Does Expandable FAQ have any unpatched vulnerabilities?

No. All known vulnerabilities in Expandable FAQ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Expandable FAQ compatible with WordPress 5.2.24?

According to WordPress.org data, Expandable FAQ 6.1.10 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Expandable FAQ compatible with PHP 5.6+?

Expandable FAQ requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Expandable FAQ updated?

Expandable FAQ was last updated on Aug 12, 2019. Frequent updates are generally a positive security signal.

What is Expandable FAQ's security score?

Expandable FAQ has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Expandable FAQ Security & Risk Analysis

wordpress.org/plugins/expandable-faq

It’s a MIT-licensed (can be used in premium themes), high quality, native and responsive WordPress plugin to create and view expandable F.A.Q.'s

50 active installs v6.1.10 PHP 5.6+ WP 4.6+ Updated Aug 12, 2019

collapsecollapsibleexpandexpandablefaqs

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Expandable FAQ Safe to Use in 2026?

Generally Safe

Score 85/100

Expandable FAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "expandable-faq" plugin version 6.1.10 presents a generally good security posture based on the provided static analysis. The plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for a high percentage of its SQL queries and properly escaping a majority of its output. The absence of any recorded vulnerabilities (CVEs) further reinforces this positive outlook, suggesting a history of secure development and maintenance.

However, there are areas that warrant attention. The taint analysis reveals two flows with unsanitized paths, which, while not flagged as critical or high severity in this instance, represent a potential risk. The lack of any nonce checks across the entire plugin is a significant concern, as this is a fundamental security measure in WordPress for preventing Cross-Site Request Forgery (CSRF) attacks, particularly if any future functionality introduces new entry points or modifies existing ones.

While the plugin currently has zero entry points without authentication checks, the absence of nonce checks is a weakness that could be exploited if vulnerabilities in other areas were to arise. The bundled DataTables library version 1.10.18 is also an older version and could potentially harbor its own unpatched vulnerabilities. Overall, the plugin is in a relatively secure state due to its SQL and output sanitization practices and lack of historical vulnerabilities, but the lack of nonce checks and the outdated bundled library are notable weaknesses.

Key Concerns

Taint flows with unsanitized paths
Missing nonce checks
Bundled outdated library: DataTables v1.10.18

Vulnerabilities

None known

Expandable FAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Expandable FAQ Code Analysis

Dangerous Functions

Raw SQL Queries

41 prepared

Unescaped Output

158

597 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables1.10.18

SQL Query Safety

87% prepared47 total queries

Output Escaping

79% escaped755 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

getValidValueInput (Models\Validation\StaticValidator.php:1611)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Expandable FAQ Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

filterbody_classControllers\Front\AssetController.php:70

actionadmin_noticesControllers\MainController.php:72

actionadmin_noticesControllers\MainController.php:82

actionadmin_noticesControllers\MainController.php:92

actionadmin_noticesControllers\MainController.php:113

filterplugin_row_metaControllers\MainController.php:133

actionnetwork_admin_menuControllers\MainController.php:153

filteradmin_footer_textControllers\MainController.php:155

filternetwork_admin_menuControllers\MainController.php:157

actionadmin_menuControllers\MainController.php:167

filteradmin_footer_textControllers\MainController.php:169

filteradmin_menuControllers\MainController.php:171

actionwpmu_new_blogControllers\MainController.php:178

actiondelete_blogControllers\MainController.php:190

actioninitControllers\MainController.php:195

actionadmin_headControllers\MainController.php:717

actionadmin_noticesControllers\MainController.php:728

actionadmin_headControllers\MainController.php:778

actionadmin_noticesControllers\MainController.php:797

actionwp_headControllers\MainController.php:871

actionadmin_noticesControllers\MainController.php:1043

actionadmin_noticesControllers\MainController.php:1060

Maintenance & Trust

Expandable FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 12, 2019

PHP min version5.6

Downloads3K

Community Trust

Rating80/100

Number of ratings4

Active installs50

Alternatives

Expandable FAQ Alternatives

Show-Hide / Collapse-Expand

show-hidecollapse-expand

Save space on your pages, posts, sidebars. Hide the content before user clicks to see it. Collapse long lists, create FAQs & more.

10K 2 CVEs

BBSpoiler

bbspoiler

100

This plugin allows you to hide text under the tags [spoiler]your text[/spoiler].

4K 1 CVE

Expandable Row for Beaver Builder

expandable-row-for-beaver-builder

100

Simple Expandable Row for Beaver Builder.

900 No CVEs

Expand + Collapse Funk

expandcollapse-funk

Easily add expand and collapse functionality to any WordPress theme. No coding skills required! Beautifully simple UI. Save space with this plugin for …

900 No CVEs

Developer Profile

Expandable FAQ Developer Profile

KestutisIT

4 plugins · 6K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Expandable FAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/css/font-awesome.min.css/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/css/prettyPhoto.css/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/css/style.css/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/js/expandable-faq.js/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/js/jquery.prettyPhoto.js/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/js/jquery.validation.js/wp-content/plugins/expandable-faq/ExpandableFAQ_UI/assets/js/prettyPhoto.init.js

Script Paths

/wp-content/plugins/expandable-faq/Controllers/Front/AssetController.php

Version Parameters

expandable-faq/style.css?ver=expandable-faq/font-awesome.min.css?ver=expandable-faq/prettyPhoto.css?ver=expandable-faq/jquery.validation.js?ver=expandable-faq/expandable-faq.js?ver=expandable-faq/jquery.prettyPhoto.js?ver=expandable-faq/prettyPhoto.init.js?ver=

HTML / DOM Fingerprints

CSS Classes

expandable-faq-wrapexpandable-faq-itemexpandable-faq-titleexpandable-faq-contentexpandable-faq-search-input

HTML Comments

+16 more

Data Attributes

data-expandable-faq-iddata-expandable-faq-activedata-expandable-faq-speeddata-expandable-faq-scroll-offsetdata-expandable-faq-scroll-speed

JS Globals

expandable_faq_params

REST Endpoints

/wp-json/expandable-faq/v1/settings

Shortcode Output

[expandable_faq]

FAQ