Does Pocket Widget have any unpatched vulnerabilities?

Yes — Pocket Widget currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Pocket Widget compatible with WordPress 3.9.40?

According to WordPress.org data, Pocket Widget 0.1.3 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Pocket Widget updated?

Pocket Widget was last updated on Nov 12, 2014. Frequent updates are generally a positive security signal.

What is Pocket Widget's security score?

Pocket Widget has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pocket Widget Security & Risk Analysis

wordpress.org/plugins/pocket-widget

A Wordpress widget to show your Pocket collection.

10 active installs v0.1.3 PHP + WP 3.0.1+ Updated Nov 12, 2014

pocketwidget

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 19, 2024

Plugin page Download

Safety Verdict

Is Pocket Widget Safe to Use in 2026?

Use With Caution

Score 64/100

Pocket Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 19, 2024Updated 11yr ago

Risk Assessment

The "pocket-widget" plugin v0.1.3 presents a mixed security posture. While the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events lacking authentication or permission checks, there are notable concerns within the codebase itself. Specifically, the presence of a single SQL query that does not utilize prepared statements is a significant risk, potentially exposing the site to SQL injection vulnerabilities. Furthermore, the low percentage of properly escaped output (9%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, especially given that the plugin has a history of XSS-related CVEs.

The plugin's vulnerability history, including a recent unpatched medium severity CVE related to XSS, exacerbates these concerns. This pattern indicates that the developers may struggle with secure coding practices, particularly in sanitizing user input and preventing the injection of malicious scripts. While the absence of a large, unprotected attack surface is a positive, the internal code quality issues and the ongoing unpatched vulnerability create a substantial risk. The overall conclusion is that while the plugin's direct exposure points are limited, the internal code quality and historical vulnerability suggest a need for significant improvement to ensure a secure state.

Key Concerns

Unpatched CVE exists
SQL query without prepared statements
Low percentage of properly escaped output
No capability checks
Flows with unsanitized paths

Vulnerabilities

1 published

Pocket Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-7918medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 19, 2024Unpatched

Version History

Pocket Widget Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Pocket Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

9% escaped11 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<authenticate> (authenticate.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Pocket Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionplugins_loadedPocketWidgetPlugin.php:36

actionadmin_menuPocketWidgetPlugin.php:49

actionadmin_initPocketWidgetPlugin.php:50

actionwidgets_initPocketWidgetPlugin.php:51

actionadmin_enqueue_scriptsPocketWidgetPlugin.php:52

Maintenance & Trust

Pocket Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedNov 12, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Pocket Widget Alternatives

Pocket WP

pocket-wp

Pocket WP allows you to embed your Pocket links into a WordPress page or post via a shortcode or a widget.

30 No CVEs

WordsTree Pocket Navigator

wt-pocket-navigator

The plugin to make available for you, while you write, your Pocket favorites.

0 No CVEs

Classic Widgets

classic-widgets

100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 24 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs

Developer Profile

Pocket Widget Developer Profile

Sjeiti

3 plugins · 30 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pocket Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pocket-widget/js/pocketwidget.js

Script Paths