WP-Safety

NS Category Widget Security & Risk Analysis

wordpress.org/plugins/ns-category-widget

A plugin to add widget for listing Categories and Taxonomies. Extending Default WordPress Category Widget.

1K active installs v4.1.6 PHP 7.2.24+ WP 6.0+ Updated Sep 12, 2025
categorylistingsidebartaxonomywidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NS Category Widget Safe to Use in 2026?

Generally Safe

Score 100/100

NS Category Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The ns-category-widget plugin, version 4.1.6, exhibits a mixed security posture. On the positive side, the code analysis shows a strong adherence to secure coding practices regarding SQL queries, utilizing prepared statements exclusively. Furthermore, a high percentage of output is properly escaped, and there are no indications of dangerous functions, file operations, external HTTP requests, or bundled libraries that could pose a risk. The absence of any recorded vulnerabilities, critical taint flows, or unpatched CVEs is also a significant strength. However, a major concern is the presence of four AJAX handlers, all of which lack authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users to trigger potentially harmful actions within the plugin. The lack of nonces and capability checks on these AJAX endpoints further exacerbates this risk, as it allows for potential Cross-Site Request Forgery (CSRF) or unauthorized data manipulation.

Key Concerns

  • 4 unprotected AJAX handlers
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

NS Category Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

NS Category Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
128 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

96% escaped133 total outputs
Attack Surface
4 unprotected

NS Category Widget Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

noprivwp_ajax_nscw_nsbl_get_postsapp\Admin\SettingsPage.php:28
authwp_ajax_nscw_nsbl_get_postsapp\Admin\SettingsPage.php:29
authwp_ajax_populate_categoriesapp\Admin\Widget.php:24
noprivwp_ajax_populate_categoriesapp\Admin\Widget.php:25
WordPress Hooks 6
actionadmin_initapp\Admin\Admin.php:25
actionoptioner_admin_initapp\Admin\SettingsPage.php:26
actionadmin_enqueue_scriptsapp\Admin\SettingsPage.php:27
actionadmin_enqueue_scriptsapp\Admin\Widget.php:23
actionwidgets_initapp\Core\Core.php:24
actionwp_enqueue_scriptsapp\Frontend\Frontend.php:25
Maintenance & Trust

NS Category Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 12, 2025
PHP min version7.2.24
Downloads42K

Community Trust

Rating96/100
Number of ratings34
Active installs1K
Alternatives

NS Category Widget Alternatives

List Custom Taxonomy Widget

List Custom Taxonomy Widget

list-custom-taxonomy-widget

A
91

The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto …

9K 1 CVE
WP Categories Widget

WP Categories Widget

wp-categories-widget

A
100

Display the list of categories for any taxonomies type (WooCommerce Product Category, Blog Category, Project Category...etc) in sidebar

7K 1 CVE
Recent Posts by Category Widget

Recent Posts by Category Widget

recent-posts-by-category-widget

A
85

Just like the default Recent Posts widget except you can choose a category to pull posts from.

4K No CVEs
Taxonomy Dropdown Widget

Taxonomy Dropdown Widget

tag-dropdown-widget

A
100

Creates a dropdown list of non-hierarchical taxonomies as an alternative to the term (tag) cloud. Formerly known as Tag Dropdown Widget.

2K No CVEs
Taxonomy List Widget

Taxonomy List Widget

tag-list-widget

A
100

Creates a list (bulleted, number, or custom) of non-hierarchical taxonomies as an alternative to the term (tag) cloud. Formerly known as Tag List Widg …

2K No CVEs
Developer Profile

NS Category Widget Developer Profile

Nilambar Sharma

9 plugins · 9K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
22 days
View full developer profile
Detection Fingerprints

How We Detect NS Category Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ns-category-widget/build/blog-posts.js/wp-content/plugins/ns-category-widget/assets/css/tree.css/wp-content/plugins/ns-category-widget/assets/js/tree.js
Script Paths
/wp-content/plugins/ns-category-widget/build/blog-posts.js/wp-content/plugins/ns-category-widget/assets/js/tree.js
Version Parameters
ns-category-widget/build/blog-posts.js?ver=ns-category-widget/assets/css/tree.css?ver=ns-category-widget/assets/js/tree.js?ver=

HTML / DOM Fingerprints

CSS Classes
ns-category-widget-tree-containerns-category-widget-tree-nodens-category-widget-tree-leafns-category-widget-tree-arrowns-category-widget-tree-activenscw-settings-page-wrap
HTML Comments
NS Category Widget settings page. Widget settings. Widget for listing categories.
Data Attributes
data-taxonomydata-iddata-parentdata-leveldata-nscw-settings-page
JS Globals
NS_Category_Widget_SettingsNS_Category_Widget_Tree
REST Endpoints
/wp-json/nscw/v1/settings
FAQ

Frequently Asked Questions about NS Category Widget