Does listicle have any unpatched vulnerabilities?

No. All known vulnerabilities in listicle have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is listicle compatible with WordPress 3.5.2?

According to WordPress.org data, listicle 0.3 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is listicle updated?

listicle was last updated on Unknown. Frequent updates are generally a positive security signal.

What is listicle's security score?

listicle has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

listicle Security & Risk Analysis

wordpress.org/plugins/listicle

Listicle plugin, lets you create paginated lists where every item in a bulleted list generates a post

10 active installs v0.3 PHP + WP 3.0.1+ Updated Unknown

listiclelistspostseoshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is listicle Safe to Use in 2026?

Generally Safe

Score 100/100

listicle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "listicle" v0.3 plugin exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and avoids file operations and external HTTP requests, significant concerns arise from its attack surface and code signals. The presence of an unprotected AJAX handler is a major vulnerability, allowing unauthenticated users to potentially exploit the plugin. Furthermore, the use of the `unserialize` function without proper sanitization or validation presents a critical risk of arbitrary object injection, as indicated by the taint analysis.

The plugin's vulnerability history is currently clean, with no known CVEs. This, combined with the absence of recorded common vulnerability types, suggests it has not been a target or that past versions have been robust. However, this historical cleanliness should not overshadow the critical risks identified in the current code analysis. The lack of nonce and capability checks on the AJAX handler and the dangerous `unserialize` function are substantial security weaknesses that require immediate attention, regardless of past vulnerability records.

In conclusion, while the "listicle" plugin has some strengths, particularly in its avoidance of external dependencies and secure SQL practices, the presence of an unprotected AJAX endpoint and the use of the insecure `unserialize` function create a significant risk profile. These issues need to be addressed to improve the plugin's overall security. The potential for arbitrary object injection via `unserialize` is particularly alarming and should be prioritized.

Key Concerns

Unprotected AJAX handler
Use of unserialize without proper checks
High severity taint flow
Low percentage of properly escaped output
No nonce checks on entry points
Limited capability checks

Vulnerabilities

None known

listicle Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

listicle Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$listicle_options = unserialize(get_option('listicle_options'));listease.php:203

SQL Query Safety

100% prepared7 total queries

Output Escaping

28% escaped25 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<listease> (listease.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

listicle Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_listicle_tease_statuslistease.php:7

Shortcodes 1

[listicle] listicle.php:628

WordPress Hooks 10

actionadmin_menulistease.php:51

actioninitlisticle.php:16

actionadmin_initlisticle.php:78

actionsave_postlisticle.php:79

filterpost_updated_messageslisticle.php:267

actioninitlisticle.php:291

filterthe_contentlisticle.php:794

filternext_post_linklisticle.php:834

filterprevious_post_linklisticle.php:835

actionwp_enqueue_scriptslisticle.php:847

Maintenance & Trust

listicle Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedUnknown

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings6

Active installs10

Alternatives

listicle Alternatives

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A comprehensive collection of visual components for your site

400K 35 CVEs

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K 8 CVEs

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs

WP Show Posts

wp-show-posts

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs

Contextual Related Posts

contextual-related-posts

Keep visitors on your site longer with intelligent, fast-loading, contextually related posts. Block, shortcode, custom post type and widget ready.

60K 8 CVEs

Developer Profile

listicle Developer Profile

alxgrlk

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect listicle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

[listicle][/listicle]

FAQ