Does Listo have any unpatched vulnerabilities?

No. All known vulnerabilities in Listo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Listo compatible with WordPress 6.7.5?

According to WordPress.org data, Listo 1.9 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Listo compatible with PHP 7.4+?

Listo requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Listo updated?

Listo was last updated on Nov 27, 2024. Frequent updates are generally a positive security signal.

What is Listo's security score?

Listo has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Listo Security & Risk Analysis

wordpress.org/plugins/listo

Listo supplies commonly used lists.

8K active installs v1.9 PHP 7.4+ WP 6.6+ Updated Nov 27, 2024

countriescurrenciesliststatessubdivisions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Listo Safe to Use in 2026?

Generally Safe

Score 92/100

Listo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "listo" v1.9 plugin exhibits a generally positive security posture, with no critical or high-severity issues identified in its code analysis or historical vulnerability data. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring proper output escaping for all outputs. The absence of file operations and external HTTP requests also reduces potential attack vectors. However, a significant concern is the presence of an unprotected REST API route, which represents a direct entry point into the application that could be exploited if not properly secured by the application layer. The lack of nonce checks and capability checks on its entry points is a notable weakness. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a commitment to security or perhaps a limited attack surface. Despite the lack of known CVEs, the unprotected REST API route demands careful attention and mitigation to ensure the plugin's overall security.

Key Concerns

REST API route without permission callback
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Listo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Listo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped9 total outputs

Attack Surface

1 unprotected

Listo Attack Surface

Entry Points2

Unprotected1

REST API Routes 1

GET/wp-json/listo/v1/(?P<type>[a-z0-9_-]+)rest-api.php:6

Shortcodes 1

[datalist] datalist.php:31

WordPress Hooks 1

actionrest_api_initrest-api.php:3

Maintenance & Trust

Listo Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 27, 2024

PHP min version7.4

Downloads129K

Community Trust

Rating96/100

Number of ratings12

Active installs8K

Alternatives

Listo Alternatives

WP Country

wp-country

Provides WP_Country PHP class to get countries list as an array and dropdown country select for use in other plugins and themes.

100 No CVEs

EDD Persian CS

edd-persian-cs

This plugin will show the countries and states of Iran to Persian Language in edd plugin.

10 No CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs

WP Sitemap Page

wp-sitemap-page

100

Add a sitemap on any of your page using the simple shortcode [wp_sitemap_page]. Improve the SEO and navigation of your website.

300K 1 CVE

Developer Profile

Listo Developer Profile

Rock Lobster Inc.

6 plugins · 11.1M total installs

trust score

Avg Security Score

94/100

Avg Patch Time

1303 days

View full developer profile

Detection Fingerprints

How We Detect Listo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

id="listo-telephone-country-codes"

REST Endpoints

/listo/v1/

Shortcode Output

<datalist<option value="

FAQ