WP-Safety

Dynamic Widget Content Security & Risk Analysis

wordpress.org/plugins/dynamic-widget-content

Dynamic widget content for single pages and posts. Manually set your widget content while editing the post.

400 active installs v1.3.8 PHP + WP 3.5+ Updated Jan 22, 2026
dynamic-contentwidgets
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 4, 2026
Download
Safety Verdict

Is Dynamic Widget Content Safe to Use in 2026?

Generally Safe

Score 99/100

Dynamic Widget Content has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 4, 2026Updated 3mo ago
Risk Assessment

The dynamic-widget-content plugin v1.3.8 exhibits a mixed security posture. While the static analysis shows no exploitable attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events, and all SQL queries are prepared, there are significant concerns regarding output escaping. A substantial 70% of output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history reveals one past medium-severity XSS vulnerability, which, combined with the current unescaped output, suggests a recurring weakness in sanitizing user-provided data before it's displayed. Despite a lack of critical taint flows and dangerous functions in the current static analysis, the prevalence of unescaped output is a major red flag that could allow for malicious code injection.

Key Concerns

  • Significant percentage of unescaped output detected
  • Past medium severity XSS vulnerability
Vulnerabilities
1 published

Dynamic Widget Content Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1268medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field

Feb 4, 2026 Patched in 1.3.7 (1d)
Version History

Dynamic Widget Content Release Timeline

v1.3.8Current
v1.3.7
v1.3.01 CVE
CVE-2026-1268
v1.21 CVE
CVE-2026-1268
Code Analysis
Analyzed Apr 16, 2026

Dynamic Widget Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
33
14 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

30% escaped47 total outputs
Attack Surface

Dynamic Widget Content Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
actioninitdynamic-widget-content.php:97
actioninithelpers/blocks.php:28
actioninithelpers/blocks.php:29
actionenqueue_block_editor_assetshelpers/blocks.php:30
actionadmin_inithelpers/giveaway.php:7
actionadmin_noticeshelpers/giveaway.php:8
actionadmin_inithelpers/meta_box.php:9
actionsave_posthelpers/meta_box.php:10
actionafter_setup_themehelpers/vafpress.php:7
actionwidgets_inithelpers/widget.php:90
actionwidgets_inithelpers/widget_2.php:90
actionwidgets_inithelpers/widget_3.php:90
Maintenance & Trust

Dynamic Widget Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version
Downloads15K

Community Trust

Rating98/100
Number of ratings8
Active installs400
Alternatives

Dynamic Widget Content Alternatives

AddonNest for Elementor

AddonNest for Elementor

addonnest

A
100

Supercharge Elementor with 20+ premium-quality widgets for stunning websites. No coding needed!

0 No CVEs
Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 24 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Developer Profile

Dynamic Widget Content Developer Profile

Brecht

7 plugins · 79K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
103 days
View full developer profile
Detection Fingerprints

How We Detect Dynamic Widget Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dynamic-widget-content/dist/blocks.js
Script Paths
/wp-content/plugins/dynamic-widget-content/dist/blocks.js
Version Parameters
dynamic-widget-content/dist/blocks.js?ver=

HTML / DOM Fingerprints

CSS Classes
dwc-widget-containerdwc-widget
Data Attributes
data-block=\"dynamic-widget-content/widget\"data-block=\"dynamic-widget-content/widget-2\"data-block=\"dynamic-widget-content/widget-3\"
JS Globals
dwc_blocks
REST Endpoints
/wp-json/wp/v2/posts?_fields=id,meta&meta=dwc-title/wp-json/wp/v2/posts?_fields=id,meta&meta=dwc-content/wp-json/wp/v2/posts?_fields=id,meta&meta=dwc-title-2/wp-json/wp/v2/posts?_fields=id,meta&meta=dwc-content-2/wp-json/wp/v2/posts?_fields=id,meta&meta=dwc-title-3/wp-json/wp/v2/posts?_fields=id,meta&meta=dwc-content-3
FAQ

Frequently Asked Questions about Dynamic Widget Content