Does List Last Changes have any unpatched vulnerabilities?

No. All known vulnerabilities in List Last Changes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is List Last Changes compatible with WordPress 6.8.5?

According to WordPress.org data, List Last Changes 1.2.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is List Last Changes updated?

List Last Changes was last updated on Apr 25, 2025. Frequent updates are generally a positive security signal.

What is List Last Changes's security score?

List Last Changes has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

List Last Changes Security & Risk Analysis

wordpress.org/plugins/list-last-changes

Shows a list of the last changes of a WordPress site.

1K active installs v1.2.3 PHP + WP 4.6.0+ Updated Apr 25, 2025

block-editorlast-changesshortcodewidget

A · Safe

CVEs total1

Unpatched0

Last CVEApr 22, 2025

Plugin page Download

Safety Verdict

Is List Last Changes Safe to Use in 2026?

Generally Safe

Score 99/100

List Last Changes has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 22, 2025Updated 11mo ago

Risk Assessment

The plugin 'list-last-changes' v1.2.3 exhibits a mixed security posture. On the positive side, the static analysis reveals a limited attack surface with no AJAX handlers or REST API routes present. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common sources of vulnerabilities. However, a significant concern is the low percentage of properly escaped output, with only 20% of 35 identified outputs being sanitized. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities.

The vulnerability history shows a past medium-severity CVE related to improper neutralization of input during web page generation, which aligns with the output escaping concerns identified in the static analysis. While there are no currently unpatched vulnerabilities, the presence of a past XSS vulnerability coupled with the current low output escaping rate suggests a recurring weakness in input validation and output sanitization.

In conclusion, while the plugin demonstrates good practices in areas like SQL query handling and limiting its attack surface, the inadequate output escaping is a critical weakness. This, combined with past XSS-related issues, makes the plugin susceptible to XSS attacks if not addressed. The absence of nonce and capability checks on the identified shortcode is also a point of concern, as it could potentially lead to unauthorized actions or information disclosure if the shortcode is misused.

Key Concerns

Low output escaping percentage
Past medium severity XSS vulnerability
No nonce checks on shortcode
No capability checks on shortcode

Vulnerabilities

List Last Changes Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-46238medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

List Last Changes <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 22, 2025 Patched in 1.2.2 (9d)

Code Analysis

Analyzed Mar 16, 2026

List Last Changes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped35 total outputs

Attack Surface

List Last Changes Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[list_last_changes] list-last-changes.php:239

WordPress Hooks 3

actionwidgets_initlist-last-changes.php:238

actionwp_enqueue_scriptslist-last-changes.php:284

actioninitlist-last-changes.php:412

Maintenance & Trust

List Last Changes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 25, 2025

PHP min version

Downloads21K

Community Trust

Rating96/100

Number of ratings10

Active installs1K

Alternatives

List Last Changes Alternatives

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Classic Editor and Classic Widgets

classic-editor-and-classic-widgets

Disables Gutenberg editor totally everywhere and enables Classic Editor and Classic Widgets.

20K 2 CVEs

Kaya QR Code Generator

kaya-qr-code-generator

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs

Donations via PayPal

paypal-donations

100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE

Developer Profile

List Last Changes Developer Profile

rbaer

2 plugins · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect List Last Changes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

widget_list_last_changeslist_last_changes_datelist_last_changes_authorlist_last_changes_title

FAQ