Does Post To Sidebar have any unpatched vulnerabilities?

No. All known vulnerabilities in Post To Sidebar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Post To Sidebar compatible with WordPress 3.2.1?

According to WordPress.org data, Post To Sidebar 1.1.4 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Post To Sidebar updated?

Post To Sidebar was last updated on Nov 2, 2011. Frequent updates are generally a positive security signal.

What is Post To Sidebar's security score?

Post To Sidebar has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post To Sidebar Security & Risk Analysis

wordpress.org/plugins/post-to-sidebar

A WordPress plugin/widget that gives you the ability to put content (posts and custom post types) in your sidebar.

30 active installs v1.1.4 PHP + WP 3.0+ Updated Nov 2, 2011

pagespostssidebarwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Post To Sidebar Safe to Use in 2026?

Generally Safe

Score 85/100

Post To Sidebar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "post-to-sidebar" plugin v1.1.4 demonstrates a generally good security posture with no known historical vulnerabilities and a zero attack surface from common entry points like AJAX, REST API, shortcodes, and cron events. The taint analysis also reveals no critical or high-severity unsanitized flows, which is a positive sign. However, the static code analysis highlights a significant concern: the presence of the `create_function` in the codebase. This function is deprecated and can lead to severe security issues, including arbitrary code execution, if not handled with extreme care and proper sanitization, which is not indicated here.

Furthermore, the plugin's handling of SQL queries is concerning, with 100% of its single SQL query not using prepared statements. This makes it vulnerable to SQL injection attacks, especially if any user-supplied data is incorporated into the query. The low percentage of properly escaped outputs (11%) also indicates a high risk of cross-site scripting (XSS) vulnerabilities, as user-controlled data displayed on the frontend might not be properly neutralized.

While the absence of historical CVEs and a lack of obvious vulnerabilities in taint analysis are strengths, the identified code signals point to critical areas of weakness. The reliance on `create_function` and the lack of prepared statements for SQL, coupled with poor output escaping, create significant potential security risks that outweigh the plugin's seemingly small attack surface and clean vulnerability history.

Key Concerns

Use of dangerous function: create_function
SQL queries without prepared statements
Low percentage of properly escaped output
No nonce checks
Weak capability check usage

Vulnerabilities

None known

Post To Sidebar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Post To Sidebar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("post_to_sidebar_widget");')widget_post_to_sidebar.php:163

SQL Query Safety

0% prepared1 total queries

Output Escaping

11% escaped18 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

post_to_sidebar_plugin_options (post_to_sidebar.php:80)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Post To Sidebar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionplugins_loadedpost_to_sidebar.php:34

actionwidgets_initpost_to_sidebar.php:48

actionadmin_initpost_to_sidebar.php:64

actionadmin_menupost_to_sidebar.php:68

actionsave_postpost_to_sidebar.php:267

filterbody_classwidget_post_to_sidebar.php:102

filterthe_titlewidget_post_to_sidebar.php:142

filterthe_contentwidget_post_to_sidebar.php:160

actionwidgets_initwidget_post_to_sidebar.php:163

Maintenance & Trust

Post To Sidebar Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedNov 2, 2011

PHP min version

Downloads14K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Post To Sidebar Alternatives

Per Page Sidebars

per-page-sidebars

The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.

1K No CVEs

Query Posts

query-posts

A WordPress widget that gives you unlimited control over showing posts and pages.

900 1 unpatched

Per Page Widgets

per-page-widgets

Control widget areas on a per-page / per-post basis.

300 No CVEs

Express Posts

express-posts

Express posts provides a widget to display either a subset of posts, the children of a page or its siblings.

10 No CVEs

Galaxius Custom Sidebars

galaxius-custom-sidebars

100

Allows quick creation of unique sidebars for posts, pages and categories.

10 No CVEs

Developer Profile

Post To Sidebar Developer Profile

dmallon

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Post To Sidebar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-to-sidebar/widget_post_to_sidebar.php

HTML / DOM Fingerprints

HTML Comments

<!--

		This program is free software; you can redistribute it and/or modify
		it under the terms of the GNU General Public License, version 2, as 
		published by the Free Software Foundation.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
		GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program; if not, write to the Free Software
		Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA	02110-1301	USA

-->

<!--

// End of admin section

-->

<!--

		Prints the box content

-->

<!--

		Checks to see if an option is already selected in options table

-->

+6 more

Data Attributes

name="p2s_use_title"name="p2s_use_excerpt"name="p2s_post_types[]"name="post-excerpt"name="post-title"value="yes"+6 more

JS Globals

post_to_sidebar_widget

FAQ