Does Custom Global Variables have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Global Variables have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Global Variables compatible with WordPress 6.1.10?

According to WordPress.org data, Custom Global Variables 1.1.2 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Custom Global Variables compatible with PHP 5.6+?

Custom Global Variables requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Custom Global Variables updated?

Custom Global Variables was last updated on Mar 22, 2023. Frequent updates are generally a positive security signal.

What is Custom Global Variables's security score?

Custom Global Variables has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Global Variables Security & Risk Analysis

wordpress.org/plugins/custom-global-variables

Easily create custom variables that can be accessed globally in Wordpress and PHP. Retrieval of information is extremely fast, with no database calls.

5K active installs v1.1.2 PHP 5.6+ WP 3.0.1+ Updated Mar 22, 2023

custom-global-variablesoptionssettingsshortcodesvariables

A · Safe

CVEs total1

Unpatched0

Last CVEJan 11, 2021

Plugin page Download

Safety Verdict

Is Custom Global Variables Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Global Variables has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 11, 2021Updated 3yr ago

Risk Assessment

The 'custom-global-variables' plugin, version 1.1.2, presents a mixed security profile. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and incorporates nonce and capability checks. The attack surface is minimal, with only one shortcode and no AJAX handlers, REST API routes, or cron events, and crucially, all entry points appear to be protected. Taint analysis shows no critical or high-severity vulnerabilities, suggesting a lack of complex data flow issues in this version.

However, there are significant concerns. A substantial portion (64%) of output escaping is not properly handled, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also performs file operations without explicit indication of sanitization or permission checks, and the history of one medium-severity CVE for XSS in 2021 highlights a past weakness in output neutralization. While the current version has no unpatched CVEs, the historical XSS vulnerability and the high rate of unescaped output are concerning indicators that input validation and output escaping require careful attention to prevent potential security breaches.

Key Concerns

High percentage of unescaped output
Past XSS vulnerability (medium severity)
File operations without clear security checks

Vulnerabilities

Custom Global Variables Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-3124medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting via 'name'

Jan 11, 2021 Patched in 1.1.1 (1107d)

Code Analysis

Analyzed Mar 16, 2026

Custom Global Variables Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

36% escaped14 total outputs

Attack Surface

Custom Global Variables Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cgv] custom-global-variables.php:51

WordPress Hooks 1

actionadmin_menucustom-global-variables.php:48

Maintenance & Trust

Custom Global Variables Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 22, 2023

PHP min version5.6

Downloads21K

Community Trust

Rating100/100

Number of ratings10

Active installs5K

Alternatives

Custom Global Variables Alternatives

Template Dictionary

template-dictionary

A plugin for developers which provides template variables dictionary editable in backend.

10 No CVEs

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

CMB2

cmb2

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE

OptionTree

option-tree

Theme Options UI Builder for WordPress. A simple way to create & save Theme Options and Meta Boxes for free or premium themes.

60K 5 CVEs

Catch Themes Demo Import

catch-themes-demo-import

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …

6K 2 CVEs

Developer Profile

Custom Global Variables Developer Profile

akirak

1 plugin · 5K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

1107 days

View full developer profile

Detection Fingerprints

How We Detect Custom Global Variables

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-global-variables/style.css/wp-content/plugins/custom-global-variables/script.js

Script Paths

/wp-content/plugins/custom-global-variables/script.js

Version Parameters

custom-global-variables/style.css?ver=custom-global-variables/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

custom-global-variables-stylecustom-global-variables-script

Data Attributes

id="custom-global-variables-table-definitions"

JS Globals

cgv

Shortcode Output

[cgv echo $GLOBALS['cgv']['

FAQ