Extended Table of Contents (with nextpage support) Security & Risk Analysis
wordpress.org/plugins/extended-table-of-contents-with-nextpage-supportThis plugin automatically generates and inserts a table of contents (ToC) to your pages and posts, based on tags h1-h6. It can deal with nextpage-tag.
Is Extended Table of Contents (with nextpage support) Safe to Use in 2026?
Generally Safe
Score 85/100Extended Table of Contents (with nextpage support) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "extended-table-of-contents-with-nextpage-support" v1.0.0 exhibits a generally good security posture with some areas for improvement. The absence of any recorded vulnerabilities in its history is a strong positive indicator. Furthermore, the static analysis shows no dangerous functions, all SQL queries are prepared, and there are no file operations or external HTTP requests, which significantly reduces the attack surface.
However, the low percentage of properly escaped output (4%) is a notable concern. While taint analysis did not reveal critical or high severity unsanitized paths, the presence of two flows with unsanitized paths, even if not classified as critical, warrants attention. The limited number of entry points is positive, and the existing checks for nonces and capabilities are present, but the overall code quality regarding output sanitization could be a vector for Cross-Site Scripting (XSS) vulnerabilities if malicious input were to reach these unescaped outputs.
In conclusion, the plugin benefits from a clean vulnerability history and sound practices in critical areas like SQL. The primary weakness lies in output escaping, which, despite not currently leading to exploitable vulnerabilities according to the taint analysis, represents a potential risk that should be addressed.
Key Concerns
- Low percentage of properly escaped output
- Flows with unsanitized paths (2)
Extended Table of Contents (with nextpage support) Security Vulnerabilities
Extended Table of Contents (with nextpage support) Code Analysis
Output Escaping
Data Flow Analysis
Extended Table of Contents (with nextpage support) Attack Surface
Shortcodes 2
WordPress Hooks 6
Maintenance & Trust
Extended Table of Contents (with nextpage support) Maintenance & Trust
Maintenance Signals
Community Trust
Extended Table of Contents (with nextpage support) Alternatives
Table of Contents Plus
table-of-contents-plus
A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.
Rich Table of Contents
rich-table-of-content
RTOC is a table of contents generation plugin from Japan that allows anyone to easily create a table of contents. Equipped with the functions of the c …
TOP Table Of Contents
top-table-of-contents
Easily creates SEO-friendly table of contents for your blog posts and pages. Offers both Auto and Manual Insert with highly customization options.
F70 Simple Table of Contents
f70-simple-table-of-contents
Display a table of contents in your posts by automatically generated from the headings. No Javascript code, simple to use.
CC-TOC
cc-toc
This plugin automatically creates a table of contents based on html headings in content.
Extended Table of Contents (with nextpage support) Developer Profile
1 plugin · 200 total installs
How We Detect Extended Table of Contents (with nextpage support)
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/extended-table-of-contents-with-nextpage-support/admin-style.cssextended-table-of-contents-with-nextpage-support/admin-style.css?ver=HTML / DOM Fingerprints
name="heading_text"name="auto_insert_post_types"name="start"name="show_heading_text"name="show_hierarchy"name="number_list_items"+1 more[extoc][noextoc]