WP-Safety

Lana Widgets Security & Risk Analysis

wordpress.org/plugins/lana-widgets

Bootstrap framework based widgets

60 active installs v1.4.1 PHP + WP 4.0+ Updated Jun 26, 2024
bootstrapcarousel-widgetimage-widgetthumbnail-widgetwidgets
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Lana Widgets Safe to Use in 2026?

Generally Safe

Score 92/100

Lana Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "lana-widgets" plugin version 1.4.1 presents a generally good security posture, primarily due to its lack of known vulnerabilities and the absence of critical code signals in the static analysis. The plugin utilizes prepared statements for all SQL queries, employs nonce and capability checks for its AJAX handler, and has no recorded vulnerabilities or external HTTP requests, indicating a thoughtful approach to basic security practices. However, a significant concern arises from the output escaping, where only 39% of outputs are properly escaped. This leaves a considerable portion of data potentially vulnerable to cross-site scripting (XSS) attacks, especially if user-supplied data is directly rendered without sufficient sanitization. While the attack surface is minimal and appears to be protected, the high percentage of unescaped output is a notable weakness that warrants attention to prevent potential client-side exploits. The lack of any recorded vulnerabilities in its history is positive, but this does not negate the risks identified in the static analysis.

Key Concerns

  • Low percentage of properly escaped output
Vulnerabilities
None known

Lana Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Lana Widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
398
256 escaped
Nonce Checks
1
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

39% escaped654 total outputs
Attack Surface

Lana Widgets Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_lana_widgets_get_gallery_html_from_shortcodelana-widgets.php:285
WordPress Hooks 43
actionwp_enqueue_scriptsincludes\v3\class-lana-carousel-widget.php:21
actionadmin_enqueue_scriptsincludes\v3\class-lana-carousel-widget.php:22
actionadmin_enqueue_scriptsincludes\v3\class-lana-carousel-widget.php:23
actionadmin_footer-widgets.phpincludes\v3\class-lana-carousel-widget.php:25
actionadmin_print_scripts-widgets.phpincludes\v3\class-lana-carousel-widget.php:26
actionwp_enqueue_scriptsincludes\v3\class-lana-image-widget.php:20
actionwp_enqueue_scriptsincludes\v3\class-lana-image-widget.php:21
actionadmin_enqueue_scriptsincludes\v3\class-lana-image-widget.php:22
actionadmin_enqueue_scriptsincludes\v3\class-lana-image-widget.php:23
actionadmin_print_scripts-widgets.phpincludes\v3\class-lana-image-widget.php:25
actionwp_enqueue_scriptsincludes\v3\class-lana-page-content-widget.php:20
actionwp_enqueue_scriptsincludes\v3\class-lana-page-content-widget.php:21
actionadmin_enqueue_scriptsincludes\v3\class-lana-panel-widget.php:23
filtertiny_mce_before_initincludes\v3\class-lana-panel-widget.php:167
actionadmin_enqueue_scriptsincludes\v3\class-lana-text-widget.php:23
filtertiny_mce_before_initincludes\v3\class-lana-text-widget.php:122
actionadmin_enqueue_scriptsincludes\v3\class-lana-thumbnail-widget.php:20
actionadmin_enqueue_scriptsincludes\v3\class-lana-thumbnail-widget.php:21
actionadmin_print_scripts-widgets.phpincludes\v3\class-lana-thumbnail-widget.php:23
actionadmin_enqueue_scriptsincludes\v4\class-lana-carousel-widget.php:21
actionadmin_enqueue_scriptsincludes\v4\class-lana-carousel-widget.php:22
actionadmin_footer-widgets.phpincludes\v4\class-lana-carousel-widget.php:24
actionadmin_print_scripts-widgets.phpincludes\v4\class-lana-carousel-widget.php:25
actionwp_enqueue_scriptsincludes\v4\class-lana-image-widget.php:20
actionwp_enqueue_scriptsincludes\v4\class-lana-image-widget.php:21
actionadmin_enqueue_scriptsincludes\v4\class-lana-image-widget.php:22
actionadmin_enqueue_scriptsincludes\v4\class-lana-image-widget.php:23
actionadmin_print_scripts-widgets.phpincludes\v4\class-lana-image-widget.php:25
actionwp_enqueue_scriptsincludes\v4\class-lana-page-content-widget.php:20
actionwp_enqueue_scriptsincludes\v4\class-lana-page-content-widget.php:21
actionadmin_enqueue_scriptsincludes\v4\class-lana-panel-widget.php:23
filtertiny_mce_before_initincludes\v4\class-lana-panel-widget.php:163
actionadmin_enqueue_scriptsincludes\v4\class-lana-text-widget.php:23
filtertiny_mce_before_initincludes\v4\class-lana-text-widget.php:122
actionadmin_enqueue_scriptsincludes\v4\class-lana-thumbnail-widget.php:20
actionadmin_enqueue_scriptsincludes\v4\class-lana-thumbnail-widget.php:21
actionadmin_print_scripts-widgets.phpincludes\v4\class-lana-thumbnail-widget.php:23
actioninitlana-widgets.php:22
actionwp_enqueue_scriptslana-widgets.php:112
actionwp_enqueue_scriptslana-widgets.php:147
actionadmin_initlana-widgets.php:157
actionadmin_menulana-widgets.php:160
actionwidgets_initlana-widgets.php:312
Maintenance & Trust

Lana Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJun 26, 2024
PHP min version
Downloads7K

Community Trust

Rating90/100
Number of ratings2
Active installs60
Alternatives

Lana Widgets Alternatives

WP Bootstrap Widgets

WP Bootstrap Widgets

wp-bootstrap-widgets

A
85

WP Bootstrap Widgets provides configurable widgets for common Twitter Bootstrap (version 3) components. If your theme is based on Bootstrap, these wid …

50 No CVEs
Dataclermont Bootstrap Widgets

Dataclermont Bootstrap Widgets

dataclermont-bootstrap-widgets

A
100

Adds 6 fully customizable Widgets made with Bootstrap framework.

0 No CVEs
Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Developer Profile

Lana Widgets Developer Profile

Lana Codes

13 plugins · 4K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
400 days
View full developer profile
Detection Fingerprints

How We Detect Lana Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lana-widgets/assets/libs/bootstrap/v3/css/bootstrap.min.css/wp-content/plugins/lana-widgets/assets/libs/bootstrap/v4/css/bootstrap.min.css/wp-content/plugins/lana-widgets/assets/libs/popper/popper.min.js/wp-content/plugins/lana-widgets/assets/libs/bootstrap/v3/js/bootstrap.min.js/wp-content/plugins/lana-widgets/assets/libs/bootstrap/v4/js/bootstrap.min.js
Version Parameters
lana-widgets/assets/libs/bootstrap/v3/css/bootstrap.min.css?ver=lana-widgets/assets/libs/bootstrap/v4/css/bootstrap.min.css?ver=lana-widgets/assets/libs/popper/popper.min.js?ver=lana-widgets/assets/libs/bootstrap/v3/js/bootstrap.min.js?ver=lana-widgets/assets/libs/bootstrap/v4/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
id="lana-widgets-bootstrap-load"name="lana_widgets_bootstrap_load"id="lana-widgets-bootstrap-version"name="lana_widgets_bootstrap_version"
FAQ

Frequently Asked Questions about Lana Widgets