Does List Children have any unpatched vulnerabilities?

No. All known vulnerabilities in List Children have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is List Children compatible with WordPress 6.4.8?

According to WordPress.org data, List Children 2.2.0 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is List Children compatible with PHP 8.0+?

List Children requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is List Children updated?

List Children was last updated on Apr 29, 2025. Frequent updates are generally a positive security signal.

What is List Children's security score?

List Children has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

List Children Security & Risk Analysis

wordpress.org/plugins/list-children

Use an HTML comment to list links of the current page's children or siblings.

100 active installs v2.2.0 PHP 8.0+ WP 5.3+ Updated Apr 29, 2025

list-pagesnagivationpermalinkssubnavigation

A · Safe

CVEs total1

Unpatched0

Last CVEApr 30, 2025

Download

Safety Verdict

Is List Children Safe to Use in 2026?

Generally Safe

Score 99/100

List Children has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 30, 2025Updated 11mo ago

Risk Assessment

The "list-children" plugin v2.2.0 demonstrates a strong security posture in its static analysis, with no identified AJAX handlers, REST API routes, shortcodes, or cron events contributing to the attack surface. Furthermore, the code signals indicate good practices regarding dangerous functions, SQL query preparation, output escaping, file operations, and external HTTP requests. There are no taint analysis findings, suggesting a lack of obvious input sanitization vulnerabilities within the analyzed code paths.

However, the plugin has a recorded history of one medium severity Cross-Site Scripting (XSS) vulnerability, which was last patched on April 30, 2025. While this vulnerability is reported as patched and no current unpatched CVEs exist, its presence indicates a potential area of weakness that, if not rigorously maintained, could be re-introduced. The absence of nonce checks and capability checks in the static analysis, combined with zero identified entry points, is a neutral observation. It suggests the plugin may not handle user input in a way that requires these checks, but it also means these fundamental WordPress security mechanisms are not being utilized.

In conclusion, the "list-children" plugin v2.2.0 exhibits strengths in its current code quality and lack of immediate exploitable entry points. The primary concern stems from its past vulnerability history, specifically an XSS flaw. While the current version appears to have addressed this, ongoing vigilance and thorough security testing are crucial to prevent future recurrences, especially since the static analysis doesn't explicitly confirm the absence of potential for XSS in all contexts.

Key Concerns

Past medium severity XSS vulnerability

Vulnerabilities

List Children Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-4099medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Apr 30, 2025 Patched in 2.2.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

List Children Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

List Children Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

List Children Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedApr 29, 2025

PHP min version8.0

Downloads6K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

List Children Alternatives

ShortCode – Get Child List

shortcode-get-child-list

This plugin provide two shortcode. Using the shortcode you can easily generate a childpage list, and also a sitemap.

10 No CVEs

Nginx Helper

nginx-helper

100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs

No Category Base (WPML)

no-category-base-wpml

100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs

Permalink Manager Lite

permalink-manager

Permalink Manager enhances WordPress’s built-in URL system, allowing you to change the URLs of native and custom post types and taxonomies.

100K 11 CVEs

Remove Category URL – Remove 'category' base from category permalinks

remove-category-url

100

Remove Category URL strips the /category/ base from your category URLs, turning something like /category/my-category/ into simply /my-category/.

50K No CVEs

Developer Profile

List Children Developer Profile

Andy Stratton

4 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

2 days

View full developer profile

Detection Fingerprints

How We Detect List Children

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

[list_children][list_siblings]

FAQ