Does Gabfire Widget Pack have any unpatched vulnerabilities?

No. All known vulnerabilities in Gabfire Widget Pack have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gabfire Widget Pack compatible with WordPress 5.6.17?

According to WordPress.org data, Gabfire Widget Pack 1.4.14 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Gabfire Widget Pack updated?

Gabfire Widget Pack was last updated on Feb 15, 2021. Frequent updates are generally a positive security signal.

What is Gabfire Widget Pack's security score?

Gabfire Widget Pack has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gabfire Widget Pack Security & Risk Analysis

wordpress.org/plugins/gabfire-widget-pack

The Gabfire Widget Pack contains over a dozen useful widgets to extend your WordPress site. It is a free plugin that will work with ANY theme.

700 active installs v1.4.14 PHP + WP 5.1+ Updated Feb 15, 2021

about-usauthor-badgepost-tabsrelated-poststext-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gabfire Widget Pack Safe to Use in 2026?

Generally Safe

Score 85/100

Gabfire Widget Pack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The gabfire-widget-pack plugin v1.4.14 exhibits a generally strong security posture based on the provided static analysis. The absence of identified dangerous functions, the exclusive use of prepared statements for all SQL queries, and the lack of critical or high severity taint flows are all positive indicators. Furthermore, the vulnerability history shows no known CVEs, suggesting a history of stable and secure development.

However, there are areas for concern. A significant portion (60%) of output is not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if the unescaped data originates from untrusted user input. The plugin also lacks nonce checks and capability checks for its entry points, which, while currently limited in number, represent potential vulnerabilities if the attack surface were to expand or if specific entry points are unknowingly exposed. The presence of file operations without further context is also a minor concern, as insecure file handling can lead to various security issues.

Overall, the plugin benefits from secure data handling for database interactions and a clean vulnerability history. The primary weakness lies in the output escaping, which requires immediate attention to mitigate potential XSS risks. The absence of robust authentication and authorization checks on entry points, combined with the unescaped output, creates a notable risk profile that needs to be addressed for a truly secure plugin.

Key Concerns

Significant unescaped output found
Missing nonce checks
Missing capability checks
File operations present without context

Vulnerabilities

None known

Gabfire Widget Pack Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gabfire Widget Pack Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

601

402 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

40% escaped1003 total outputs

Attack Surface

Gabfire Widget Pack Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionafter_setup_themeadmin\options.php:7

actionadmin_initadmin\options.php:15

actionadmin_menuadmin\options.php:16

actionadmin_enqueue_scriptsadmin\options.php:430

actionadmin_print_footer_scriptsadmin\options.php:434

actionwidgets_initdeprecated\widget-feedburner.php:152

actionwidgets_initdeprecated\widget-flickr.php:170

actionwidgets_initdeprecated\widget-recent-tweets.php:241

actionwp_footerdeprecated\widget-shareitems.php:47

actionwp_footerdeprecated\widget-shareitems.php:51

actionwp_footerdeprecated\widget-shareitems.php:56

actionwp_footerdeprecated\widget-shareitems.php:61

actionwp_footerdeprecated\widget-shareitems.php:70

actionwp_footerdeprecated\widget-shareitems.php:75

actionwp_footerdeprecated\widget-shareitems.php:80

actionwp_footerdeprecated\widget-shareitems.php:85

actionwidgets_initdeprecated\widget-shareitems.php:316

actionwidgets_initdeprecated\widget-social.php:230

actionafter_setup_themegabfire-widgets.php:42

actionwp_enqueue_scriptsgabfire-widgets.php:47

actionadmin_head-widgets.phpgabfire-widgets.php:55

actionwidgets_initwidget-about.php:110

actionwidgets_initwidget-address.php:102

actionwidgets_initwidget-ajaxtabs.php:315

actionwidgets_initwidget-archive.php:129

filteruser_contactmethodswidget-authorbadge.php:21

actionwidgets_initwidget-authorbadge.php:154

actionwidgets_initwidget-customquery.php:317

actionwidgets_initwidget-instagram.php:175

actionwidgets_initwidget-pop-rand-rcnt.php:179

actionwidgets_initwidget-relatedposts.php:125

actionwidgets_initwidget-search.php:102

actionwidgets_initwidget-search.php:107

actionwidgets_initwidget-simple-ad.php:91

actionwidgets_initwidget-text.php:125

actionwidgets_initwidget-videos.php:144

Maintenance & Trust

Gabfire Widget Pack Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedFeb 15, 2021

PHP min version

Downloads96K

Community Trust

Rating88/100

Number of ratings13

Active installs700

Alternatives

Gabfire Widget Pack Alternatives

Inline Related Posts

intelly-related-posts

Inline Related Posts AUTOMATICALLY inserts related posts INSIDE your content, capturing immediately the reader's attention.

100K 7 CVEs

VK All in One Expansion Unit

vk-all-in-one-expansion-unit

This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.

100K 10 CVEs

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K 8 CVEs

Contextual Related Posts

contextual-related-posts

Keep visitors on your site longer with intelligent, fast-loading, contextually related posts. Block, shortcode, custom post type and widget ready.

60K 7 CVEs

Gabfire Widget Pack Developer Profile

Gabfire

3 plugins · 810 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gabfire Widget Pack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gabfire-widget-pack/css/style.css/wp-content/plugins/gabfire-widget-pack/admin/widgetspage_style.css

Version Parameters

gabfire-widget-pack/css/style.css?ver=gabfire-widget-pack/admin/widgetspage_style.css?ver=

HTML / DOM Fingerprints

HTML Comments

Copyright 2013 Gabfire (email : info@gabfire.com)This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 2, aspublished by the Free Software Foundation.+20 more

Data Attributes

gab_options

JS Globals

GABFIRE_WIDGETS_VERSIONGABFIRE_WIDGETS_DIRGABFIRE_WIDGETS_URL

FAQ