Does Custom latest posts widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom latest posts widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom latest posts widget compatible with WordPress 4.8.28?

According to WordPress.org data, Custom latest posts widget 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Custom latest posts widget updated?

Custom latest posts widget was last updated on Dec 15, 2017. Frequent updates are generally a positive security signal.

What is Custom latest posts widget's security score?

Custom latest posts widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom latest posts widget Security & Risk Analysis

wordpress.org/plugins/custom-latest-posts-widget

Improve your sidebar a widget that shows the most recent posts of your site with excerpt, featured image, post type

10 active installs v1.0 PHP + WP 4.0+ Updated Dec 15, 2017

custom-latest-posts-widgetpostsposts-widgetrecent-postswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom latest posts widget Safe to Use in 2026?

Generally Safe

Score 85/100

Custom latest posts widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The custom-latest-posts-widget plugin version 1.0 demonstrates a generally good security posture regarding common vulnerabilities such as SQL injection, cross-site scripting (XSS), and unauthorized access through its limited attack surface and lack of file operations or external requests. The absence of known CVEs and the exclusive use of prepared statements for SQL queries are significant strengths. However, a concerning weakness lies in its output escaping, with only 9% of outputs being properly escaped. This suggests a high potential for XSS vulnerabilities, as unescaped output can allow attackers to inject malicious scripts that execute in users' browsers. The lack of capability checks and nonce checks, while not directly exploitable given the zero entry points identified, indicates a potential for future vulnerabilities if the plugin's entry points or functionality were to expand without proper security measures being implemented.

Key Concerns

Low percentage of properly escaped output
No capability checks
No nonce checks

Vulnerabilities

None known

Custom latest posts widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Custom latest posts widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

9% escaped45 total outputs

Attack Surface

Custom latest posts widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioninitcustom-latest-posts-widget.php:45

actionwp_enqueue_scriptscustom-latest-posts-widget.php:59

actionwidgets_initcustom-latest-posts-widget.php:306

Maintenance & Trust

Custom latest posts widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedDec 15, 2017

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Custom latest posts widget Alternatives

TW Recent Posts Widget

tw-recent-posts-widget

A simple and flexible widget for WordPress which will show recent posts from selected category allowing increased customization to display recent post …

1K No CVEs