WP-Safety

Cool Author Box – For Widget and Post Content Security & Risk Analysis

wordpress.org/plugins/hm-cool-author-box-widget

Cool Author Box displays an responsive author box with social media links to your widget and post content area.

500 active installs v3.0.3 PHP 7.2+ WP 5.4+ Updated Jan 8, 2026
author-bioauthor-boxauthor-infoauthor-profileauthor-social-icons
99
A · Safe
CVEs total2
Unpatched0
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is Cool Author Box – For Widget and Post Content Safe to Use in 2026?

Generally Safe

Score 99/100

Cool Author Box – For Widget and Post Content has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 7, 2025Updated 4mo ago
Risk Assessment

The "hm-cool-author-box-widget" plugin v3.0.3 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a reasonable number of nonce and capability checks, significant concerns arise from its attack surface and output escaping. Two AJAX handlers are exposed without authentication checks, creating a direct entry point for potential unauthorized actions. Furthermore, only 51% of output is properly escaped, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities in its rendering functions. The plugin's vulnerability history, including two previously disclosed medium-severity vulnerabilities related to CSRF and Missing Authorization, reinforces the concerns identified in the static analysis. Although no critical or high vulnerabilities are currently active, and the most recent vulnerability was in the past, the pattern of past issues highlights a need for continued vigilance. The presence of the Freemius v1.0 bundled library also warrants consideration for potential outdated components.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
  • Bundled outdated library (Freemius v1.0)
  • Previous medium severity vulnerabilities (CSRF, Missing Auth)
Vulnerabilities
2 published

Cool Author Box – For Widget and Post Content Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-47447medium · 4.3Cross-Site Request Forgery (CSRF)

Cool Author Box <= 3.0.0 - Cross-Site Request Forgery

May 7, 2025 Patched in 3.0.1 (6d)
CVE-2025-30830medium · 5.3Missing Authorization

Cool Author Box <= 2.9.9 - Missing Authorization

Mar 27, 2025 Patched in 3.0.0 (7d)
Version History

Cool Author Box – For Widget and Post Content Release Timeline

v3.0.3Current
v3.0.2
v3.0.1
v3.0.01 CVE
CVE-2025-47447
v2.9.92 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.82 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.72 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.62 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.52 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.42 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.32 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.22 CVEs
CVE-2025-30830 CVE-2025-47447
v2.9.12 CVEs
CVE-2025-30830 CVE-2025-47447
v2.92 CVEs
CVE-2025-30830 CVE-2025-47447
v2.82 CVEs
CVE-2025-30830 CVE-2025-47447
v2.72 CVEs
CVE-2025-30830 CVE-2025-47447
v2.62 CVEs
CVE-2025-30830 CVE-2025-47447
v2.52 CVEs
CVE-2025-30830 CVE-2025-47447
v2.42 CVEs
CVE-2025-30830 CVE-2025-47447
v2.32 CVEs
CVE-2025-30830 CVE-2025-47447
Code Analysis
Analyzed Mar 16, 2026

Cool Author Box – For Widget and Post Content Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
57
60 escaped
Nonce Checks
6
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared2 total queries

Output Escaping

51% escaped117 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<post-layout> (admin\view\post-layout.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Cool Author Box – For Widget and Post Content Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_hmcabw_get_imageinc\cls-hmcab-master.php:52
noprivwp_ajax_hmcabw_get_imageinc\cls-hmcab-master.php:53

Shortcodes 1

[hm_cool_author_box] front\cls-hmcab-front.php:79
WordPress Hooks 14
filterthe_contentfront\cls-hmcab-front.php:63
filterplugin_row_metahm-cool-author-box-widget.php:56
actionafter_uninstallhm-cool-author-box-widget.php:76
actionwidgets_inithm-cool-author-box-widget.php:82
actioninitinc\cls-hmcab-master.php:22
actionwidgets_initinc\cls-hmcab-master.php:43
actionadmin_menuinc\cls-hmcab-master.php:50
actionadmin_enqueue_scriptsinc\cls-hmcab-master.php:51
actionedit_user_profileinc\cls-hmcab-master.php:55
actionshow_user_profileinc\cls-hmcab-master.php:61
actionpersonal_options_updateinc\cls-hmcab-master.php:68
actionedit_user_profile_updateinc\cls-hmcab-master.php:69
actionwp_enqueue_scriptsinc\cls-hmcab-master.php:74
filterthe_contentinc\cls-hmcab-master.php:75
Maintenance & Trust

Cool Author Box – For Widget and Post Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedJan 8, 2026
PHP min version7.2
Downloads13K

Community Trust

Rating100/100
Number of ratings2
Active installs500
Alternatives

Cool Author Box – For Widget and Post Content Alternatives

Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Smart Author Box Widget

Smart Author Box Widget

smart-author-box-widget

A
92

Smart Author Box Widget displays author bio box with an image, description, and social links—perfect for multi-author blogs and personal sites.

70 No CVEs
Magic Author Box

Magic Author Box

magic-author-box

A
100

Display responsive customized author box with social icons on posts. Fully customizable templates for each author with separate UI design.

0 No CVEs
Author Box WP Lens

Author Box WP Lens

author-box-for-divi

A
100

A plugin which provides an author box for your WordPress blog. Originally known as "Author Box for Divi."

1K No CVEs
Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

authorsy

A
98

Authorsy is a powerful WordPress author box plugin. Add customizable author profiles, multiple authors, guest authors, bios, social links, and post ra &hellip;

1K 2 CVEs
Developer Profile

Cool Author Box – For Widget and Post Content Developer Profile

Hossni Mubarak

14 plugins · 8K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
136 days
View full developer profile
Detection Fingerprints

How We Detect Cool Author Box – For Widget and Post Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hm-cool-author-box-widget/assets/css/fontawesome/css/all.min.css/wp-content/plugins/hm-cool-author-box-widget/assets/css/hmcab--admin.css/wp-content/plugins/hm-cool-author-box-widget/assets/js/hmcab--admin.js
Script Paths
/wp-content/plugins/hm-cool-author-box-widget/assets/css/fontawesome/css/all.min.css/wp-content/plugins/hm-cool-author-box-widget/assets/css/hmcab--admin.css/wp-content/plugins/hm-cool-author-box-widget/assets/js/hmcab--admin.js
Version Parameters
hm-cool-author-box-widget/assets/css/fontawesome/css/all.min.css?ver=hm-cool-author-box-widget/assets/css/hmcab--admin.css?ver=hm-cool-author-box-widget/assets/js/hmcab--admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
hmcab-author-box-containerhmcab-social-icons
HTML Comments
<!-- Cool Author Box Widget -->
Data Attributes
data-hmcab-settings
JS Globals
HMCABW_PATHHMCABW_ASSETSHMCABW_LANGHMCABW_SLUGHMCABW_PREFIXHMCABW_CLASSPREFIX+2 more
Shortcode Output
[hm_cool_author_box]
FAQ

Frequently Asked Questions about Cool Author Box – For Widget and Post Content