Does Last Year Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Last Year Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Last Year Widget compatible with WordPress 3.4.2?

According to WordPress.org data, Last Year Widget 4.2 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Last Year Widget updated?

Last Year Widget was last updated on Aug 10, 2012. Frequent updates are generally a positive security signal.

What is Last Year Widget's security score?

Last Year Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Last Year Widget Security & Risk Analysis

wordpress.org/plugins/last-year-widget

A plugin to add a sidebar widget that presents a list of posts from "this Day/Week/Month" last year.

10 active installs v4.2 PHP + WP 2.2+ Updated Aug 10, 2012

archivewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Last Year Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Last Year Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "last-year-widget" plugin v4.2 exhibits a generally positive security posture based on the provided static analysis. There are no identified vulnerabilities in its history and the static analysis reveals no critical code signals like dangerous functions, raw SQL queries, or file operations. Furthermore, the absence of flows with unsanitized paths in the taint analysis suggests careful handling of potentially sensitive data.

However, a significant concern arises from the complete lack of output escaping. With 8 total outputs and 0% properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts through the plugin's output, leading to session hijacking or other harmful actions. The absence of nonce checks and capability checks, while not explicitly tied to an attack surface in this analysis, also indicates a lack of defense-in-depth mechanisms that could mitigate potential exploitation if other vulnerabilities were present or introduced in future versions.

In conclusion, while the plugin's clean vulnerability history and lack of certain dangerous code patterns are strengths, the critical issue of unescaped output creates a tangible and significant security risk that needs immediate attention. The plugin lacks basic security hygiene regarding output sanitization, which is a fundamental aspect of web application security.

Key Concerns

No output escaping

Vulnerabilities

None known

Last Year Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Last Year Widget Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped8 total outputs

Attack Surface

Last Year Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionplugins_loadedlast_year_widget.php:174

Maintenance & Trust

Last Year Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedAug 10, 2012

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Last Year Widget Alternatives

Elementor Custom Skin

ele-custom-skin

Create new skins for Elementor PRO 3.x page builder. Design your own skins for Post and Post Archive Widgets using Elementor Loop Templates.

100K No CVEs

Collapsing Archives

collapsing-archives

This plugin uses Javascript to dynamically expand or collapse the set of months for each year and posts for each month in the archive listing of your …

3K 1 CVE

Sitekit

sitekit

Widgets: search, archives and categories. Shortcodes: archives, bloginfo, iframe and categories.

3K 1 unpatched

Compact Archives

compact-archives

Displays a smart monthly archive of posts in a more compact form rather than the default long archive widget.

2K 1 CVE

Expanding Archives

expanding-archives

This plugin adds a new widget where you can view your old posts by expanding certain years and months.

2K No CVEs

Developer Profile

Last Year Widget Developer Profile

peterwsterling

4 plugins · 180 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Last Year Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/last-year-widget/icon_plus.gif/wp-content/plugins/last-year-widget/icon_minus.gif

Script Paths

javascript:ly_show_hide(

HTML / DOM Fingerprints

CSS Classes

archived-controllast_year_credit

Data Attributes

id="year-control-id="year-listname="last-periodname="yearsname="colapname="credit

JS Globals

ly_show_hide

FAQ