Does Custom IFrame Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom IFrame Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom IFrame Widget compatible with WordPress 3.2.1?

According to WordPress.org data, Custom IFrame Widget 1.1 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Custom IFrame Widget updated?

Custom IFrame Widget was last updated on Nov 19, 2011. Frequent updates are generally a positive security signal.

What is Custom IFrame Widget's security score?

Custom IFrame Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom IFrame Widget Security & Risk Analysis

wordpress.org/plugins/custom-iframe-widget

A Custom IFrame Widget, You can use it in page, post or in widget

80 active installs v1.1 PHP + WP 2.6+ Updated Nov 19, 2011

iframeiframe-in-pagepostiframe-in-sidebar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom IFrame Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Custom IFrame Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "custom-iframe-widget" plugin v1.1 exhibits a mixed security posture, with some strengths but notable weaknesses. The plugin's attack surface is commendably small, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the absence of any known CVEs in its vulnerability history suggests a generally stable past. However, the code analysis reveals significant concerns. The presence of the `create_function` is a major red flag, as it can be leveraged for arbitrary code execution in certain contexts. While all SQL queries use prepared statements, a very low percentage of output is properly escaped (19%), indicating a high risk of cross-site scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks on any entry points, though there are none identified, is a concern that could become relevant if the attack surface expands. The taint analysis shows no identified flows, which is positive but may be limited by the analysis's depth given the other code signals.

In conclusion, while the plugin has a clean vulnerability history and a minimal attack surface, the identified `create_function` and the extremely poor output escaping practices represent critical security risks. These issues significantly outweigh the positive aspects and necessitate immediate attention. The plugin is vulnerable to arbitrary code execution and XSS attacks due to these critical findings.

Key Concerns

Presence of dangerous function: create_function
Low percentage of properly escaped output
No nonce checks
No capability checks

Vulnerabilities

None known

Custom IFrame Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom IFrame Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget("Custom_IFrame_Widget");' ) );custom-iframe-widget.php:189

Output Escaping

19% escaped52 total outputs

Attack Surface

Custom IFrame Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterthe_contentcustom-iframe-widget.php:186

filterthe_excerptcustom-iframe-widget.php:187

actionwidgets_initcustom-iframe-widget.php:189

Maintenance & Trust

Custom IFrame Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedNov 19, 2011

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs80

Alternatives

Custom IFrame Widget Alternatives

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

Advanced iFrame

advanced-iframe

Include content the way YOU like in an iframe that can hide and modify elements, does auto-height, forward parameters and does many, many more...

40K 1 unpatched

BJ Lazy Load

bj-lazy-load

Lazy loading for images and iframes makes your site load faster and saves bandwidth. Uses no external JS libraries and degrades gracefully for non-js …

20K 1 CVE

Embed Privacy

embed-privacy

100

Embed Privacy prevents the loading of embedded external content and allows your site visitors to opt-in.

10K 1 CVE

Simple Iframe

simple-iframe

Easily insert iframes inside the block editor.

7K 1 CVE

Developer Profile

Custom IFrame Widget Developer Profile

rounitmorya

3 plugins · 410 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom IFrame Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

outerdivinneriframe

HTML Comments

  <div class="website-part" style="position:relative; width:300px; height:300px; overflow:hidden;">
				<iframe src="<?php echo $url; ?>" width="<?php echo $width; ?>" height="<?php echo $height; ?>" scrolling="no" id="website-frame-part" style="position:absolute; top:-393px;left:-832px;"></iframe>262/190, 1280/583
        	</div>

Data Attributes

data-widget_type="custom_iframe_widget"

JS Globals

scro11me

Shortcode Output

[ShaktiIFrame url<iframe class="

FAQ