WP-Safety

Page scroll to id Security & Risk Analysis

wordpress.org/plugins/page-scroll-to-id

Create links that scroll the page smoothly to any id within the document.

100K active installs v1.7.9 PHP + WP 3.3+ Updated Dec 24, 2025
navigationpage-animationpage-scrollingsingle-page-navigationsmooth-scroll
99
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 16, 2024
Plugin page Download
Safety Verdict

Is Page scroll to id Safe to Use in 2026?

Generally Safe

Score 99/100

Page scroll to id has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 16, 2024Updated 3mo ago
Risk Assessment

The "page-scroll-to-id" plugin, version 1.7.9, exhibits a mixed security posture. On one hand, it demonstrates good practices with a very small attack surface, no identified cron events, and nearly all output being properly escaped. The presence of nonce and capability checks is also positive. However, the use of the deprecated `create_function` is a significant concern, as this function is known to be a potential source of security vulnerabilities due to its dynamic code execution capabilities and lack of strict sandboxing. Additionally, the plugin's history includes two medium-severity vulnerabilities, both related to Cross-Site Scripting (XSS). While currently unpatched CVEs are zero, the recurring nature of XSS vulnerabilities suggests a pattern that requires attention and careful review of input handling, even with the generally good output escaping scores.

Key Concerns

  • Usage of dangerous function: create_function
  • Raw SQL query without prepared statements
  • Two medium severity CVEs in history
  • Bundled library (TinyMCE) might be outdated
Vulnerabilities
2

Page scroll to id Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-1445medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 16, 2024 Patched in 1.7.9 (5d)
CVE-2022-4449medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page scroll to id <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 21, 2022 Patched in 1.7.6 (398d)
Code Analysis
Analyzed Mar 16, 2026

Page scroll to id Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
0 prepared
Unescaped Output
1
73 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_functioncreate_function('', 'return register_widget("malihuPageScroll2idWidget");')includes\class-malihu-pagescroll2id-widget-init-php52.php:3
create_function$pl_shortcodes[$i]=create_function('$atts,$content=null','includes\malihu-pagescroll2id-shortcodes-php52.php:8
create_function$pl_shortcodes_b[$i]=create_function('$atts,$content=null','includes\malihu-pagescroll2id-shortcodes-php52.php:30

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

99% escaped74 total outputs
Attack Surface

Page scroll to id Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 25
filtermce_external_pluginsincludes\class-malihu-pagescroll2id-tinymce.php:16
filtermce_buttonsincludes\class-malihu-pagescroll2id-tinymce.php:17
actionwidgets_initincludes\class-malihu-pagescroll2id-widget-init-php52.php:2
actionwidgets_initincludes\class-malihu-pagescroll2id-widget-init.php:2
actionwp_enqueue_scriptsincludes\malihu-pagescroll2id-unbind-click-php53.php:7
actionadmin_noticesincludes\ps2id-plugin-admin-notice.php:6
actionnetwork_admin_noticesincludes\ps2id-plugin-admin-notice.php:7
actionadmin_initincludes\ps2id-plugin-admin-notice.php:8
actionadmin_noticesmalihu-pagescroll2id.php:73
actionadmin_noticesmalihu-pagescroll2id.php:78
actionplugins_loadedmalihu-pagescroll2id.php:86
actionadmin_menumalihu-pagescroll2id.php:88
actionadmin_initmalihu-pagescroll2id.php:90
actionadmin_initmalihu-pagescroll2id.php:92
actionadmin_enqueue_scriptsmalihu-pagescroll2id.php:94
actionadmin_enqueue_scriptsmalihu-pagescroll2id.php:95
actionenqueue_block_editor_assetsmalihu-pagescroll2id.php:97
actionenqueue_block_editor_assetsmalihu-pagescroll2id.php:98
actionplugins_loadedmalihu-pagescroll2id.php:100
actionwp_enqueue_scriptsmalihu-pagescroll2id.php:105
actionadmin_headmalihu-pagescroll2id.php:111
filternav_menu_link_attributesmalihu-pagescroll2id.php:607
actionadmin_headmalihu-pagescroll2id.php:612
actionwidget_form_callbackmalihu-pagescroll2id.php:616
actionwp_footermalihu-pagescroll2id.php:620
Maintenance & Trust

Page scroll to id Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 24, 2025
PHP min version
Downloads1.8M

Community Trust

Rating98/100
Number of ratings224
Active installs100K
Alternatives

Page scroll to id Alternatives

Scrollr

Scrollr

scrollr

A
100

Scroll smoothly to a page's section or push it back to the top.

100 No CVEs
Breadcrumb NavXT

Breadcrumb NavXT

breadcrumb-navxt

A
98

Adds breadcrumb navigation showing the visitor's path to their current location.

800K 2 CVEs
WP-PageNavi

WP-PageNavi

wp-pagenavi

A
92

Adds a more advanced paging navigation interface.

500K No CVEs
Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
WPFront Scroll Top

WPFront Scroll Top

wpfront-scroll-top

A
100

Adds a lightweight and smooth "Scroll to Top" button to your WordPress site, improving navigation and user experience with customizable options.

200K 1 CVE
Developer Profile

Page scroll to id Developer Profile

malihu

1 plugin · 100K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
202 days
View full developer profile
Detection Fingerprints

How We Detect Page scroll to id

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/page-scroll-to-id/css/admin-gen.css/wp-content/plugins/page-scroll-to-id/css/admin.css/wp-content/plugins/page-scroll-to-id/includes/blocks/blocks.css/wp-content/plugins/page-scroll-to-id/js/admin.js/wp-content/plugins/page-scroll-to-id/js/jquery.malihu.PageScroll2id.js/wp-content/plugins/page-scroll-to-id/js/jquery.malihu.PageScroll2id-init.js/wp-content/plugins/page-scroll-to-id/js/page-scroll-to-id.min.js/wp-content/plugins/page-scroll-to-id/js/jquery.malihu.PageScroll2id-unbind-defer.js
Script Paths
js/admin.jsjs/jquery.malihu.PageScroll2id.jsjs/jquery.malihu.PageScroll2id-init.jsjs/page-scroll-to-id.min.jsjs/jquery.malihu.PageScroll2id-unbind-defer.jsincludes/blocks/blocks.js
Version Parameters
page-scroll-to-id/css/admin-gen.css?ver=page-scroll-to-id/css/admin.css?ver=page-scroll-to-id/includes/blocks/blocks.css?ver=page-scroll-to-id/js/admin.js?ver=page-scroll-to-id/js/jquery.malihu.PageScroll2id.js?ver=page-scroll-to-id/js/jquery.malihu.PageScroll2id-init.js?ver=page-scroll-to-id/js/page-scroll-to-id.min.js?ver=page-scroll-to-id/js/jquery.malihu.PageScroll2id-unbind-defer.js?ver=page-scroll-to-id/includes/blocks/blocks.js?ver=

HTML / DOM Fingerprints

CSS Classes
mPS2id
Data Attributes
data-ps2id-targetdata-ps2id-clickdata-ps2id-durationdata-ps2id-shiftdowndata-ps2id-offsetdata-ps2id-scrollspeed+5 more
JS Globals
mPS2id
FAQ

Frequently Asked Questions about Page scroll to id