Does Newest Posts Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Newest Posts Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Newest Posts Widget compatible with WordPress 4.9.29?

According to WordPress.org data, Newest Posts Widget 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Newest Posts Widget updated?

Newest Posts Widget was last updated on Apr 1, 2018. Frequent updates are generally a positive security signal.

What is Newest Posts Widget's security score?

Newest Posts Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Newest Posts Widget Security & Risk Analysis

wordpress.org/plugins/newest-posts

A widget that display the new posts of your site with Thumbnail, Excerpt, Date etc options.

10 active installs v1.0 PHP + WP 3.0+ Updated Apr 1, 2018

latest-posts-widgetnew-posts-widgetpostsposts-widgetwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Newest Posts Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Newest Posts Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "newest-posts" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates a clean vulnerability history with no known CVEs and a complete absence of file operations, external HTTP requests, and external dependencies. All SQL queries are properly prepared, and there are no identified taint flows, suggesting a generally safe approach to data handling in these areas. However, significant concerns arise from the static code analysis. The presence of two instances of the `create_function` construct is a critical security flaw, as this function is deprecated and notoriously insecure, often leading to arbitrary code execution vulnerabilities. Furthermore, a very low percentage of output is properly escaped, indicating a high risk of cross-site scripting (XSS) vulnerabilities across numerous output points. The lack of any capability checks, nonce checks, or authentication checks on its zero entry points, while seemingly positive due to the lack of entry points, does not mitigate the inherent risks of insecure coding practices within the plugin's logic itself if any were to be triggered or if the attack surface were to expand in future versions.

Key Concerns

Use of create_function (dangerous function)
Low percentage of properly escaped output
No nonce checks
No capability checks

Vulnerabilities

None known

Newest Posts Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Newest Posts Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$new_excerpt_length = create_function( '$length', "return " . $instance["excerpt_length"] . ";" );newest-posts.php:82

create_functionadd_action( 'widgets_init', create_function( '', 'return register_widget("NP_Widget");' ) );newest-posts.php:280

Output Escaping

9% escaped45 total outputs

Attack Surface

Newest Posts Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_enqueue_scriptsnewest-posts.php:24

actioninitnewest-posts.php:41

filterexcerpt_lengthnewest-posts.php:85

actionwidgets_initnewest-posts.php:280

Maintenance & Trust

Newest Posts Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 1, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Newest Posts Widget Alternatives

Latest News Widget

latest-news-widget

A customizable latest news widget.

200 No CVEs

Latest Posts

latest-posts

Latest posts widget to display recent posts from category.

5K No CVEs

Widget Post Slider

widget-post-slider

Widget Post Slider to display posts image in a slider from category.

1K 1 CVE

Latest Posts Widget

latest-posts-widget

Adds a widget that shows the most recent posts of your site with excerpt, featured image, date by sorting & ordering feature

300 No CVEs

Custom latest posts widget

custom-latest-posts-widget

Improve your sidebar a widget that shows the most recent posts of your site with excerpt, featured image, post type

10 No CVEs

Developer Profile

Newest Posts Widget Developer Profile

Nipun Tyagi

2 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Newest Posts Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/newest-posts/np-widget/np-style.css

HTML / DOM Fingerprints

CSS Classes

np-widgetrecent-post-thumb-itempost-titlepost-datecomment-num

Data Attributes

id="np-widget"class="np-widget"title="Permanent link tovalue="j M Y"name="num"name="sort_by"+8 more

FAQ