Does CrunchBase API Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in CrunchBase API Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CrunchBase API Widget compatible with WordPress 3.5.2?

According to WordPress.org data, CrunchBase API Widget 1.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is CrunchBase API Widget updated?

CrunchBase API Widget was last updated on Feb 8, 2014. Frequent updates are generally a positive security signal.

What is CrunchBase API Widget's security score?

CrunchBase API Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CrunchBase API Widget Security & Risk Analysis

wordpress.org/plugins/crunchbase-api-widget

Add CrunchBase company details widgets to your posts , pages and blog widgets

10 active installs v1.0 PHP + WP 3.3+ Updated Feb 8, 2014

companycompany-contact-informationcompany-listingcrunchbase

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CrunchBase API Widget Safe to Use in 2026?

Generally Safe

Score 85/100

CrunchBase API Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "crunchbase-api-widget" v1.0 plugin exhibits a generally good security posture with no recorded vulnerabilities and a clean taint analysis. The absence of dangerous functions, external HTTP requests, and raw SQL queries, coupled with the use of prepared statements, are strong indicators of secure coding practices in these areas. The plugin also correctly implements capability checks for its single entry point.

However, a significant concern arises from the complete lack of output escaping for all identified output points. This means that any data rendered by the widget could potentially be manipulated by an attacker to inject malicious code, leading to cross-site scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks, while not directly linked to an identified vulnerability in this analysis, is a common security control that is missing and could be exploited in conjunction with other weaknesses or in future versions if new entry points are introduced.

In conclusion, while the plugin demonstrates a solid foundation in areas like SQL handling and capability checks, the widespread lack of output escaping presents a critical security risk that overshadows its strengths. The vulnerability history being clean is a positive sign, but it does not mitigate the immediate threat posed by unescaped output.

Key Concerns

0% of outputs properly escaped
0 nonce checks implemented

Vulnerabilities

None known

CrunchBase API Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

CrunchBase API Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped13 total outputs

Attack Surface

CrunchBase API Widget Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cb] crunchbase.php:224

WordPress Hooks 2

actionwidgets_initcrunchbase.php:227

actionadmin_menucrunchbase.php:230

Maintenance & Trust

CrunchBase API Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedFeb 8, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

CrunchBase API Widget Alternatives

MAS Companies For WP Job Manager

mas-wp-job-manager-company

MAS Companies For WP Job Manager is a free plugin that allow you to manage companies from the WordPress admin panel, and allow employers to post their …

2K 1 CVE