WP-Safety

Page Parts Security & Risk Analysis

wordpress.org/plugins/page-parts

Manage subsections of a page. Create 'page parts' as children of a page to display in different areas of your templates. Requires WordPress 3.4.

50 active installs v1.5 PHP + WP 3.9+ Updated Nov 26, 2025
cmspages
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 20, 2024
Plugin page Download
Safety Verdict

Is Page Parts Safe to Use in 2026?

Generally Safe

Score 99/100

Page Parts has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 20, 2024Updated 4mo ago
Risk Assessment

The page-parts plugin v1.5 exhibits a generally good security posture with several strengths, including a low number of entry points, all of which appear to have authentication checks. The plugin also demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage (93%) of output properly escaped. Nonce and capability checks are also present on its entry points. However, a significant concern is the presence of the 'unserialize' function, which is a known vector for Remote Code Execution (RCE) if improperly handled. While no direct taint flows were detected in this analysis, the potential for abuse with unserialization remains. The vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting that while the developers have addressed past issues, the potential for input validation weaknesses exists. The single unpatched CVE (though marked as 0 currently) indicates a need for vigilance. Overall, while the current static analysis shows no immediate critical threats, the 'unserialize' function represents a latent risk that warrants careful monitoring and potential remediation if its usage involves untrusted input.

Key Concerns

  • Dangerous function: unserialize present
  • Past medium severity CVE (XSS)
Vulnerabilities
1

Page Parts Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11360medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page Parts <= 1.4.3 - Reflected Cross-Site Scripting

Nov 20, 2024 Patched in 1.4.4 (2d)
Code Analysis
Analyzed Mar 16, 2026

Page Parts Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
6
81 escaped
Nonce Checks
7
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $r['body']['plugins'] );admin\admin.php:879

Output Escaping

93% escaped87 total outputs
Attack Surface

Page Parts Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_page_parts_dragndrop_orderadmin\admin.php:20
authwp_ajax_page_parts_locationadmin\admin.php:21
authwp_ajax_page_parts_templateadmin\admin.php:22
WordPress Hooks 17
actionwpadmin\admin.php:9
actionadmin_headadmin\admin.php:10
actionadmin_enqueue_scriptsadmin\admin.php:11
actionadmin_enqueue_scriptsadmin\admin.php:12
actionsave_postadmin\admin.php:13
filterhttp_request_argsadmin\admin.php:14
actionload-post.phpadmin\admin.php:15
actionload-edit.phpadmin\admin.php:16
filtermanage_edit-page-part_columnsadmin\admin.php:17
actionmanage_posts_custom_columnadmin\admin.php:18
actionadd_meta_boxesadmin\admin.php:19
filterpost_updated_messagesadmin\admin.php:23
filterplugin_row_metaadmin\admin.php:24
filteradmin_menuadmin\admin.php:25
actioninitpage-parts.php:29
filterpost_type_linkpage-parts.php:30
filterpost_classpage-parts.php:31
Maintenance & Trust

Page Parts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 26, 2025
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings1
Active installs50
Alternatives

Page Parts Alternatives

Next Page, Not Next Post

Next Page, Not Next Post

next-page-not-next-post

C
63

Easily create navigation to sibling pages. Similar to next_post_link() and previous_post_link() but for pages.

1K 1 unpatched
Better Section Navigation

Better Section Navigation

better-section-navigation

A
99

Creates a new widget for listing section-based navigation -- essential for contextual navigation. Also implements a template function and a shortcode.

700 1 CVE
CMS Dashboard

CMS Dashboard

content-management-system-dashboard

A
85

Improve the usability of your Wordpress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common task &hellip;

300 No CVEs
Lock Pages

Lock Pages

lock-pages

A
85

Lock Pages prevents specified pages (or all pages), posts, or custom post types from having their slug, parent, status or password edited, or from bei &hellip;

300 No CVEs
Pagely MultiEdit

Pagely MultiEdit

pagely-multiedit

A
85

MultiEdit adds tinyMCE editable "blocks" to WordPress custom page templates.

300 No CVEs
Developer Profile

Page Parts Developer Profile

Ben Huson

16 plugins · 21K total installs

90
trust score
Avg Security Score
86/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect Page Parts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/page-parts/css/page-parts-admin.css/wp-content/plugins/page-parts/js/page-parts-admin.js
Script Paths
/wp-content/plugins/page-parts/js/page-parts-admin.js
Version Parameters
page-parts-admin.css?ver=page-parts-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
page-part-templatepage-part-template-page-part-default
Data Attributes
data-page-part-id
JS Globals
page_parts_admin_vars
FAQ

Frequently Asked Questions about Page Parts