Does OnList have any unpatched vulnerabilities?

No. All known vulnerabilities in OnList have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OnList compatible with WordPress 6.5.8?

According to WordPress.org data, OnList 1.0.8 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is OnList compatible with PHP 5.4+?

OnList requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OnList updated?

OnList was last updated on Apr 20, 2024. Frequent updates are generally a positive security signal.

What is OnList's security score?

OnList has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OnList Security & Risk Analysis

wordpress.org/plugins/onlist

Fast and easy setup to get online listing site or directory started.

0 active installs v1.0.8 PHP 5.4+ WP 4.6+ Updated Apr 20, 2024

classifiedsdirectoryecommercelistingsresponsive

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OnList Safe to Use in 2026?

Generally Safe

Score 92/100

OnList has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The onlist plugin v1.0.8 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries, implementing a significant number of capability checks, and including a nonce check. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its secure design. The attack surface is minimal, with only two shortcodes identified, and critically, there are no unprotected entry points. Furthermore, the taint analysis shows no identified flows with unsanitized paths, indicating a lack of immediate critical or high-severity vulnerabilities within the analyzed code.

The vulnerability history is also entirely clear, with no known CVEs, unpatched vulnerabilities, or past security incidents. This suggests a history of careful development and maintenance. However, a minor concern arises from the output escaping metric, where 19% of outputs are not properly escaped. While this does not currently appear to be exploited or lead to critical vulnerabilities, it represents a potential area for improvement and could, in specific circumstances or with future code changes, lead to cross-site scripting (XSS) vulnerabilities.

In conclusion, onlist v1.0.8 is a well-secured plugin with a clean track record and robust code practices. The primary area for attention is the unescaped output, which, while not a critical flaw at this time, should be addressed to further harden the plugin against potential XSS attacks. Overall, the plugin presents a low risk to WordPress installations.

Key Concerns

Unescaped output present

Vulnerabilities

None known

OnList Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

OnList Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

142 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

81% escaped176 total outputs

Attack Surface

OnList Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[onlist-listings] onlist.php:155

[onlist-categories] onlist.php:156

WordPress Hooks 20

actionadmin_menuadmin\onlist-plugin-admin.php:12

actionadmin_initadmin\onlist-plugin-admin.php:13

actionpre_get_postsinc\onlist-manage-terms.php:43

filterajax_query_attachments_argsinc\onlist-manage-terms.php:82

filterviews_edit-postinc\onlist-manage-terms.php:95

actionmanage_users_columnsinc\onlist-manage-terms.php:96

filterparse_queryinc\onlist-manage-terms.php:107

actionadmin_headinc\onlist-page-helpers.php:30

actionadmin_headinc\onlist-page-helpers.php:44

filterwp_insert_post_datainc\onlist-page-helpers.php:169

filtertemplate_includeinc\onlist-templater.php:28

actionwidgets_initinc\Onlist_Widget.php:87

actioninitonlist.php:34

actioninitonlist.php:42

actionwp_enqueue_scriptsonlist.php:56

actionafter_switch_themeonlist.php:90

actionadmin_enqueue_scriptsonlist.php:104

actionadd_meta_boxesonlist.php:120

actionsave_postonlist.php:136

actioninitonlist.php:158

Maintenance & Trust

OnList Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 20, 2024

PHP min version5.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

OnList Alternatives

Directorist: AI-Powered Business Directory, Listings & Classified Ads

directorist

Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.

20K 2 unpatched

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

classified-listing

A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.

10K 15 CVEs