LJ Subpages Widget Security & Risk Analysis
wordpress.org/plugins/lj-subpages-widgetLJ Subpages Widget allows you to display a menu listing subpages from a chosen page.
Is LJ Subpages Widget Safe to Use in 2026?
Generally Safe
Score 85/100LJ Subpages Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The lj-subpages-widget plugin v1.3 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and its SQL queries are all properly prepared, indicating good practices in database interaction. The absence of an attack surface from AJAX, REST API, shortcodes, and cron events is also a strength, as it minimizes direct entry points for attackers.
However, significant concerns arise from the static code analysis. The presence of the `create_function` function is a critical security risk, as it can lead to arbitrary code execution if user-supplied data is passed to it without proper sanitization. Furthermore, the fact that 100% of output is not properly escaped is a major vulnerability. This opens the door to cross-site scripting (XSS) attacks, where malicious scripts could be injected into the website's pages, impacting users.
The lack of nonce checks and capability checks, coupled with the use of `create_function` and unescaped output, suggests a disregard for fundamental WordPress security practices. While the plugin has no historical vulnerabilities, this may be due to limited exposure or the fact that the existing vulnerabilities have not yet been exploited. The current code presents significant risks that should be addressed.
Key Concerns
- Use of create_function is a high risk
- No output escaping detected
- Missing nonce checks
- Missing capability checks
LJ Subpages Widget Security Vulnerabilities
LJ Subpages Widget Code Analysis
Dangerous Functions Found
Output Escaping
LJ Subpages Widget Attack Surface
WordPress Hooks 2
Maintenance & Trust
LJ Subpages Widget Maintenance & Trust
Maintenance Signals
Community Trust
LJ Subpages Widget Alternatives
Collapsing Pages
collapsing-pages
This plugin uses Javascript to dynamically expand or collapsable the set of pages for each parent page.
Menu Based Sidebar
menu-based-sidebar
Displays child menu items in the sidebar based on the currently selected parent menu item.
Advanced Vertical Menu
advanced-sidebar-nav
Create beautiful vertical navigation menus anywhere on your site! Features both modern block editor support and legacy widget compatibility.
Local Navigation Extended
local-navigation-extended
This simple widget uses the wp_list_pages() to output a local navigation menu.
Local Navigation Widget
local-navigation-widget
This simple widget uses the wp_list_pages() to output a local navigation menu.
LJ Subpages Widget Developer Profile
4 plugins · 1K total installs
How We Detect LJ Subpages Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/lj-subpages-widget/lj-subpages-widget.phpHTML / DOM Fingerprints
LJSubpagesWidget<!-- Start LJCustomMenuLinks Ver<!-- End LJCustomMenuLinks -->id="LJSubpagesWidget"name="LJSubpagesWidget"id="customcssforparentlink"name="customcssforparentlink"