WP-Safety

Custom Content Security & Risk Analysis

wordpress.org/plugins/custom-content

Custom Content plugin Extend the Visual Composer with ES Modules (ES Custom Content) display custom contents using shortcode, widgets and VC module.

60 active installs v1.1 PHP + WP 6.3+ Updated Sep 19, 2024
custom-contentcustom-content-widgetcustom-contentscustom-post-widgeteasysoftonic
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom Content Safe to Use in 2026?

Generally Safe

Score 92/100

Custom Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'custom-content' plugin v1.1 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a lack of critical vulnerabilities in taint analysis are positive indicators. The plugin also utilizes prepared statements for all SQL queries and has a single nonce check, suggesting some attention to common security pitfalls. However, a significant concern arises from the lack of proper output escaping for all identified outputs. This weakness could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered directly without sanitization. Furthermore, the absence of capability checks on any of the entry points is a notable oversight, as it implies that any authenticated user, regardless of their role, could potentially interact with these functionalities, increasing the attack surface for privilege escalation or unauthorized actions. While the plugin has a clean history, the current code analysis reveals areas that require immediate attention to prevent potential security incidents.

Key Concerns

  • No output escaping implemented
  • No capability checks on entry points
Vulnerabilities
None known

Custom Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped22 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
escc_save_ajax (custom-content.php:121)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Custom Content Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_escc_data_savecustom-content.php:120

Shortcodes 2

[es_custom_content] inc\custom-content-register.php:66
[es_custom_content_module_vc] inc\custom-content-vc-module.php:11
WordPress Hooks 10
actionwp_enqueue_scriptscustom-content.php:36
filterwidget_textcustom-content.php:39
actionadmin_menucustom-content.php:42
actioninitinc\custom-content-register.php:4
filtermanage_custom-content_posts_columnsinc\custom-content-register.php:46
actionmanage_custom-content_posts_custom_columninc\custom-content-register.php:47
actioninitinc\custom-content-register.php:68
actioninitinc\custom-content-vc-module.php:8
actionadmin_noticesinc\custom-content-vc-module.php:18
actionwidgets_initinc\custom-content-widget.php:118
Maintenance & Trust

Custom Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 19, 2024
PHP min version
Downloads2K

Community Trust

Rating60/100
Number of ratings2
Active installs60
Alternatives

Custom Content Alternatives

Custom Content Display in WooCommerce Invoicess

Custom Content Display in WooCommerce Invoicess

custom-content-for-invoices

A
92

WooCommerce Custom Content for Invoices plugin display custom contents or values into your invoices.

0 No CVEs
Essential Content Types

Essential Content Types

essential-content-types

A
100

Essential Content Types allows you to feature the impressive content through different content/post types on your website just the way you want it.

20K No CVEs
DeMomentSomTres compatible VC & CPW

DeMomentSomTres compatible VC & CPW

demomentsomtres-vc-cpw

A
85

Sets Custom Post Widget post type to be public in order to make it compatible with Visual Composer

100 No CVEs
Simple Custom Content

Simple Custom Content

simple-custom-content

A
100

Easily add custom content to your WP Posts, Pages, and RSS Feeds.

100 No CVEs
Custom Post Display

Custom Post Display

custom-post-display

A
85

The Custom Post Display Plugin lets you add a widget that displays the content of your desired custom post type.

50 No CVEs
Developer Profile

Custom Content Developer Profile

Umair Saleem

5 plugins · 210 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-content/assets/css/styles.css
Version Parameters
plugins_url('assets/css/styles.cssplugins_url('assets/images/menuicon.png

HTML / DOM Fingerprints

HTML Comments
<!-- Custom Content display the custom contents into a page by useing shortcode [es_custom_content id="2269"] or by using VC Module or by using Wordpress Widget. --><!-- If you want disable or enable you can do this by clicking down options. -->
Data Attributes
name="escc_form"id="escc_form"
JS Globals
ajaxurl
REST Endpoints
wp_ajax_escc_data_save
Shortcode Output
[es_custom_content id=
FAQ

Frequently Asked Questions about Custom Content