Does Featured Blogs List have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Blogs List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Blogs List compatible with WordPress 2.9.2?

According to WordPress.org data, Featured Blogs List 1.1 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is Featured Blogs List updated?

Featured Blogs List was last updated on Apr 27, 2010. Frequent updates are generally a positive security signal.

What is Featured Blogs List's security score?

Featured Blogs List has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Blogs List Security & Risk Analysis

wordpress.org/plugins/featured-blogs-list

The Display specific multiple blogs on sidebar.

10 active installs v1.1 PHP + WP 2.7+ Updated Apr 27, 2010

blog-listingfeatured-blogsmultiple-blogsselect-blogspecific-blog

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Featured Blogs List Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Blogs List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The 'featured-blogs-list' v1.1 plugin exhibits a concerning security posture despite a seemingly small attack surface and no recorded vulnerabilities. The static analysis reveals a significant reliance on the deprecated and dangerous `create_function` function, which is a known source of security flaws due to its potential for arbitrary code execution. Furthermore, a very low percentage (7%) of output escaping suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, where user-supplied data could be injected and executed in a user's browser. The absence of nonce checks and capability checks on any potential entry points, while currently zero, is a critical oversight that leaves the plugin exposed should any entry points be added or discovered in the future.

While the plugin exclusively uses prepared statements for its SQL queries, which is a positive practice, this is overshadowed by the critical weaknesses identified. The lack of any recorded vulnerabilities in its history is not necessarily an indicator of strong security, but rather could imply a lack of deep security auditing or that potential vulnerabilities have not been discovered or exploited yet. The combination of a deprecated function, poor output escaping, and missing security checks on potential entry points presents a significant risk of exploitation, particularly XSS and potentially code injection. The plugin's strengths in SQL handling are insufficient to mitigate these serious weaknesses.

Key Concerns

Use of dangerous `create_function`
Low output escaping percentage (7%)
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Featured Blogs List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Featured Blogs List Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("m_widget_featured_blog");'))featured-blog.php:269

SQL Query Safety

100% prepared12 total queries

Output Escaping

7% escaped30 total outputs

Attack Surface

Featured Blogs List Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menufeatured-blog.php:181

actionwidgets_initfeatured-blog.php:269

Maintenance & Trust

Featured Blogs List Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedApr 27, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Featured Blogs List Alternatives

Advanced Posts Listing – Show Post List Easily

advanced-posts-listing

Display posts list from posts, pages or custom post types. Use Multiple designs and filters.

3K No CVEs

YD WPMU Bloglist Widget

yd-wpmu-bloglist-widget

Sidebar widget and template function to display an ordered blog list of subsites (with post count) on a page of the WordPress MU main site.

20 No CVEs

Developer Profile

Featured Blogs List Developer Profile

mamounothman

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Featured Blogs List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/featured-blogs-list/output_style.css/wp-content/plugins/featured-blogs-list/virtualpaginate.js/wp-content/plugins/featured-blogs-list/virtual_painging.css

Script Paths

/wp-content/plugins/featured-blogs-list/virtualpaginate.js

HTML / DOM Fingerprints

CSS Classes

featured_blog_itemavatarblog_infoblog_titleblog_ownerlatest_updatecss_inlcudelabel_css+2 more

HTML Comments

<!-- This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA -->