Does HTML Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in HTML Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HTML Widget compatible with WordPress 4.8.28?

According to WordPress.org data, HTML Widget 0.1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is HTML Widget updated?

HTML Widget was last updated on Jun 30, 2017. Frequent updates are generally a positive security signal.

What is HTML Widget's security score?

HTML Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HTML Widget Security & Risk Analysis

wordpress.org/plugins/html-widget

Adds a simple HTML widget with syntax highlighting for HTML, CSS and JS.

400 active installs v0.1.0 PHP + WP 4.7+ Updated Jun 30, 2017

codemirrorhtmlwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HTML Widget Safe to Use in 2026?

Generally Safe

Score 85/100

HTML Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'html-widget' plugin, version 0.1.0, demonstrates a strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code shows a commitment to secure coding practices with 100% of SQL queries using prepared statements and a high percentage of output being properly escaped. The presence of capability checks, while limited, is also a positive indicator.

Key Concerns

Only 78% of output properly escaped
No nonce checks found

Vulnerabilities

None known

HTML Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

HTML Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

78% escaped18 total outputs

Attack Surface

HTML Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedhtml-widget.php:25

actionadmin_enqueue_scriptshtml-widget.php:28

actionwidgets_inithtml-widget.php:31

filterhtml_widget_contenthtml-widget.php:36

Maintenance & Trust

HTML Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJun 30, 2017

PHP min version

Downloads6K

Community Trust

Rating80/100

Number of ratings4

Active installs400

Alternatives

HTML Widget Alternatives

Code Widget

code-widget

Code widget help to add Short Code, PHP Code, HTML, and Simple Text in widget.

4K No CVEs

Local Time Clock

local-time-clock

Display a clock on your sidebar set automatically to your location's timezone. Select from a choice of clocks, colors and sizes.

1K No CVEs

Widget Classes

widget-classes

Widget Classes allows you to add classes to your individual widgets to be used by your theme. This is done by appending an additional form field to th …

1K No CVEs

IFrame Widget

iframe-widget

IFrame widget can display any external HTML page inside an HTML IFrame component.

600 1 unpatched

MagicPost – WordPress文章管理功能增强插件

magicpost

MagicPost（中文为魔法文章），如其名，该插件的主要目的是为WordPress的文章管理赋予更多高效，增强的功能。如定时发布管理，文章搬家，文章翻译，HTML代码清洗，下载文件管理，编辑器增强，社交分享小组件和TOC内容目录。

300 1 CVE

Developer Profile

HTML Widget Developer Profile

seothemes

8 plugins · 7K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

170 days

View full developer profile

Detection Fingerprints

How We Detect HTML Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/html-widget/assets/styles/min/styles.min.css/wp-content/plugins/html-widget/assets/scripts/min/scripts.min.js

Script Paths

/wp-content/plugins/html-widget/assets/scripts/min/scripts.min.js

HTML / DOM Fingerprints

CSS Classes

widget_htmlhtml-widget

Data Attributes

data-editor-textarea

JS Globals

CodeMirror

FAQ