Does Content Switcher have any unpatched vulnerabilities?

No. All known vulnerabilities in Content Switcher have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Content Switcher compatible with WordPress 6.8.5?

According to WordPress.org data, Content Switcher 5.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Content Switcher compatible with PHP 5.3+?

Content Switcher requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Content Switcher updated?

Content Switcher was last updated on Sep 9, 2025. Frequent updates are generally a positive security signal.

What is Content Switcher's security score?

Content Switcher has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Content Switcher Security & Risk Analysis

wordpress.org/plugins/content-switcher

Allows you to easily display a random number, a random or variable content on your website.

100 active installs v5.0.1 PHP 5.3+ WP 3.5+ Updated Sep 9, 2025

contentcookieenvgetglobals

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Content Switcher Safe to Use in 2026?

Generally Safe

Score 100/100

Content Switcher has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The content-switcher plugin v5.0.1 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities, no dangerous functions, no SQL queries without prepared statements, and no file operations or external HTTP requests. The limited attack surface of 2 shortcodes is a strength, particularly as there are no unprotected entry points. However, a significant concern is the lack of output escaping, with 0% of its 3 total outputs being properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the absence of nonce checks on its entry points means that it is susceptible to Cross-Site Request Forgery (CSRF) attacks if any of its functionality can be triggered by unauthenticated users or through malicious links.

The vulnerability history shows a clean slate, which is positive and suggests the developers have been diligent or the plugin has not been a target. However, this does not negate the immediate risks identified in the static analysis, specifically the unescaped output. The plugin's strengths lie in its limited attack surface and absence of common dangerous code patterns. Its primary weaknesses are the unescaped outputs and the lack of nonce checks, which create exploitable security holes that could allow for XSS and CSRF attacks.

Key Concerns

All outputs are unescaped
No nonce checks present

Vulnerabilities

None known

Content Switcher Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Content Switcher Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

Content Switcher Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[string] shortcodes.php:13

[string] shortcodes.php:73

WordPress Hooks 3

actionadd_meta_boxesadmin.php:21

filterplugin_row_metaadmin.php:30

filterwp_insert_post_datacontent-switcher.php:81

Maintenance & Trust

Content Switcher Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 9, 2025

PHP min version5.3

Downloads16K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Content Switcher Alternatives

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

Rara One Click Demo Import

rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K 1 CVE

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

af-companion

100

Quickly import live demo content, widgets and settings with one click

10K 1 CVE

Cookies and Content Security Policy

cookies-and-content-security-policy

Be fully GDPR and CCPA compliant through Content Security Policy. Blocks cookies and unwanted external content.

10K 2 CVEs

Content Blocks (Custom Post Widget)

custom-post-widget

This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.

10K 5 CVEs

Developer Profile

Content Switcher Developer Profile

Kleor

4 plugins · 1K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

64 days

View full developer profile

Detection Fingerprints

How We Detect Content Switcher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/content-switcher/css/content-switcher.css/wp-content/plugins/content-switcher/js/content-switcher.js

Script Paths

/wp-content/plugins/content-switcher/js/content-switcher.js

Version Parameters

content-switcher/css/content-switcher.css?ver=content-switcher/js/content-switcher.js?ver=

HTML / DOM Fingerprints

CSS Classes

content-switcher

Data Attributes

data-content-switcher-namedata-content-switcher-filterdata-content-switcher-stringdata-content-switcher-typedata-content-switcher-valuesdata-content-switcher-digits+4 more

JS Globals

content_switcher_string

Shortcode Output

[content-switcher-random-content][content-switcher-random-number][content-switcher-variable-content][content-switcher-variable-string]

FAQ