Does Optional Content have any unpatched vulnerabilities?

No. All known vulnerabilities in Optional Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Optional Content compatible with WordPress 3.1.4?

According to WordPress.org data, Optional Content 1.1 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is Optional Content updated?

Optional Content was last updated on Jun 13, 2011. Frequent updates are generally a positive security signal.

What is Optional Content's security score?

Optional Content has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Optional Content Security & Risk Analysis

wordpress.org/plugins/optional-content

This plugin makes it easy to conditionally display content. No more if statements in your template files!

40 active installs v1.1 PHP + WP 2.8.0+ Updated Jun 13, 2011

conditional-contentifif-elseoptional-contentphp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Optional Content Safe to Use in 2026?

Generally Safe

Score 85/100

Optional Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The optional-content plugin version 1.1 demonstrates a generally good security posture with no recorded vulnerabilities or critical code signals. The use of prepared statements for its single SQL query and the presence of capability checks are positive indicators. However, a significant concern is the complete lack of output escaping, meaning any data rendered to the user is not properly sanitized, potentially exposing the site to cross-site scripting (XSS) vulnerabilities. While there are no reported CVEs, the absence of output escaping is a fundamental security weakness that should be addressed immediately, as it represents a common entry point for attackers. The plugin's limited attack surface, with only one shortcode and no unprotected entry points, is a strength, but it does not mitigate the critical issue of unescaped output. Overall, the plugin has potential, but the unescaped output represents a notable risk that outweighs the strengths of its limited attack surface and lack of historical vulnerabilities.

Key Concerns

Unescaped output detected
No nonce checks on entry points

Vulnerabilities

None known

Optional Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Optional Content Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped5 total outputs

Attack Surface

Optional Content Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[optional_content] optional-content.php:16

WordPress Hooks 4

filtertiny_mce_versionoptional-content.php:19

actioninitoptional-content.php:20

filtermce_external_pluginsoptional-content.php:29

filtermce_buttonsoptional-content.php:30

Maintenance & Trust

Optional Content Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedJun 13, 2011

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

Optional Content Alternatives

Include Me

include-me

Include Me helps to include any external file (textual, HTML or PHP) in posts or pages.

4K 2 CVEs

SAR Friendly SMTP

sar-friendly-smtp

100

A friendly SMTP plugin for WordPress. No third-party, simply using WordPress native possibilities.

2K No CVEs

WPLifeCycle – Free PHP Version Info & Website Manager

free-php-version-info

100

This plugin shows your current PHP version, its lifecycle security support days, and can send version data to the WPLifeCycle for proactive planning.

100 No CVEs

Swift WP-Login.php

swift-wp-login

100

Change Your wp-login.php to anything you want.

10 No CVEs

Personalized Shortcodes Pro

personalized-shortcode-pro

Shortcodes with all the visitor's info that we can get (country, IP, country phone code, country flag emoji, city...).

0 No CVEs

Developer Profile

Optional Content Developer Profile

kylegetson

2 plugins · 140 total installs

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Optional Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/optional-content/tinymce_plugin.js

HTML / DOM Fingerprints

Shortcode Output

[optional_content][optional_content type="GET"][optional_content type="POST"][optional_content type="REQUEST"]

FAQ