Does Conditional Content have any unpatched vulnerabilities?

No. All known vulnerabilities in Conditional Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Conditional Content compatible with WordPress 5.6.17?

According to WordPress.org data, Conditional Content 1.0.1 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is Conditional Content compatible with PHP 5.5+?

Conditional Content requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Conditional Content updated?

Conditional Content was last updated on Nov 30, 2020. Frequent updates are generally a positive security signal.

What is Conditional Content's security score?

Conditional Content has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Conditional Content Security & Risk Analysis

wordpress.org/plugins/conditional-content

Looking for a tool for adding sticky content on your WordPress site pages/posts?

10 active installs v1.0.1 PHP 5.5+ WP 4.0+ Updated Nov 30, 2020

advertisementadvertisement-blocksconditional-contentcontentmessages

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Conditional Content Safe to Use in 2026?

Generally Safe

Score 85/100

Conditional Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "conditional-content" plugin v1.0.1 exhibits a generally good security posture in terms of its exposed attack surface and SQL query handling. It correctly utilizes prepared statements for all SQL queries and reports no known vulnerabilities or CVEs, indicating a history of responsible development or minimal exposure. However, the static analysis reveals significant areas of concern. The presence of the `unserialize` function is a critical red flag, as it can lead to remote code execution vulnerabilities if user-supplied data is unserialized without proper sanitization. While the taint analysis did not report critical or high severity unsanitized flows, the very existence of flows with unsanitized paths, combined with `unserialize`, creates a substantial risk. Furthermore, the low percentage of properly escaped output (14%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-controlled data is likely being rendered directly into the page without adequate sanitization. The lack of nonce checks and the minimal capability checks also contribute to a weaker security posture for potential entry points, although the current entry point count is zero.

Key Concerns

Unsanitized unserialize() function usage
Low percentage of properly escaped output
Flows with unsanitized paths found
Zero nonce checks
One capability check for all entry points

Vulnerabilities

None known

Conditional Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Conditional Content Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->settings = unserialize(get_option(self::OPTION, serialize($this->getDefaultSettings())));classes\core\Settings.php:39

Output Escaping

14% escaped7 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

submitForm (conditional-content.php:226)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Conditional Content Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionplugins_loadedconditional-content.php:39

actionadmin_menuconditional-content.php:125

actionwp_headconditional-content.php:128

actionwidgets_initconditional-content.php:130

filterconditional_content_widget_textconditional-content.php:131

Maintenance & Trust

Conditional Content Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedNov 30, 2020

PHP min version5.5

Downloads7K

Community Trust

Rating100/100

Number of ratings5

Active installs10

Alternatives

Conditional Content Alternatives

Block Visibility — Conditional Visibility Control for the Block Editor

block-visibility

100

Easily show or hide any WordPress block. Schedule block visibility. Restrict blocks to specific screen sizes, user roles, post types, and more.

40K No CVEs

Restricted Blocks – Conditional Visibility Settings for the Block Editor

restricted-blocks

Restricted Blocks is a WordPress plugin that allows you to restrict access to specific Gutenberg blocks based on a great variety of conditions.

100 No CVEs

All-in-One Content Restriction – Conditional Content Visibility & Access Control for WordPress

content-restriction

100

Take control of your content. Restrict any post, page, or custom content based on user roles, login state, or custom rules. No code needed.

60 No CVEs

Logic Hop – Dynamic Content Personalization for WordPress

logic-hop

100

Personalize every visit. Logic Hop turns your WordPress site into a high‑converting, data‑driven experience engine with CRM-powered dynamic content an …

40 No CVEs

Optional Content

optional-content

This plugin makes it easy to conditionally display content. No more if statements in your template files!

40 No CVEs

Developer Profile

Conditional Content Developer Profile

extremeidea

5 plugins · 100 total installs

trust score

Avg Security Score

82/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Conditional Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ