Does Configurable Tag Cloud (CTC) have any unpatched vulnerabilities?

No. All known vulnerabilities in Configurable Tag Cloud (CTC) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Configurable Tag Cloud (CTC) compatible with WordPress 6.1.10?

According to WordPress.org data, Configurable Tag Cloud (CTC) 5.3 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Configurable Tag Cloud (CTC) updated?

Configurable Tag Cloud (CTC) was last updated on Mar 29, 2023. Frequent updates are generally a positive security signal.

What is Configurable Tag Cloud (CTC)'s security score?

Configurable Tag Cloud (CTC) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Configurable Tag Cloud (CTC) Security & Risk Analysis

wordpress.org/plugins/configurable-tag-cloud-widget

Display a tag cloud customized with your preferences in the sidebar.

2K active installs v5.3 PHP + WP 2.8+ Updated Mar 29, 2023

tag-cloudtagswidget

A · Safe

CVEs total1

Unpatched0

Last CVEMar 30, 2023

Plugin page Download

Safety Verdict

Is Configurable Tag Cloud (CTC) Safe to Use in 2026?

Generally Safe

Score 85/100

Configurable Tag Cloud (CTC) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 30, 2023Updated 3yr ago

Risk Assessment

The "configurable-tag-cloud-widget" plugin v5.3 presents a generally good security posture based on the static analysis. The complete absence of SQL queries without prepared statements, file operations, and external HTTP requests is a strong indicator of secure coding practices. Furthermore, the limited attack surface with zero unprotected entry points (AJAX, REST API, shortcodes, cron) is commendable. However, a significant concern arises from the output escaping, where only 56% of outputs are properly escaped. This leaves a substantial portion of dynamic content potentially vulnerable to Cross-Site Scripting (XSS) attacks if not handled carefully by the WordPress core or themes. The plugin's vulnerability history, while currently clear of unpatched issues, shows a past medium severity vulnerability and a common trend of Cross-Site Request Forgery (CSRF). This suggests a need for ongoing vigilance and robust input validation and output escaping, especially since CSRF is often linked to actions that might involve user interaction and thus require nonce protection.

Key Concerns

Output escaping is below 75%
History of medium severity vulnerability
History of CSRF vulnerabilities

Vulnerabilities

Configurable Tag Cloud (CTC) Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-28995medium · 4.3Cross-Site Request Forgery (CSRF)

Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()

Mar 30, 2023 Patched in 5.3 (299d)

Code Analysis

Analyzed Mar 16, 2026

Configurable Tag Cloud (CTC) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

53 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

56% escaped94 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ctc_options_page (admin_page.php:3)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Configurable Tag Cloud (CTC) Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuadmin_page.php:159

actionwidgets_initwidget.php:195

actionwidgets_initwidget_28.php:5

Maintenance & Trust

Configurable Tag Cloud (CTC) Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 29, 2023

PHP min version

Downloads137K

Community Trust

Rating74/100

Number of ratings10

Active installs2K

Alternatives

Configurable Tag Cloud (CTC) Alternatives

Ultimate Tag Cloud Widget

ultimate-tag-cloud-widget

This plugin aims to be the most configurable tag cloud widget out there, able to suit all your weird tag cloud needs.

4K No CVEs

Random Tags Cloud Widget

random-tags-cloud-widget

Random Tags Cloud displays your tags by selecting randomly. Of course, you can customize other tag cloud's settings.

200 No CVEs

Muki Tag Cloud

muki-tag-cloud

Another wordpress tag cloud plugin based on jQCloud, which is creative, beauty and colorful.

100 No CVEs

Tags Page

tags-page

Adds a table listing all tags registered on your website.

100 No CVEs

Developer Profile

Configurable Tag Cloud (CTC) Developer Profile

Keith S.

1 plugin · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

299 days

View full developer profile

Detection Fingerprints

How We Detect Configurable Tag Cloud (CTC)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/configurable-tag-cloud-widget/widget_28.css/wp-content/plugins/configurable-tag-cloud-widget/style.css/wp-content/plugins/configurable-tag-cloud-widget/admin_page.js

Script Paths

/wp-content/plugins/configurable-tag-cloud-widget/admin_page.js

Version Parameters

configurable-tag-cloud-widget/widget_28.css?ver=configurable-tag-cloud-widget/style.css?ver=configurable-tag-cloud-widget/admin_page.js?ver=

HTML / DOM Fingerprints

CSS Classes

ctc_tag_cloud

HTML Comments

Data Attributes

data-ctc-max-font-sizedata-ctc-min-font-sizedata-ctc-number-of-tagsdata-ctc-order-bydata-ctc-unit

Shortcode Output

[tag_cloud]

FAQ