WP-Safety

Scheduled Announcements Widget Security & Risk Analysis

wordpress.org/plugins/scheduled-announcements-widget

The Scheduled Announcements Widget lets you add a scrolling list of site announcements to any widgetized area of your site.

100 active installs v1.0 PHP + WP 3.2.1+ Updated Mar 10, 2023
alertsannouncementsscheduled-announcements
85
A · Safe
CVEs total1
Unpatched0
Last CVEMar 20, 2023
Plugin page Download
Safety Verdict

Is Scheduled Announcements Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Scheduled Announcements Widget has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 20, 2023Updated 3yr ago
Risk Assessment

The "scheduled-announcements-widget" plugin v1.0 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and incorporating nonce checks. The static analysis shows no critical or high severity taint flows, and a relatively small attack surface with only one shortcode entry point, which is not explicitly stated as unprotected.

However, a significant concern arises from the output escaping. With 32% of outputs properly escaped, this leaves a substantial portion vulnerable to cross-site scripting (XSS) attacks. The vulnerability history, which includes a past medium severity XSS vulnerability, further reinforces this concern. While the past vulnerability is patched, the recurring nature of XSS in the plugin's history and the current low rate of proper output escaping indicate a persistent weakness that could be exploited.

In conclusion, while the plugin avoids common pitfalls like raw SQL and critical taint flows, the insufficient output escaping is a notable weakness. The historical XSS vulnerability, coupled with the current code signals, suggests a need for more rigorous input validation and output sanitization to mitigate the risk of XSS.

Key Concerns

  • Insufficient output escaping identified
  • Past medium XSS vulnerability history
Vulnerabilities
1

Scheduled Announcements Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-0363medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Scheduled Announcements Widget <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 20, 2023 Patched in 1.0 (309d)
Code Analysis
Analyzed Mar 16, 2026

Scheduled Announcements Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
54
25 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

32% escaped79 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
saw_admin_options (scheduled-announcements.php:583)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Scheduled Announcements Widget Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[announcements] scheduled-announcements.php:363
WordPress Hooks 11
actionsaw_plugin_default_optionsscheduled-announcements.php:32
filterplugin_action_linksscheduled-announcements.php:45
actionwp_enqueue_scriptsscheduled-announcements.php:51
actionadmin_enqueue_scriptsscheduled-announcements.php:60
actionadmin_initscheduled-announcements.php:72
actioninitscheduled-announcements.php:98
actioninitscheduled-announcements.php:113
actionadd_meta_boxesscheduled-announcements.php:125
actionsave_postscheduled-announcements.php:185
actionadmin_menuscheduled-announcements.php:580
actionwidgets_initscheduled-announcements.php:738
Maintenance & Trust

Scheduled Announcements Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedMar 10, 2023
PHP min version
Downloads17K

Community Trust

Rating76/100
Number of ratings5
Active installs100
Alternatives

Scheduled Announcements Widget Alternatives

News Communications Hub

News Communications Hub

news-communications-hub

A
92

Flexible WordPress plugin that allows you to display news notifications and updates on your website

0 No CVEs
Horizontal scrolling announcements

Horizontal scrolling announcements

horizontal-scrolling-announcements

B
83

This horizontal scrolling announcement wordpress plugin lets scroll the content from one end to another end like reel. This plugin is using JQuery Mar &hellip;

9K 1 CVE
Announcement & Notification Banner – Bulletin

Announcement & Notification Banner – Bulletin

bulletin-announcements

A
96

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K 5 CVEs
Cart Notices for WooCommerce

Cart Notices for WooCommerce

cart-notices-for-woocommerce

A
100

Display on cart page notices based on products and product categories in cart, cart cost, current day and time, customer referrer.

2K No CVEs
Post Timeline

Post Timeline

post-timeline

A
99

Create stunning and interactive timelines for your WordPress posts with ease. Post Timeline is the ultimate plugin for displaying your WordPress conte &hellip;

800 2 CVEs
Developer Profile

Scheduled Announcements Widget Developer Profile

Nikki Blight

3 plugins · 4K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
654 days
View full developer profile
Detection Fingerprints

How We Detect Scheduled Announcements Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scheduled-announcements-widget/saw-menu-icon.png

HTML / DOM Fingerprints

Data Attributes
saw_start_datesaw_end_datesaw_id
JS Globals
jQuery
Shortcode Output
[saw_show_widget]
FAQ

Frequently Asked Questions about Scheduled Announcements Widget