Does Helion Widgets Pro have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Helion Widgets Pro compatible with WordPress 4.7.32?

According to WordPress.org data, Helion Widgets Pro 1.5.7 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Helion Widgets Pro updated?

Helion Widgets Pro was last updated on Apr 24, 2019. Frequent updates are generally a positive security signal.

What is Helion Widgets Pro's security score?

Helion Widgets Pro has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Helion Widgets Pro Security & Risk Analysis

wordpress.org/plugins/helion-widgets-pro

Zainstaluj na swoim blogu widgety z książkami, umieszczaj informacje o książkach we wpisach, otwórz własną księgarnię i zarabiaj z GW Helion!

30 active installs v1.5.7 PHP + WP 3.1+ Updated Apr 24, 2019

ebookpointheliononepresssensusseptem

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Helion Widgets Pro Safe to Use in 2026?

Generally Safe

Score 85/100

Helion Widgets Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "helion-widgets-pro" plugin version 1.5.7 exhibits a concerning security posture primarily due to a lack of robust access control and output sanitization. While the static analysis reveals no dangerous functions, SQL injection risks, or critical taint analysis findings, the absence of proper authorization on an AJAX handler is a significant vulnerability. This means any unauthenticated user could potentially trigger this handler and execute its functionality, leading to unintended consequences.

The code analysis also highlights a severe lack of output escaping, with 0% of outputs being properly escaped. This opens the door to cross-site scripting (XSS) vulnerabilities, where malicious scripts could be injected into the plugin's output and executed in the context of a logged-in user's browser. The presence of an unprotected AJAX entry point further exacerbates this risk.

Fortunately, the plugin's vulnerability history is clean, with no recorded CVEs. This suggests that, to date, no publicly disclosed or critical vulnerabilities have been found. However, this clean history should not breed complacency, especially given the significant security concerns identified in the static code analysis. The plugin's strengths lie in its lack of file operations, external HTTP requests, and bundled libraries, which can sometimes introduce their own vulnerabilities. Nevertheless, the identified weaknesses in access control and output sanitization require immediate attention to prevent potential security breaches.

Key Concerns

Unprotected AJAX handler found
No output escaping on any output
No nonce checks found
No capability checks found
SQL queries not always prepared

Vulnerabilities

None known

Helion Widgets Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Helion Widgets Pro Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Helion Widgets Pro Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

343

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

18% prepared11 total queries

Output Escaping

0% escaped343 total outputs

Attack Surface

1 unprotected

Helion Widgets Pro Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_helion_book_selectorhelion-widgets.php:215

WordPress Hooks 18

actionupdate_plugin_complete_actionshelion-widgets.php:17

actionhelion_download_xmlshelion-widgets.php:167

actionhelion_download_bestsellershelion-widgets.php:168

actionhelion_import_xmlshelion-widgets.php:169

actionhelion_import_bestsellershelion-widgets.php:170

actionhelion_cron_cache_sizehelion-widgets.php:171

actionhelion_reset_cachehelion-widgets.php:172

actionadmin_inithelion-widgets.php:213

actioninithelion-widgets.php:214

actionwidgets_initwidgets\bestsellers.php:3

actionwidgets_initwidgets\book-of-the-day.php:5

actionwidgets_initwidgets\kategorie.php:6

actionwidgets_initwidgets\random-book.php:9

actionwp_print_styleswidgets\search.php:3

actionwidgets_initwidgets\search.php:10

actionwidgets_initwidgets\serie.php:4

actionwidgets_initwidgets\single-book.php:3

actionwp_print_styleswidgets\widgets.php:11

Scheduled Events 6

helion_download_xmls

helion_import_xmls

helion_download_bestsellers

helion_import_bestsellers

helion_cron_cache_size

helion_reset_cache

Maintenance & Trust

Helion Widgets Pro Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedApr 24, 2019

PHP min version

Downloads9K

Community Trust

Rating20/100

Number of ratings1

Active installs30

Alternatives

Helion Widgets Pro Alternatives

Opinionnaire® Survey analysis and Fast Forum® reports

opinionnaire-survey-analysis-report-generator

100

A tool to import and display survey answers through customized reports.

10 No CVEs

Developer Profile

Helion Widgets Pro Developer Profile

paulpela

3 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Helion Widgets Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/helion-widgets-pro/js/book_selector.js/wp-content/plugins/helion-widgets-pro/js/widget_kategorie.js

Script Paths

/wp-content/plugins/helion-widgets-pro/js/book_selector.js/wp-content/plugins/helion-widgets-pro/js/widget_kategorie.js

HTML / DOM Fingerprints

CSS Classes

helion_ksiazkahelion-boxhelion-cena

Data Attributes

dokoszykaokladka181x236tytulautorformatdatawydania+6 more

Shortcode Output

<div class="helion_ksiazka"><div style="float: left; width: 40%;"><a href="%dokoszyka%" rel="nofollow">%okladka181x236%</a></div><div style="float: right; width: 58%;"><h2><a href="%dokoszyka%" rel="nofollow">%tytul%</a></h2><p>autor: %autor%</p><p>format: %format%</p><p>data wydania: %datawydania%</p><div class="helion-box"><div class="helion-cena">%cena% zł</div><a href="%dokoszyka%" rel="nofollow">kup teraz</a></div></div><div style="clear: both;"></div><hr/><div>%opis%</div><div class="helion-box"><div class="helion-cena">%cena% zł</div><a href="%dokoszyka%" rel="nofollow">kup teraz</a></div></div>

<h2>Nowości</h2>%nowosci%<hr/><h2>Bestsellery</h2>%bestsellers%%kategoria% %paginacja%

<div class="helion_ksiazka"><div style="float: left; width: 40%;"><a href="%dokoszyka%" rel="nofollow">%okladka181x236%</a></div><div style="float: right; width: 58%;"><h2><a href="%dokoszyka%" rel="nofollow">%tytul%</a></h2><p><b>Autor:</b> %autor%</p><p><b>Format:</b> %format%</p><p><b>Data wydania:</b> %datawydania%</p><div class="helion-box"><div class="helion-cena">%cena% zł</div><a href="%dokoszyka%" rel="nofollow">kup teraz</a></div></div><div style="clear: both;"></div><hr/><div>%opis%</div><div class="helion-box"><div class="helion-cena">%cena% zł</div><a href="%dokoszyka%" rel="nofollow">kup teraz</a></div></div>

FAQ