Does JS Archive List have any unpatched vulnerabilities?

No. All known vulnerabilities in JS Archive List have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is JS Archive List compatible with WordPress 6.9.4?

According to WordPress.org data, JS Archive List 6.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is JS Archive List compatible with PHP 7.4+?

JS Archive List requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is JS Archive List updated?

JS Archive List was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is JS Archive List's security score?

JS Archive List has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

JS Archive List Security & Risk Analysis

wordpress.org/plugins/jquery-archive-list-widget

A JS widget (can be used in posts) for displaying an archive list with some effects.

3K active installs v6.2.1 PHP 7.4+ WP 4.7+ Updated Mar 2, 2026

archiveblockgutenbergjavascriptlist

A · Safe

CVEs total3

Unpatched0

Last CVEMar 6, 2026

Plugin page Download

Safety Verdict

Is JS Archive List Safe to Use in 2026?

Generally Safe

Score 93/100

JS Archive List has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 6, 2026Updated 1mo ago

Risk Assessment

The "jquery-archive-list-widget" plugin presents a mixed security picture. On the positive side, static analysis reveals no unprotected entry points, no external HTTP requests, and all SQL queries utilize prepared statements, indicating some good security practices. However, the presence of a "unserialize" function is a significant concern, especially given the plugin's vulnerability history. The plugin has a history of 3 high-severity vulnerabilities, with past issues including deserialization and SQL injection. While there are currently no unpatched CVEs, this historical pattern suggests a tendency to introduce vulnerabilities, particularly those related to data handling and potential injection flaws. The low percentage of properly escaped output also raises concerns about potential cross-site scripting (XSS) vulnerabilities, though this is not directly flagged by the taint analysis in this specific scan. The lack of nonce and capability checks on its entry points, while not exploited in this static analysis, is a weakness that could be leveraged if an attacker can control user input passed to these functions. Therefore, while the plugin has some secure coding elements, the presence of dangerous functions and a history of high-severity vulnerabilities necessitates caution.

Key Concerns

Presence of unserialize function
Only 25% of output properly escaped
3 High severity CVEs in history
0 Nonce checks on entry points
0 Capability checks on entry points

Vulnerabilities

JS Archive List Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

3 total CVEs

CVE-2026-2020high · 7.5Deserialization of Untrusted Data

JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute

Mar 6, 2026 Patched in 6.2.0 (1d)

CVE-2025-54726high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Archive List <= 6.1.5 - Unauthenticated SQL Injection

Aug 27, 2025 Patched in 6.1.6 (8d)

CVE-2025-7670high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function

Aug 18, 2025 Patched in 6.1.6 (1d)

Code Analysis

Analyzed Mar 16, 2026

JS Archive List Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$parsed = unserialize( $trimmed, [ 'allowed_classes' => false ] );classes\class-js-archive-list-settings.php:33

SQL Query Safety

100% prepared6 total queries

Output Escaping

25% escaped59 total outputs

Attack Surface

JS Archive List Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[jQueryArchiveList] classes\class-jq-archive-list-widget.php:57

[JSArchiveList] classes\class-jq-archive-list-widget.php:58

[JsArchiveList] classes\class-jq-archive-list-widget.php:59

WordPress Hooks 8

actionrest_api_initclasses\backend\class-js-archive-list-rest-endpoints.php:142

filterwidget_textclasses\class-jq-archive-list-widget.php:60

actionwp_enqueue_scriptsclasses\class-jq-archive-list-widget.php:68

actioninitclasses\class-jq-archive-list-widget.php:688

actionenqueue_block_editor_assetsclasses\class-jq-archive-list-widget.php:689

actionwidgets_initclasses\class-jq-archive-list-widget.php:690

actionwp_footerclasses\frontend\class-js-archive-list-frontend-widget.php:141

actioninitjquery-archive-list-widget.php:70

Maintenance & Trust

JS Archive List Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads119K

Community Trust

Rating96/100

Number of ratings46

Active installs3K

Alternatives

JS Archive List Alternatives

Latest Posts Block – Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

latest-posts-block-lite

100

Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

8K No CVEs

Events Block For The Events Calendar

events-block-for-the-events-calendar

100

The Events Block for The Events Calendar lets you showcase your events from The Events Calendar right within the Gutenberg pages.

2K No CVEs

JS Categories List Widget

jquery-categories-list

100

A simple Gutenberg block and JS widget (can be called from posts) for displaying categories in a list with some effects.

1K No CVEs

Post Blocks & Tools

bnm-blocks

Post grid, post list, and post slider Gutenberg blocks to design blog and magazine layouts easily.

300 1 CVE

Description List Block

description-list-block

100

Displays a description list using the dl element consist of a series of term and description pairs (dt, dd).

300 No CVEs

Developer Profile

JS Archive List Developer Profile

Miguel Useche

2 plugins · 4K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect JS Archive List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jquery-archive-list-widget/assets/css/jal.css/wp-content/plugins/jquery-archive-list-widget/assets/js/jal.js

Version Parameters

jquery-archive-list-widget/assets/css/jal.css?ver=jquery-archive-list-widget/assets/js/jal.js?ver=

HTML / DOM Fingerprints

CSS Classes

jaw_widgetwidget_jaw_widget

Data Attributes

data-accordiondata-effectdata-ex-symdata-con-sym

JS Globals

JAL_VERSIONJAL_BASE_URLJS_Archive_List_Frontend_Widget

Shortcode Output

[jQueryArchiveList][JSArchiveList][JsArchiveList]

FAQ