Does Disable Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in Disable Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Disable Widgets compatible with WordPress 4.9.29?

According to WordPress.org data, Disable Widgets 2.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Disable Widgets updated?

Disable Widgets was last updated on Apr 26, 2018. Frequent updates are generally a positive security signal.

What is Disable Widgets's security score?

Disable Widgets has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disable Widgets Security & Risk Analysis

wordpress.org/plugins/disable-widgets

Disable unused sidebar widgets.

40 active installs v2.0 PHP + WP 3.8+ Updated Apr 26, 2018

admindisable-widgetssidebar-widgetswidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Disable Widgets Safe to Use in 2026?

Generally Safe

Score 85/100

Disable Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "disable-widgets" v2.0 plugin exhibits a strong security posture based on the static analysis. The absence of any identified attack surface entry points, dangerous functions, raw SQL queries, file operations, external HTTP requests, or critical taint flows is highly commendable. The plugin also demonstrates good practices by having a high percentage of properly escaped output and appears to have no known vulnerabilities in its history. This suggests a well-developed and secure plugin.

However, the complete absence of nonce checks and capability checks across all potential entry points (though none are present in this analysis) is a theoretical concern. If any entry points were to be introduced in future versions or through misconfiguration, they would be unprotected. The 80% output escaping, while good, also implies that 20% of outputs are not escaped, which could lead to cross-site scripting (XSS) vulnerabilities if those outputs contain user-supplied data.

Overall, "disable-widgets" v2.0 presents a very low risk profile. The plugin's core functionality seems to be implemented securely. The primary area for improvement, and a minor weakness, is the lack of explicit security checks like nonces and capability checks, which would further harden the plugin against potential future threats or vulnerabilities.

Key Concerns

Unescaped output (20%)
No nonce checks
No capability checks

Vulnerabilities

None known

Disable Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Disable Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped5 total outputs

Attack Surface

Disable Widgets Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actioninitdisable-widgets.php:41

actionadmin_initdisable-widgets.php:44

actionnetwork_admin_menudisable-widgets.php:47

actionadmin_menudisable-widgets.php:48

actionwidgets_initdisable-widgets.php:52

actionwidgets_initdisable-widgets.php:56

Maintenance & Trust

Disable Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 26, 2018

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

Disable Widgets Alternatives

Widget Disable

wp-widget-disable

Disable sidebar and dashboard widgets with an easy to use interface.

10K No CVEs

Desert Companion

desert-companion

100

Desert Companion Enhances Desert Themes with additional functionality.

20K No CVEs

SpiceBox

spicebox

100

Enhance Spicethemes WordPress Themes functionality.

20K No CVEs

Arile Extra

arile-extra

100

Arile Extra is a companion plugin for ArileWP WordPress theme by ThemeArile.

10K No CVEs

Daddy Plus

daddy-plus

100

Daddy Plus is a useful plugin for WordPress theme by Themes Daddy.

9K No CVEs

Developer Profile

Disable Widgets Developer Profile

Jan Štětina

8 plugins · 200 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Disable Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

disabled-widgets

Data Attributes

name="disabled-widgetsid="disabled-widgets

FAQ