TTC Coppermine Badge Widget Security & Risk Analysis

wordpress.org/plugins/coppermine-badge-widget

Create a badge of your most recent Coppermine gallery photos in your sidebar

10 active installs v1.0 PHP + WP + Updated Dec 17, 2007
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is TTC Coppermine Badge Widget Safe to Use in 2026?

Generally Safe

Score 85/100

TTC Coppermine Badge Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 18yr ago
Risk Assessment

The 'coppermine-badge-widget' plugin, version 1.0, exhibits a very limited attack surface with no identified entry points in the static analysis. This, combined with the absence of known vulnerabilities and a clean vulnerability history, suggests a potentially robust security posture at first glance. The plugin also utilizes prepared statements for all SQL queries, which is a strong security practice against SQL injection. However, a significant concern arises from the complete lack of output escaping for all eight identified output points. This means that any data rendered by the widget, if it originates from user input or external sources, could be vulnerable to cross-site scripting (XSS) attacks.

The static analysis did not reveal any dangerous functions, file operations, external HTTP requests, or taint flows, which are positive indicators. The lack of nonce and capability checks across the entire plugin, while mitigated by the absence of AJAX handlers and REST API routes, still represents a potential area for future vulnerability if such features were to be added without proper security considerations. Given the current version and analysis, the primary risk is XSS due to unescaped output. While the plugin has no recorded history of vulnerabilities, this can be attributed to its limited scope and lack of complex features. The absence of critical or high severity issues in static analysis and history is reassuring, but the unescaped output is a notable weakness that needs addressing.

Key Concerns

  • All output is unescaped
  • No nonce checks present
  • No capability checks present
Vulnerabilities
None known

TTC Coppermine Badge Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

TTC Coppermine Badge Widget Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

TTC Coppermine Badge Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped8 total outputs
Attack Surface

TTC Coppermine Badge Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initttc_coppermine_badge_widget.php:156
Maintenance & Trust

TTC Coppermine Badge Widget Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedDec 17, 2007
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

TTC Coppermine Badge Widget Alternatives

No alternatives data available yet.

Developer Profile

TTC Coppermine Badge Widget Developer Profile

ljmacphee

6 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TTC Coppermine Badge Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes
id="ttc_coppermine_badge-title"name="ttc_coppermine_badge-title"id="ttc_coppermine_badge-thumbnails"name="ttc_coppermine_badge-thumbnails"id="ttc_coppermine_badge-random"name="ttc_coppermine_badge-random"+2 more
FAQ

Frequently Asked Questions about TTC Coppermine Badge Widget