Content Holder Security & Risk Analysis
wordpress.org/plugins/content-holderSeparate your content into reusable parts to use anywhere in your site through a function, shortcode or widget
Is Content Holder Safe to Use in 2026?
Generally Safe
Score 85/100Content Holder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'content-holder' v1.1.0 plugin exhibits a generally good security posture with several positive indicators. The absence of dangerous functions, file operations, external HTTP requests, and SQL queries not using prepared statements are all strong points. Furthermore, the plugin has no recorded vulnerability history, suggesting a history of secure development. However, there are areas for improvement. The low percentage of properly escaped output (43%) is a significant concern, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. While the static analysis shows no specific unsanitized flows in the taint analysis, this is based on a zero-flow analysis, which might not be exhaustive. The lack of nonce checks and capability checks, especially on the identified shortcode, presents a potential risk for unintended actions or privilege escalation if the shortcode's functionality were to be exploited.
Despite the absence of direct critical or high-severity issues from the static analysis and vulnerability history, the unescaped output and the lack of authentication/authorization checks on the shortcode are notable weaknesses. The plugin's small attack surface is a mitigating factor, but the identified potential vulnerabilities could still be exploited. A balanced conclusion would highlight the plugin's robust foundation in terms of avoiding common dangerous coding practices, but emphasize the critical need to address output escaping and input validation, particularly for the shortcode.
Key Concerns
- Low percentage of properly escaped output
- Missing nonce checks on shortcode
- Missing capability checks on shortcode
Content Holder Security Vulnerabilities
Content Holder Code Analysis
Output Escaping
Content Holder Attack Surface
Shortcodes 1
WordPress Hooks 10
Maintenance & Trust
Content Holder Maintenance & Trust
Maintenance Signals
Community Trust
Content Holder Alternatives
Apollo13 Framework Extensions
apollo13-framework-extensions
Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.
Content Blocks (Custom Post Widget)
custom-post-widget
This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.
Nested Shortcodes by Outerbridge
nested-shortcodes
A small plugin which allows you to use nest shortcodes (i.e. a shortcode within an enclosing shortcode) by implementing a simple do_shortcode filter
News CPT
news-cpt
A quick, easy way to add an extensible News custom post type to Wordpress.
JKL Unit Converter
jkl-unit-converter
A simple Unit Converter widget that allows you to between various units. (Inspired by Google's Unit Converter.)
Content Holder Developer Profile
2 plugins · 110 total installs
How We Detect Content Holder
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/content-holder/build/index.js/wp-content/plugins/content-holder/build/index.asset.php/wp-content/plugins/content-holder/build/index.jscontent-holder/build/index.js?ver=content-holder/build/index.asset.php?ver=HTML / DOM Fingerprints
content-holder-blockUsing the data from the blocks traverse recursively each innerBlocks
* in attempt to fix the preview and render the custom color code on the element with
* backgroundColor set to primary.data-block="content-holder/block"window.content_holder_block_editor_script[content_holder