WP-Safety

Cyclone Widgets Security & Risk Analysis

wordpress.org/plugins/cyclone-widget

Cyclone Widgets is a combinations of widgets for the themes made by Cyclone Themes.

100 active installs v0.4 PHP 5.2+ WP 4.6+ Updated Oct 1, 2019
cyclonepostthemeswidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Cyclone Widgets Safe to Use in 2026?

Generally Safe

Score 85/100

Cyclone Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The cyclone-widget plugin v0.4 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and SQL queries (with all queries using prepared statements) are excellent indicators of secure coding practices. The high percentage of properly escaped output further mitigates risks related to cross-site scripting (XSS). The plugin's attack surface is minimal, with only one shortcode, and importantly, no unprotected entry points were identified.

Despite these strengths, the lack of any nonce checks or capability checks across all entry points presents a significant concern. This means that while the plugin might not have directly exploitable vulnerabilities from the static analysis, it's susceptible to CSRF (Cross-Site Request Forgery) attacks. An attacker could potentially trick a logged-in user into triggering actions handled by the shortcode without their knowledge or consent. The vulnerability history being entirely clean is a positive sign, suggesting the developers have maintained a good track record, but it doesn't negate the inherent risk posed by missing authentication and authorization checks.

Key Concerns

  • Missing nonce checks on shortcode
  • Missing capability checks on shortcode
Vulnerabilities
None known

Cyclone Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Cyclone Widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
38
494 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

93% escaped532 total outputs
Attack Surface

Cyclone Widgets Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[cyclone-instragram] index.php:88
WordPress Hooks 18
actionwp_enqueue_scriptsindex.php:13
actionget_headerindex.php:67
actioninitindex.php:139
filtertravelers_blog_recommended_pluginstheme\cyclone-functions.php:13
actioninittheme\inc\cyclone-customizer.php:2
filterpt-ocdi/disable_pt_brandingtheme\inc\demo-content\demo.php:6
filterpt-ocdi/import_filestheme\inc\demo-content\demo.php:8
actiontravelers_blog_before_title_detail_pagetheme\inc\post-views-count.php:27
actiontravelers_blog_before_bodytheme\inc\post-views-count.php:48
actionwidgets_inittheme\inc\widgets\page-info-widget.php:248
actionwidgets_inittheme\inc\widgets\popular-post-widget.php:132
actionwidgets_inittheme\inc\widgets\recent-post-widget.php:158
actionwidgets_inittheme\inc\widgets\sidebar-toggle-widget.php:290
actionwidgets_initwidgets\insta_widget.php:11
actionwidgets_initwidgets\popular-recent.php:7
actionwidgets_initwidgets\post-widget.php:7
actionwidgets_initwidgets\recent_posts.php:7
actionwidgets_initwidgets\social_links.php:6
Maintenance & Trust

Cyclone Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedOct 1, 2019
PHP min version5.2
Downloads9K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Cyclone Widgets Alternatives

Featured Posts Widget for Extra Theme

Featured Posts Widget for Extra Theme

featured-posts-widget-for-extra-theme

A
85

Featured posts in Extra Theme (by Elegant Themes) is widget plugin for displaying featured posts in widget area.

0 No CVEs
Elementor Custom Skin

Elementor Custom Skin

ele-custom-skin

A
92

Create new skins for Elementor PRO 3.x page builder. Design your own skins for Post and Post Archive Widgets using Elementor Loop Templates.

100K No CVEs
Recent Posts Widget With Thumbnails

Recent Posts Widget With Thumbnails

recent-posts-widget-with-thumbnails

A
100

List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!

100K No CVEs
WP Popular Posts

WP Popular Posts

wordpress-popular-posts

A
94

A highly customizable, easy-to-use popular posts plugin!

100K 7 CVEs
Hello Plus

Hello Plus

hello-plus

A
100

Hello+ is a free WordPress plugin designed to work seamlessly with Elementor’s Hello suite of themes.

80K No CVEs
Developer Profile

Cyclone Widgets Developer Profile

Cyclone Themes

2 plugins · 10K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Cyclone Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cyclone-widget/css/style.css/wp-content/plugins/cyclone-widget/icons/font-awesome/css/font-awesome.min.css/wp-content/plugins/cyclone-widget/js/instagram.min.js/wp-content/plugins/cyclone-widget/js/custom.js
Script Paths
/wp-content/plugins/cyclone-widget/js/instagram.min.js/wp-content/plugins/cyclone-widget/js/custom.js
Version Parameters
cyclone_widgets_style-cssinstagramcyclone_widgets_custom-js

HTML / DOM Fingerprints

CSS Classes
instagram_sectioninstagram-wrapperinstagram_pageinstagram_shortcodecontent-stylcontent-tagtag-blackpost-tag
Data Attributes
data-insta-user-iddata-insta-usernamedata-insta-access-tokendata-no-of-pic-to-show
JS Globals
jQuery
Shortcode Output
<section class="section instagram_section"><div class="instagram-wrapper clearfix text-center"><h3><a target="_blank" href="https://instagram.com/<div id="instagram_instagram-wrapper clearfix text-center"></div>
FAQ

Frequently Asked Questions about Cyclone Widgets