WP-Safety

Easy Custom Sidebars Security & Risk Analysis

wordpress.org/plugins/easy-custom-sidebars

This plugin allows you to replace any sidebar/widget area in your theme without writing a single line of code!

10K active installs v2.0.1 PHP 7.0.0+ WP 5.8+ Updated Jul 23, 2021
create-sidebarscustom-sidebarsdynamic-sidebarreplace-sidebarsunlimited-sidebars
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Custom Sidebars Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Custom Sidebars has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The static analysis of easy-custom-sidebars v2.0.1 indicates a strong security posture. The plugin demonstrates excellent adherence to secure coding practices, with 100% of its SQL queries utilizing prepared statements and all output being properly escaped. Furthermore, all identified entry points, including REST API routes, are protected by capability checks, and there are no dangerous functions, file operations, or external HTTP requests detected. The absence of taint analysis findings and a clean vulnerability history further solidify this positive assessment.

While the plugin exhibits robust security measures, a notable observation is the complete absence of nonce checks across all its entry points, including the 5 REST API routes. This represents a potential, albeit likely minor, risk. Given the comprehensive use of capability checks, the impact of missing nonces might be mitigated, but it's still a departure from best practices for securing web applications against certain types of attacks, such as Cross-Site Request Forgery (CSRF), particularly if these REST API endpoints handle state-changing operations. The plugin's lack of historical vulnerabilities is a significant strength, suggesting consistent development focus on security.

Key Concerns

  • Missing nonce checks on REST API routes
Vulnerabilities
None known

Easy Custom Sidebars Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Custom Sidebars Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Easy Custom Sidebars Attack Surface

Entry Points5
Unprotected0

REST API Routes 5

DELETE/wp-json/easy-custom-sidebars/v1sidebar_instancessrc\includes\api.php:22
GET/wp-json/easy-custom-sidebars/v1/default-sidebarssrc\includes\api.php:44
GET/wp-json/easy-custom-sidebars/v1/attachments/(?P<id>\d+)src\includes\api.php:81
GET/wp-json/easy-custom-sidebars/v1/page-templatessrc\includes\api.php:110
POST/wp-json/easy-custom-sidebars/v1/hide-pointersrc\includes\api.php:132
WordPress Hooks 31
actionadmin_initsrc\includes\admin.php:42
actionadmin_menusrc\includes\admin.php:56
actionadmin_enqueue_scriptssrc\includes\admin.php:140
actionrest_api_initsrc\includes\api.php:19
actionrest_api_initsrc\includes\api.php:41
actionrest_api_initsrc\includes\api.php:63
actionrest_api_initsrc\includes\api.php:78
actionrest_api_initsrc\includes\api.php:107
actionrest_api_initsrc\includes\api.php:129
filterregister_taxonomy_argssrc\includes\api.php:151
actionwp_footersrc\includes\customizer.php:38
actioninitsrc\includes\data.php:46
actioninitsrc\includes\data.php:106
filterecs_sidebar_attachmentssrc\includes\data.php:176
filterecs_sidebar_attachmentssrc\includes\deprecated.php:14
filterecs_sidebar_idsrc\includes\deprecated.php:58
filtersidebars_widgetssrc\includes\frontend.php:81
filterecs_widget_area_replacement_idsrc\includes\frontend.php:277
filterecs_widget_area_replacement_idsrc\includes\frontend.php:313
filterecs_widget_area_replacement_idsrc\includes\frontend.php:349
filterecs_widget_area_replacement_idsrc\includes\frontend.php:385
filterecs_widget_area_replacement_idsrc\includes\frontend.php:429
filterecs_widget_area_replacement_idsrc\includes\frontend.php:473
filterecs_widget_area_replacement_idsrc\includes\frontend.php:517
filterecs_widget_area_replacement_idsrc\includes\frontend.php:560
filterecs_widget_area_replacement_idsrc\includes\frontend.php:607
filterecs_widget_area_replacement_idsrc\includes\frontend.php:658
filterecs_widget_area_replacement_idsrc\includes\frontend.php:706
filterecs_widget_area_replacement_idsrc\includes\frontend.php:754
filterecs_widget_area_replacement_idsrc\includes\frontend.php:790
actionwidgets_initsrc\includes\setup.php:45
Maintenance & Trust

Easy Custom Sidebars Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJul 23, 2021
PHP min version7.0.0
Downloads308K

Community Trust

Rating82/100
Number of ratings40
Active installs10K
Alternatives

Easy Custom Sidebars Alternatives

Multiple Sidebar Generator

Multiple Sidebar Generator

multiple-sidebar-generator

A
85

Easily assign custom, widget-enabled sidebars to any page.

100 No CVEs
Content Aware Sidebars – Fastest Widget Area Plugin

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

A
99

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE
Ocean Custom Sidebar

Ocean Custom Sidebar

ocean-custom-sidebar

A
100

Generates an unlimited number of sidebars and place them on any page you wish. Go to Theme Panel > Sidebars to create your custom sidebars.

30K No CVEs
Simple Page Sidebars

Simple Page Sidebars

simple-page-sidebars

A
92

Easily assign custom, widget-enabled sidebars to any page.

20K No CVEs
Stag Custom Sidebars

Stag Custom Sidebars

stag-custom-sidebars

A
85

Create custom dynamic sidebars and use anywhere with shortcodes.

2K No CVEs
Developer Profile

Easy Custom Sidebars Developer Profile

Sunny Johal

2 plugins · 110K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Custom Sidebars

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-custom-sidebars/src/dist/pointer.js/wp-content/plugins/easy-custom-sidebars/src/dist/admin.css/wp-content/plugins/easy-custom-sidebars/src/dist/admin.js
Script Paths
https://fonts.googleapis.com/icon?family=Material+Icons
Version Parameters
easy-custom-sidebars/pointer.js?ver=easy-custom-sidebars/admin.css?ver=easy-custom-sidebars/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
ecs-root
HTML Comments
<!-- Easy Custom Sidebars v2.0.1 --><!-- This screen is used for managing your custom sidebars. It provides a way to replace the default widg
Data Attributes
data-reactroot
JS Globals
easy_custom_sidebars
FAQ

Frequently Asked Questions about Easy Custom Sidebars