Does List Sub Pages have any unpatched vulnerabilities?

No. All known vulnerabilities in List Sub Pages have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is List Sub Pages compatible with WordPress 6.8.5?

According to WordPress.org data, List Sub Pages 1.0.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is List Sub Pages compatible with PHP 7.4+?

List Sub Pages requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is List Sub Pages updated?

List Sub Pages was last updated on Sep 18, 2025. Frequent updates are generally a positive security signal.

What is List Sub Pages's security score?

List Sub Pages has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

List Sub Pages Security & Risk Analysis

wordpress.org/plugins/list-sub-pages

This is a WordPress plugin for listing your subpages(childpages) for the current page which is being displayed.

400 active installs v1.0.8 PHP 7.4+ WP 3.2+ Updated Sep 18, 2025

list-subpageslist-subpages-shortcodelist-subpages-widgetsubpages

A · Safe

CVEs total1

Unpatched0

Last CVEAug 28, 2025

Download

Safety Verdict

Is List Sub Pages Safe to Use in 2026?

Generally Safe

Score 99/100

List Sub Pages has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 28, 2025Updated 6mo ago

Risk Assessment

The list-sub-pages plugin v1.0.8 exhibits a generally strong security posture based on the static analysis. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and proper output escaping for all identified outputs are significant strengths. Furthermore, the plugin has a single identified capability check, indicating an awareness of access control, and no file operations or external HTTP requests, which reduces common attack vectors. The lack of any identified taint flows further reinforces the good practices observed in the code analysis.

However, the plugin's vulnerability history presents a concern. A past medium severity Cross-Site Scripting (XSS) vulnerability, though currently patched, indicates a potential for input sanitization issues. The absence of nonce checks across its limited entry points, particularly the single shortcode, is a notable weakness. While there are no unprotected entry points or critical taint flows, the past XSS vulnerability, coupled with the missing nonce checks, suggests that input handling, especially for the shortcode, warrants careful scrutiny to prevent future issues.

In conclusion, the list-sub-pages plugin has implemented several robust security measures. The code analysis shows good practices in crucial areas like SQL and output handling. Nevertheless, the historical vulnerability and the absence of nonce checks on its shortcode are areas that could be improved to further harden its security posture and mitigate potential risks.

Key Concerns

Past medium severity XSS vulnerability
No nonce checks on shortcodes

Vulnerabilities

List Sub Pages Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-8290medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

Aug 28, 2025 Patched in 1.0.7 (54d)

Code Analysis

Analyzed Mar 16, 2026

List Sub Pages Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

100 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped100 total outputs

Attack Surface

List Sub Pages Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sub_page] plugin_list_subpages.php:123

WordPress Hooks 6

actionplugins_loadedplugin_list_subpages.php:65

actionwidgets_initplugin_list_subpages.php:66

actionadmin_enqueue_scriptsplugin_list_subpages.php:100

actionadmin_menuviews\Back-End\create_shortcode.php:3

actionadmin_enqueue_scriptsviews\Back-End\create_shortcode.php:4

filteradmin_footer_textviews\Back-End\create_shortcode.php:276

Maintenance & Trust

List Sub Pages Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 18, 2025

PHP min version7.4

Downloads12K

Community Trust

Rating80/100

Number of ratings4

Active installs400

Alternatives

List Sub Pages Alternatives

Page-list

page-list

[pagelist], [subpages], [siblings] and [pagelist_ext] shortcodes

40K 3 CVEs

CC Child Pages

cc-child-pages

Display WordPress child pages in a responsive grid or list using a shortcode, Gutenberg block or Elementor widget.

10K 2 CVEs

Auto Submenu

auto-submenu

100

Dynamic menus: Add a page to your menu and then let WordPress automatically add the child pages.

2K No CVEs

Multipage

sgr-nextpage-titles

Order your posts in subpages: multipage posts will have a table of contents linking single subpages with their titles.

900 No CVEs

Subpage Listing

subpage-listing

Allows you to display a list of the child pages of the currently viewed page.

200 No CVEs

Developer Profile

List Sub Pages Developer Profile

WeblineIndia

13 plugins · 5K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

54 days

View full developer profile

Detection Fingerprints

How We Detect List Sub Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/list-sub-pages/js/install_plugin_lsp.js

Script Paths