WP-Safety

Lightweight Accordion Security & Risk Analysis

wordpress.org/plugins/lightweight-accordion

Simple accordion for adding collapse elements to pages without affecting page load time. Includes Gutenberg block and shortcode for classic editor.

10K active installs v1.6.0 PHP 7.0+ WP 5.0+ Updated Dec 7, 2025
accordionblockblockscollapsibleperformance
96
A · Safe
CVEs total3
Unpatched0
Last CVEDec 14, 2025
Plugin page Download
Safety Verdict

Is Lightweight Accordion Safe to Use in 2026?

Generally Safe

Score 96/100

Lightweight Accordion has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 14, 2025Updated 3mo ago
Risk Assessment

The 'lightweight-accordion' plugin version 1.6.0 exhibits a mixed security posture. While the static analysis indicates good practices such as 100% prepared statement usage for SQL queries and a high percentage (91%) of properly escaped output, significant concerns remain. The absence of nonce checks and capability checks on any entry points, despite having two shortcodes, represents a notable weakness. The plugin's history is particularly alarming, with a total of three known medium-severity CVEs, all of which are related to Cross-Site Scripting (XSS). The fact that all historical vulnerabilities are now patched is a positive sign, but the recurring nature of XSS vulnerabilities suggests potential systemic issues in input sanitization or output rendering that may not have been fully addressed across all versions. Despite the lack of critical or high severity issues in the current static analysis, the historical pattern of XSS and the missing authorization checks on shortcodes warrant careful consideration and ongoing monitoring.

Key Concerns

  • No nonce checks on entry points
  • No capability checks on entry points
  • History of 3 medium XSS vulnerabilities
Vulnerabilities
3

Lightweight Accordion Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-13740medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 14, 2025 Patched in 1.6.0 (1d)
CVE-2024-2436medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 22, 2024 Patched in 1.5.17 (71d)
CVE-2023-0373medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 23, 2023 Patched in 1.5.15 (365d)
Code Analysis
Analyzed Mar 16, 2026

Lightweight Accordion Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

91% escaped11 total outputs
Attack Surface

Lightweight Accordion Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[lightweight-accordion] lightweight-accordion.php:59
[lightweight-accordion-nested] lightweight-accordion.php:60
WordPress Hooks 4
filterthe_contentlightweight-accordion.php:20
actionenqueue_block_editor_assetslightweight-accordion.php:21
actionwp_footerlightweight-accordion.php:211
actioninitlightweight-accordion.php:224
Maintenance & Trust

Lightweight Accordion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 7, 2025
PHP min version7.0
Downloads112K

Community Trust

Rating100/100
Number of ratings60
Active installs10K
Alternatives

Lightweight Accordion Alternatives

SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)

SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)

slingblocks

A
97

A minimalist Gutenberg Block Plugin that extends Gutenberg to provide page building capabilities.

6K 3 CVEs
Accordion Toggle

Accordion Toggle

accordion-toggle

A
92

Display Your FAQs & Improve User Experience with Accordion/Toggle block.

2K No CVEs
Toggles

Toggles

toggles

A
92

An easy way to hide and reveal content.

2K No CVEs
AinoBlocks Accordion Faq Block

AinoBlocks Accordion Faq Block

aino-accordion-faq-block

A
85

Create Frequently Asked Question's and Accordions with Aino's Accordion and FAQ Block.

700 No CVEs
Hot Blocks

Hot Blocks

hot-blocks

A
100

A collection of several blocks for new WordPress editor (Gutenberg).

600 No CVEs
Developer Profile

Lightweight Accordion Developer Profile

Andy Feliciotti

5 plugins · 15K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
110 days
View full developer profile
Detection Fingerprints

How We Detect Lightweight Accordion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lightweight-accordion/css/min/lightweight-accordion.min.css/wp-content/plugins/lightweight-accordion/css/min/editor-styles.min.css
Version Parameters
lightweight-accordion/css/min/lightweight-accordion.min.css?ver=lightweight-accordion/css/min/editor-styles.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
lightweight-accordionborderedlightweight-accordion-titlelightweight-accordion-bodyhas-text-colorhas-background
Data Attributes
data-context="lightweight-accordion/groupName"idopenname itemscope itemprop="mainEntity"+6 more
Shortcode Output
<div class="lightweight-accordion<details<summary class="lightweight-accordion-title"<div class="lightweight-accordion-body"
FAQ

Frequently Asked Questions about Lightweight Accordion