview page?

800 No CVEs
WP Columnize

WP Columnize

wp-columnize

A
85

Easily create multiple columns within posts and pages.

100 No CVEs
Developer Profile

Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets Developer Profile

bestweblayout

32 plugins · 17K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1944 days
View full developer profile
Detection Fingerprints

How We Detect Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/columns-bws/assets/css/columns.css/wp-content/plugins/columns-bws/assets/js/columns.js
Version Parameters
columns-bws/assets/css/columns.css?ver=columns-bws/assets/js/columns.js?ver=

HTML / DOM Fingerprints

CSS Classes
clmns-columnclmns-column-itemsclmns-column-item
Data Attributes
data-clmns-id
JS Globals
clmns_shortcode_list
Shortcode Output
[columns][/columns]
FAQ

Frequently Asked Questions about Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets