WP-Safety

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Security & Risk Analysis

wordpress.org/plugins/custom-sidebars

Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!

100K active installs v3.38 PHP 5.6+ WP 4.6+ Updated Dec 3, 2025
classic-widgetscustom-sidebardynamic-widgetssidebarwidget
98
A · Safe
CVEs total3
Unpatched0
Last CVEOct 4, 2017
Plugin page Download
Safety Verdict

Is Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Safe to Use in 2026?

Generally Safe

Score 98/100

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 4, 2017Updated 4mo ago
Risk Assessment

The "custom-sidebars" plugin v3.38 demonstrates some good security practices, notably its use of prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of critical or high severity taint analysis findings and the fact that all known CVEs are currently patched are positive indicators. However, the plugin has a notable history of high and medium severity vulnerabilities, primarily related to Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS). This history, coupled with the presence of two AJAX handlers lacking authentication checks, presents a significant concern. While the total attack surface is relatively small, the unprotected entry points create potential avenues for attackers to exploit.

Key Concerns

  • Unprotected AJAX handlers
  • History of High/Medium severity CVEs
Vulnerabilities
3

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
2 CVEs in 2017
2017
Patched Has unpatched

Severity Breakdown

High
2
Medium
1

3 total CVEs

CVE-2017-18510high · 8.8Cross-Site Request Forgery (CSRF)

Custom Sidebars <= 3.0.9 - Cross-Site Request Forgery

Oct 4, 2017 Patched in 3.1.0 (2302d)
CVE-2017-18511high · 8.8Cross-Site Request Forgery (CSRF)

Custom Sidebars <= 3.0.8 - Cross-Site Request Forgery

Jun 29, 2017 Patched in 3.0.8.1 (2399d)
WF-239bdac1-c14b-42ff-bee5-130d0bf3394c-custom-sidebarsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom Sidebars < 2.1.0.2 - Reflected Cross Site Scripting

Jan 11, 2015 Patched in 2.1.0.2 (3299d)
Code Analysis
Analyzed Mar 16, 2026

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
6
322 escaped
Nonce Checks
12
Capability Checks
12
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

98% escaped328 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
update_custom_sidebars_allow_author (inc\class-custom-sidebars-editor.php:1465)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 6

authwp_ajax_custom_sidebars_checkup_notification_dismissinc\class-custom-sidebars-checkup-notification.php:41
authwp_ajax_custom_sidebars_metabox_rolesinc\class-custom-sidebars-editor.php:81
authwp_ajax_custom_sidebars_metabox_custom_taxonomiesinc\class-custom-sidebars-editor.php:82
authwp_ajax_custom_sidebars_allow_authorinc\class-custom-sidebars-editor.php:83
authwp_ajax_custom_sidebars_retirement_notice_dismissinc\class-custom-sidebars.php:94
authwp_ajax_cs-ajaxinc\class-custom-sidebars.php:289
WordPress Hooks 74
actionplugins_loadedcustomsidebars.php:140
actioninitcustomsidebars.php:143
actionadmin_noticescustomsidebars.php:144
actioncs_initinc\class-custom-sidebars-checkup-notification.php:3
actionadmin_head-widgets.phpinc\class-custom-sidebars-checkup-notification.php:40
actionadmin_noticesinc\class-custom-sidebars-checkup-notification.php:93
actioncs_initinc\class-custom-sidebars-cloning.php:3
actionin_widget_forminc\class-custom-sidebars-cloning.php:47
actionin_widget_forminc\class-custom-sidebars-cloning.php:54
filterwidget_update_callbackinc\class-custom-sidebars-cloning.php:61
actioncs_initinc\class-custom-sidebars-editor.php:3
actionadd_meta_boxesinc\class-custom-sidebars-editor.php:63
actionsave_postinc\class-custom-sidebars-editor.php:65
actioncs_ajax_requestinc\class-custom-sidebars-editor.php:67
actionadmin_initinc\class-custom-sidebars-editor.php:68
filterscreen_settingsinc\class-custom-sidebars-editor.php:80
filterdefault_hidden_columnsinc\class-custom-sidebars-editor.php:99
actionquick_edit_custom_boxinc\class-custom-sidebars-editor.php:100
actionbulk_edit_custom_boxinc\class-custom-sidebars-editor.php:101
actionadmin_footerinc\class-custom-sidebars-editor.php:102
actionsave_postinc\class-custom-sidebars-editor.php:108
actioncs_initinc\class-custom-sidebars-explain.php:3
actionadmin_bar_menuinc\class-custom-sidebars-explain.php:76
actioncs_explaininc\class-custom-sidebars-explain.php:83
actionwp_footerinc\class-custom-sidebars-explain.php:84
actiondynamic_sidebar_beforeinc\class-custom-sidebars-explain.php:85
actiondynamic_sidebar_afterinc\class-custom-sidebars-explain.php:86
actionwp_print_stylesinc\class-custom-sidebars-explain.php:87
actioncs_initinc\class-custom-sidebars-export.php:4
actionadmin_initinc\class-custom-sidebars-export.php:45
actioncs_widget_headerinc\class-custom-sidebars-export.php:54
actioncs_ajax_requestinc\class-custom-sidebars-export.php:55
actioncs_initinc\class-custom-sidebars-replacer.php:3
actionwidgets_initinc\class-custom-sidebars-replacer.php:35
actionregister_sidebarinc\class-custom-sidebars-replacer.php:38
actionwp_headinc\class-custom-sidebars-replacer.php:42
actionwpinc\class-custom-sidebars-replacer.php:43
actionwp_print_stylesinc\class-custom-sidebars-replacer.php:49
actioncs_initinc\class-custom-sidebars-visibility.php:3
actionin_widget_forminc\class-custom-sidebars-visibility.php:37
filterwidget_update_callbackinc\class-custom-sidebars-visibility.php:44
actioncs_ajax_request_getinc\class-custom-sidebars-visibility.php:63
filtersidebars_widgetsinc\class-custom-sidebars-visibility.php:69
actioncs_initinc\class-custom-sidebars-widgets.php:3
actionwidgets_admin_pageinc\class-custom-sidebars-widgets.php:32
actionadmin_head-widgets.phpinc\class-custom-sidebars-widgets.php:37
actionwidgets_admin_pageinc\class-custom-sidebars-widgets.php:42
actionsidebar_admin_pageinc\class-custom-sidebars-widgets.php:43
filteradmin_body_classinc\class-custom-sidebars-widgets.php:69
actionset_current_userinc\class-custom-sidebars.php:64
actioninitinc\class-custom-sidebars.php:80
actionadmin_initinc\class-custom-sidebars.php:81
filterwpmu_style_versioninc\class-custom-sidebars.php:87
filterwpmu_script_versioninc\class-custom-sidebars.php:88
actionadmin_noticesinc\class-custom-sidebars.php:93
actionadmin_enqueue_scriptsinc\class-custom-sidebars.php:95
actionadmin_footerinc\class-custom-sidebars.php:316
filtersafe_style_cssinc\class-custom-sidebars.php:1224
filtersafe_style_cssinc\class-custom-sidebars.php:1456
actioncs_integrationsinc\integrations\class-custom-sidebars-integration-polylang.php:3
filtercustom_sidebars_integrationsinc\integrations\class-custom-sidebars-integration-polylang.php:34
filtercustom_sidebars_get_locationinc\integrations\class-custom-sidebars-integration-polylang.php:35
filtercustom_sidebars_set_locationinc\integrations\class-custom-sidebars-integration-polylang.php:36
filtercs_replace_sidebarsinc\integrations\class-custom-sidebars-integration-polylang.php:37
actioncs_integrationsinc\integrations\class-custom-sidebars-integration-wml.php:3
filtercustom_sidebars_integrationsinc\integrations\class-custom-sidebars-integration-wml.php:39
filtercustom_sidebars_get_locationinc\integrations\class-custom-sidebars-integration-wml.php:40
filtercustom_sidebars_set_locationinc\integrations\class-custom-sidebars-integration-wml.php:41
filtercs_replace_sidebarsinc\integrations\class-custom-sidebars-integration-wml.php:42
actioncs_integrationsinc\integrations\class-custom-sidebars-integration-wpml.php:3
filtercustom_sidebars_integrationsinc\integrations\class-custom-sidebars-integration-wpml.php:36
filtercustom_sidebars_get_locationinc\integrations\class-custom-sidebars-integration-wpml.php:37
filtercustom_sidebars_set_locationinc\integrations\class-custom-sidebars-integration-wpml.php:38
filtercs_replace_sidebarsinc\integrations\class-custom-sidebars-integration-wpml.php:39
Maintenance & Trust

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version5.6
Downloads5.2M

Community Trust

Rating94/100
Number of ratings1,028
Active installs100K
Alternatives

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Alternatives

Content Aware Sidebars – Fastest Widget Area Plugin

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

A
99

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE
Lightweight Sidebar Manager

Lightweight Sidebar Manager

sidebar-manager

A
100

Create new sidebar areas and display them conditionally on certain pages. Works with all themes.

90K 1 CVE
Simple Page Sidebars

Simple Page Sidebars

simple-page-sidebars

A
92

Easily assign custom, widget-enabled sidebars to any page.

20K No CVEs
SMK Sidebar Generator

SMK Sidebar Generator

smk-sidebar-generator

A
100

Create unlimited custom sidebars and widget areas. Display different sidebars on specific pages, posts, or custom post types with conditional logic.

10K No CVEs
Widgetize Pages Light

Widgetize Pages Light

widgetize-pages-light

D
30

Drop widgets in page or post content area. Widgetized pages. Build your custom Responsive page layout in no time. No coding, easy and fun!

3K 3 unpatched
Developer Profile

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager Developer Profile

WebFactory

28 plugins · 3.5M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
699 days
View full developer profile
Detection Fingerprints

How We Detect Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-sidebars/assets/css/custom-sidebars-admin.css/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-admin.js/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-widgets.js/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-conditions.js/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-conditions-admin.js
Script Paths
/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-admin.js/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-widgets.js/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-conditions.js/wp-content/plugins/custom-sidebars/assets/js/custom-sidebars-conditions-admin.js
Version Parameters
custom-sidebars/assets/css/custom-sidebars-admin.css?ver=custom-sidebars/assets/js/custom-sidebars-admin.js?ver=custom-sidebars/assets/js/custom-sidebars-widgets.js?ver=custom-sidebars/assets/js/custom-sidebars-conditions.js?ver=custom-sidebars/assets/js/custom-sidebars-conditions-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
custom-sidebars-boxcsb-conditional-fieldcsb-conditions-inputcsb-conditions-input-wrappercsb-conditions-wrappercsb-hide-conditional-fieldscsb-sidebar-name-inputcsb-sidebar-wrap+3 more
HTML Comments
<!-- Custom Sidebars: This plugin allows to create widgetized areas and custom sidebars. --><!-- Nothing, just a dummy plugin to display nothing --><!-- IMPORTANT --><!-- Check: is nonce send? -->+8 more
Data Attributes
data-csb-condition-valuedata-csb-conditions-iddata-csb-type
JS Globals
CustomSidebarscustomSidebarsAdmincustomSidebarsWidgets
FAQ

Frequently Asked Questions about Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager