WP-Safety

If-So Dynamic Content Personalization Security & Risk Analysis

wordpress.org/plugins/if-so

Personalize any content! Add or replace content according to the visitor's profile and interaction with the site. No coding required!

8K active installs v1.9.7 PHP + WP 4.0.1+ Updated Mar 9, 2026
conditionaldynamic-contentgeolocatargetinglocationpersonalization
96
A · Safe
CVEs total8
Unpatched0
Last CVESep 3, 2025
Plugin page Download
Safety Verdict

Is If-So Dynamic Content Personalization Safe to Use in 2026?

Generally Safe

Score 96/100

If-So Dynamic Content Personalization has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Sep 3, 2025Updated 2mo ago
Risk Assessment

The plugin "if-so" v1.9.6 exhibits a mixed security posture, with some concerning aspects despite a relatively clean recent vulnerability history. The static analysis reveals a significant attack surface, with all 13 AJAX handlers lacking authentication checks. This is a major concern as it allows any user, potentially unauthenticated, to interact with sensitive plugin functionalities. While the taint analysis shows no critical or high severity flows, the presence of one flow with unsanitized paths warrants attention, even if it didn't manifest as a severe vulnerability in the analysis.

The plugin's vulnerability history, with 8 medium severity CVEs, is a notable weakness. The common types of these vulnerabilities—Authorization Bypass, Cross-site Scripting, and Missing Authorization—directly correlate with the identified weaknesses in the static analysis, particularly the unprotected AJAX handlers and potentially the output escaping which is only 22% properly escaped. The fact that the last vulnerability was in the past and is currently unpatched suggests that while the plugin may have addressed past issues, the underlying patterns of insecurity persist. The presence of bundled outdated jQuery (v3.4.1) is also a minor concern.

In conclusion, while the absence of critical vulnerabilities and the use of prepared statements for a majority of SQL queries are positive signs, the high number of unprotected AJAX endpoints and the history of medium severity security issues, especially those related to authorization and XSS, indicate a need for significant security improvements. The low rate of proper output escaping further amplifies the risk associated with unprotected entry points.

Key Concerns

  • 13 unprotected AJAX handlers
  • Low output escaping rate (22%)
  • 8 medium severity CVEs in history
  • Flow with unsanitized paths detected
  • Bundled outdated jQuery v3.4.1
Vulnerabilities
8 published

If-So Dynamic Content Personalization Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
5 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
8

8 total CVEs

CVE-2025-58602medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

If-So Dynamic Content Personalization <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2025 Patched in 1.9.4.1 (7d)
CVE-2025-49875medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

If-So Dynamic Content Personalization <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 12, 2025 Patched in 1.9.3.2 (6d)
CVE-2024-10796medium · 4.3Authorization Bypass Through User-Controlled Key

If-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure

Nov 20, 2024 Patched in 1.9.2.2 (1d)
CVE-2024-5713medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

If-So Dynamic Content Personalization <= 1.8.0.3 - Reflected Cross-Site Scripting

Jun 22, 2024 Patched in 1.8.0.4 (49d)
CVE-2024-6070medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

If-So Dynamic Content Personalization <= 1.8.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 22, 2024 Patched in 1.8.0.4 (49d)
CVE-2024-5440medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

If-So Dynamic Content Personalization <= 1.8.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 10, 2024 Patched in 1.8.0.3 (385d)
CVE-2024-34820medium · 5.3Missing Authorization

If-So Dynamic Content Personalization <= 1.7.1 - Missing Authorization

May 9, 2024 Patched in 1.7.1.1 (7d)
CVE-2023-51492medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

If-So Dynamic Content Personalization <= 1.6.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 27, 2023 Patched in 1.7 (27d)
Version History

If-So Dynamic Content Personalization Release Timeline

v1.9.7Current
v1.9.6
v1.9.5.1
v1.9.5
v1.9.4.1
v1.9.41 CVE
CVE-2025-58602
v1.9.3.21 CVE
CVE-2025-58602
v1.9.3.12 CVEs
CVE-2025-58602 CVE-2025-49875
v1.9.32 CVEs
CVE-2025-58602 CVE-2025-49875
v1.9.2.22 CVEs
CVE-2025-58602 CVE-2025-49875
v1.9.2.13 CVEs
CVE-2024-10796 CVE-2025-58602 CVE-2025-49875
v1.9.23 CVEs
CVE-2024-10796 CVE-2025-58602 CVE-2025-49875
v1.9.13 CVEs
CVE-2024-10796 CVE-2025-58602 CVE-2025-49875
v1.93 CVEs
CVE-2024-10796 CVE-2025-58602 CVE-2025-49875
v1.8.13 CVEs
CVE-2024-10796 CVE-2025-58602 CVE-2025-49875
v1.8.0.43 CVEs
CVE-2024-10796 CVE-2025-58602 CVE-2025-49875
v1.8.0.35 CVEs
CVE-2024-5713 CVE-2024-10796 CVE-2025-58602 +2 more
v1.8.0.26 CVEs
CVE-2024-5713 CVE-2024-10796 CVE-2025-58602 +3 more
v1.8.0.16 CVEs
CVE-2024-5713 CVE-2024-10796 CVE-2025-58602 +3 more
v1.86 CVEs
CVE-2024-5713 CVE-2024-10796 CVE-2025-58602 +3 more
Code Analysis
Analyzed Mar 16, 2026

If-So Dynamic Content Personalization Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
8 prepared
Unescaped Output
231
65 escaped
Nonce Checks
18
Capability Checks
21
File Operations
1
External Requests
6
Bundled Libraries
1

Bundled Libraries

jQuery3.4.1

SQL Query Safety

42% prepared19 total queries

Output Escaping

22% escaped296 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

16 flows1 with unsanitized paths
edd_ifso_admin_notices (admin\class-if-so-settings.php:143)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

If-So Dynamic Content Personalization Attack Surface

Entry Points26
Unprotected13

AJAX Handlers 13

authwp_ajax_load_tinymce_repeaterincludes\class-if-so.php:288
authwp_ajax_ifso_analytics_reqincludes\class-if-so.php:289
authwp_ajax_trigger_export_reqincludes\class-if-so.php:290
authwp_ajax_trigger_scan_reqincludes\class-if-so.php:291
authwp_ajax_ifso_groups_reqincludes\class-if-so.php:292
authwp_ajax_send_test_mailincludes\class-if-so.php:294
authwp_ajax_render_preview_contentincludes\class-if-so.php:295
authwp_ajax_get_license_messageincludes\class-if-so.php:303
authwp_ajax_ifso_add_page_visitincludes\class-if-so.php:375
noprivwp_ajax_ifso_add_page_visitincludes\class-if-so.php:376
noprivwp_ajax_ifso_analytics_reqincludes\class-if-so.php:377
authwp_ajax_render_ifso_shortcodesincludes\class-if-so.php:379
noprivwp_ajax_render_ifso_shortcodesincludes\class-if-so.php:380

Shortcodes 13

[ifsoDKI] extensions\ifso-extended-shortcodes\extended-shortcodes.php:47
[ifso_conversion] extensions\ifso-extended-shortcodes\extended-shortcodes.php:263
[ifso_user_details] extensions\ifso-extended-shortcodes\extended-shortcodes.php:293
[ifso_login_link] extensions\ifso-extended-shortcodes\extended-shortcodes.php:326
[ifso-show-post] extensions\ifso-extended-shortcodes\extended-shortcodes.php:346
[ifso-audience] extensions\ifso-extended-shortcodes\extended-shortcodes.php:391
[ifso-add-cookie] extensions\ifso-extended-shortcodes\extended-shortcodes.php:427
[ifso-remove-cookie] extensions\ifso-extended-shortcodes\extended-shortcodes.php:441
[ifso-redirect] extensions\ifso-extended-shortcodes\extended-shortcodes.php:451
[ifso-GA4-event] extensions\ifso-extended-shortcodes\extended-shortcodes.php:483
[ifso_hide_site_content] extensions\ifso-extended-shortcodes\extended-shortcodes.php:492
[ifso] includes\class-if-so.php:395
[ifso_condition] includes\class-if-so.php:397
WordPress Hooks 95
filterwpseo_metabox_prioadmin\class-if-so-settings.php:351
actionifso_custom_conditions_ui_selectorextensions\extension-base\conditions-extension-initializer-base.class.php:18
actionifso_custom_conditions_ui_data_inputsextensions\extension-base\conditions-extension-initializer-base.class.php:19
actionifso_extra_extended_shortcodesextensions\extension-base\conditions-extension-initializer-base.class.php:20
filterifso_data_rules_model_filterextensions\extension-base\conditions-extension-initializer-base.class.php:24
filterifso_data_rules_ui_model_filterextensions\extension-base\conditions-extension-initializer-base.class.php:25
filterifso_triggers_list_filterextensions\extension-base\conditions-extension-initializer-base.class.php:26
filterifso_custom_conditions_new_rule_data_extensionextensions\extension-base\conditions-extension-initializer-base.class.php:27
filterifso_custom_conditions_expand_data_reset_by_selectorextensions\extension-base\conditions-extension-initializer-base.class.php:28
actionifso_extra_settings_display_uiextensions\extension-base\extension-settings-base.class.php:11
actionifso_extra_settings_display_ui_geolocationextensions\extension-base\extension-settings-base.class.php:13
filterifso_extra_settings_optionsextensions\extension-base\extension-settings-base.class.php:14
actionelementor/widgets/widgets_registeredextensions\ifso-elementor-element\ifso-elementor-support.php:32
actionelementor/widgets/registerextensions\ifso-elementor-element\ifso-elementor-support.php:34
actionelementor/editor/before_enqueue_scriptsextensions\ifso-elementor-element\ifso-elementor-support.php:36
actionelementor/editor/before_enqueue_stylesextensions\ifso-elementor-element\ifso-elementor-support.php:37
actionelementor/preview/enqueue_stylesextensions\ifso-elementor-element\ifso-elementor-support.php:38
actionelementor/element/column/section_advanced/after_section_endextensions\ifso-elementor-element\ifso-elementor-support.php:41
actionelementor/element/section/section_advanced/after_section_endextensions\ifso-elementor-element\ifso-elementor-support.php:42
actionelementor/element/common/_section_style/after_section_endextensions\ifso-elementor-element\ifso-elementor-support.php:43
actionelementor/element/popup/section_advanced/after_section_endextensions\ifso-elementor-element\ifso-elementor-support.php:44
actionwp_footerextensions\ifso-extended-shortcodes\extended-shortcodes.php:503
actionadmin_initincludes\class-if-so.php:156
actionplugins_loadedincludes\class-if-so.php:223
actionadmin_initincludes\class-if-so.php:262
actioninitincludes\class-if-so.php:269
actionadmin_enqueue_scriptsincludes\class-if-so.php:271
actionadmin_enqueue_scriptsincludes\class-if-so.php:272
actioninitincludes\class-if-so.php:273
actionin_admin_headerincludes\class-if-so.php:274
actionadmin_menuincludes\class-if-so.php:276
filtermanage_ifso_triggers_posts_columnsincludes\class-if-so.php:278
actionmanage_ifso_triggers_posts_custom_columnincludes\class-if-so.php:279
actionadd_meta_boxes_ifso_triggersincludes\class-if-so.php:281
actionsave_post_ifso_triggersincludes\class-if-so.php:282
filterwpseo_metabox_prioincludes\class-if-so.php:283
filtertemplate_includeincludes\class-if-so.php:285
actionadmin_initincludes\class-if-so.php:299
actionadmin_initincludes\class-if-so.php:300
actionadmin_initincludes\class-if-so.php:301
actionadmin_initincludes\class-if-so.php:302
actionifso_license_data_value_changedincludes\class-if-so.php:304
actionadmin_initincludes\class-if-so.php:307
actionadmin_initincludes\class-if-so.php:308
actionadmin_initincludes\class-if-so.php:309
actionadmin_initincludes\class-if-so.php:312
actionadmin_noticesincludes\class-if-so.php:318
filterenter_title_hereincludes\class-if-so.php:321
filterpost_row_actionsincludes\class-if-so.php:322
filterpost_row_actionsincludes\class-if-so.php:323
actionedit_form_topincludes\class-if-so.php:324
filtertiny_mce_before_initincludes\class-if-so.php:325
actionviews_edit-ifso_triggersincludes\class-if-so.php:326
actionadmin_noticesincludes\class-if-so.php:327
actionmedia_buttonsincludes\class-if-so.php:328
filterpost_row_actionsincludes\class-if-so.php:330
filterthe_contentincludes\class-if-so.php:331
actionadmin_noticesincludes\class-if-so.php:332
actionadmin_noticesincludes\class-if-so.php:333
actionshow_pagebuilders_noticeboxincludes\class-if-so.php:334
actionet_builder_load_actionsincludes\class-if-so.php:335
actionplugin_row_metaincludes\class-if-so.php:336
actionadmin_footerincludes\class-if-so.php:337
actioninitincludes\class-if-so.php:340
actionelementor/initincludes\class-if-so.php:341
actioninitincludes\class-if-so.php:348
actionenqueue_block_editor_assetsincludes\class-if-so.php:349
actionwp_loadedincludes\class-if-so.php:350
actionwp_loadedincludes\class-if-so.php:371
actionwp_enqueue_scriptsincludes\class-if-so.php:373
actionwp_enqueue_scriptsincludes\class-if-so.php:374
actioninitincludes\class-if-so.php:382
filterrender_blockincludes\class-if-so.php:384
actioninitincludes\class-if-so.php:388
filterwpseo_sitemap_exclude_post_typeincludes\class-if-so.php:390
filterifso_shortcode_contentincludes\class-if-so.php:391
actionplugins_loadedincludes\class-if-so.php:393
filteret_builder_load_actionspublic\class-if-so-public.php:264
filterdocument_title_partspublic\class-if-so-public.php:298
filterthe_titlepublic\class-if-so-public.php:299
filterwp_nav_menu_itemspublic\class-if-so-public.php:300
filterwoocommerce_page_titlepublic\class-if-so-public.php:301
filterwoocommerce_get_breadcrumbpublic\class-if-so-public.php:302
filterwpseo_titlepublic\class-if-so-public.php:312
filterwpseo_metadescpublic\class-if-so-public.php:313
filteraioseop_titlepublic\class-if-so-public.php:314
filterrank_math/frontend/titlepublic\class-if-so-public.php:315
filterrank_math/frontend/descriptionpublic\class-if-so-public.php:316
filtercmplz_user_consenttypepublic\helpers\ifso-helpers.php:111
actionplugins_loadedpublic\services\analytics-service\analytics-service.class.php:48
filterthe_contentpublic\services\triggers-service\filters\impl\auto-p-tag-filter.class.php:55
filterthe_excerptpublic\services\triggers-service\filters\impl\auto-p-tag-filter.class.php:60
filterthe_contentpublic\services\triggers-service\filters\impl\auto-p-tag-filter.class.php:65
filterthe_contentpublic\services\triggers-service\filters\impl\rich-snippet-filter.class.php:24
actionplugins_loadedservices\plugin-settings-service\plugin-settings-service.class.php:121
Maintenance & Trust

If-So Dynamic Content Personalization Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version
Downloads299K

Community Trust

Rating94/100
Number of ratings92
Active installs8K
Alternatives

If-So Dynamic Content Personalization Alternatives

Swaptify

Swaptify

swaptify

A
100

Cost-effective website personalization for perfected user experience and dramatically more conversions.

0 No CVEs
If-So Conditional Content for Elementor

If-So Conditional Content for Elementor

if-so-conditional-elementor-elements

A
100

Conditional Logic for Elementor. No setup or coding required. Fully compatible with any caching solution.

1K No CVEs
NEEED – Dynamic Websites

NEEED – Dynamic Websites

neeed-dynamic-websites

A
85

NEEED helps you to individually communicate with your visitors. Show dynamic content based on the situation, history and behavior of each visitor.

20 No CVEs
Conditional Content by Crowd Favorite

Conditional Content by Crowd Favorite

conditional-content-cf-lite

A
85

Custom personalization matters! Conditional Content is designed to integrate seamlessly with your editing experience!

10 No CVEs
DXP ToolKit

DXP ToolKit

dxp-toolkit

A
100

Boost conversions by engaging your audience with DXP ToolKit's no-code personalization for digital experiences!

10 No CVEs
Developer Profile

If-So Dynamic Content Personalization Developer Profile

If-So Dynamic Content

3 plugins · 10K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
66 days
View full developer profile
Detection Fingerprints

How We Detect If-So Dynamic Content Personalization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/if-so/admin/css/bootstrap.min.css/wp-content/plugins/if-so/admin/css/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/if-so/admin/css/modalStyle.css/wp-content/plugins/if-so/admin/css/if-so-admin.css/wp-content/plugins/if-so/admin/css/jquery-ui.min.css/wp-content/plugins/if-so/admin/css/jquery.ifsoDateTime.css/wp-content/plugins/if-so/admin/css/if-so-geo.css/wp-content/plugins/if-so/admin/css/if-so-settings.css+16 more
Script Paths
/wp-content/plugins/if-so/admin/js/if-so-admin.js/wp-content/plugins/if-so/admin/js/if-so-settings.js/wp-content/plugins/if-so/admin/js/if-so-license.js/wp-content/plugins/if-so/admin/js/if-so-dki.js/wp-content/plugins/if-so/admin/js/if-so-geo.js/wp-content/plugins/if-so/admin/js/if-so-custom-conditions.js+8 more
Version Parameters
ver=if-so/admin/css/bootstrap.min.css?ver=if-so/admin/css/font-awesome-4.7.0/css/font-awesome.min.css?ver=if-so/admin/css/modalStyle.css?ver=if-so/admin/css/if-so-admin.css?ver=if-so/admin/css/jquery-ui.min.css?ver=if-so/admin/css/jquery.ifsoDateTime.css?ver=if-so/admin/css/if-so-geo.css?ver=if-so/admin/css/if-so-settings.css?ver=if-so/admin/css/if-so-license.css?ver=if-so/admin/css/if-so-dki.css?ver=if-so/admin/js/if-so-admin.js?ver=if-so/admin/js/if-so-settings.js?ver=if-so/admin/js/if-so-license.js?ver=if-so/admin/js/if-so-dki.js?ver=if-so/admin/js/if-so-geo.js?ver=if-so/admin/js/if-so-custom-conditions.js?ver=if-so/admin/js/if-so-conditions-builder.js?ver=if-so/admin/js/if-so-edit-post.js?ver=if-so/admin/js/if-so-triggers.js?ver=if-so/admin/js/if-so-editor.js?ver=if-so/admin/js/if-so-editor-element.js?ver=if-so/admin/js/if-so-editor-media.js?ver=if-so/admin/js/if-so-tinymce.js?ver=if-so/public/js/if-so.js?ver=

HTML / DOM Fingerprints

CSS Classes
if-so-trigger-settingsif-so-shortcode-displayifso_triggers_metaboxifso_shortcode_displayifso-field-labelifso-conditions-builderifso-condition-rowifso-condition-select+17 more
HTML Comments
collision fix with other pluginsIncludes all the JS files in the admin areaIncludes all the JS files for the public-facing side of the siteThis is the editor for the condition+2 more
Data Attributes
data-ifso-condition-iddata-ifso-condition-typedata-ifso-condition-valuedata-ifso-preview-modedata-ifso-selected-elementdata-ifso-editor-mode+4 more
JS Globals
ifSoAdminifSoSettingsifSoLicenseifSoDKIifSoGeoifSoCustomConditions+8 more
REST Endpoints
/wp-json/if-so/v1/triggers/wp-json/if-so/v1/conditions/wp-json/if-so/v1/content/wp-json/if-so/v1/settings/wp-json/if-so/v1/geo/locations/wp-json/if-so/v1/dki
Shortcode Output
[ifsodo_shortcode('[ifso
FAQ

Frequently Asked Questions about If-So Dynamic Content Personalization