Does Simple Author Box have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Author Box have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Author Box compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Author Box 2.59 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Author Box compatible with PHP 5.6+?

Simple Author Box requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Author Box updated?

Simple Author Box was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Simple Author Box's security score?

Simple Author Box has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Author Box Security & Risk Analysis

wordpress.org/plugins/simple-author-box

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K active installs v2.59 PHP 5.6+ WP 4.6+ Updated Dec 3, 2025

author-bioauthor-boxauthor-profileauthor-social-iconsguest-author

A · Safe

CVEs total2

Unpatched0

Last CVEJul 24, 2023

Plugin page Download

Safety Verdict

Is Simple Author Box Safe to Use in 2026?

Generally Safe

Score 99/100

Simple Author Box has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 24, 2023Updated 4mo ago

Risk Assessment

The 'simple-author-box' plugin v2.59 presents a mixed security posture. While it demonstrates good practices in several areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and past vulnerability history. The presence of an AJAX handler without authentication checks is a notable weakness, creating a direct entry point for potential exploitation. Although no critical or high-severity taint flows were identified in the static analysis, the lack of authorization on one AJAX endpoint warrants attention. The plugin's history of medium-severity vulnerabilities, specifically authorization bypass and CSRF, coupled with the recent occurrence of its last vulnerability in July 2023, suggests a pattern of issues that, while not critical, require diligent patching and monitoring. The plugin's strengths lie in its secure handling of database interactions and output, but the identified attack surface and historical vulnerabilities indicate a need for continued vigilance and potentially further hardening.

Key Concerns

Unprotected AJAX handler found
Medium severity CVEs in history (x2)

Vulnerabilities

Simple Author Box Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-3601medium · 4.3Authorization Bypass Through User-Controlled Key

Simple Author Box <= 2.51 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary User Sensitive Information Exposure

Jul 24, 2023 Patched in 2.52 (183d)

WF-f670b93e-da2e-43e7-a28a-6cacba4df3a1-simple-author-boxmedium · 4.3Cross-Site Request Forgery (CSRF)

Simple Author Box <= 2.50 - Cross-Site Request Forgery via save_user_profile

Mar 28, 2023 Patched in 2.51 (301d)

Code Analysis

Analyzed Mar 16, 2026

Simple Author Box Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

233 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped245 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

validate_import_file (inc\class-simple-author-box-admin-page.php:1020)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Simple Author Box Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_sab_get_authorinc\class-simple-author-box-block.php:17

authwp_ajax_sab_dismiss_pointerinc\class-simple-author-box.php:27

Shortcodes 1

[simple-author-box] inc\class-simple-author-box.php:300

WordPress Hooks 41

actionadmin_menuinc\class-simple-author-box-admin-page.php:732

actionadmin_initinc\class-simple-author-box-admin-page.php:733

actioninitinc\class-simple-author-box-block.php:15

actioninitinc\class-simple-author-box-block.php:16

actionsab_admin_previewinc\class-simple-author-box-previewer.php:49

actionadmin_enqueue_scriptsinc\class-simple-author-box-previewer.php:51

actioninitinc\class-simple-author-box-user-profile.php:8

actionshow_user_profileinc\class-simple-author-box-user-profile.php:13

actionedit_user_profileinc\class-simple-author-box-user-profile.php:14

actionshow_user_profileinc\class-simple-author-box-user-profile.php:17

actionedit_user_profileinc\class-simple-author-box-user-profile.php:18

actionpersonal_options_updateinc\class-simple-author-box-user-profile.php:20

actionedit_user_profile_updateinc\class-simple-author-box-user-profile.php:21

filterpre_user_descriptioninc\class-simple-author-box-user-profile.php:25

actioninitinc\class-simple-author-box.php:24

actionwidgets_initinc\class-simple-author-box.php:25

actionin_admin_footerinc\class-simple-author-box.php:29

filteradmin_footer_textinc\class-simple-author-box.php:31

filterget_avatarinc\class-simple-author-box.php:194

filteramp_post_template_datainc\class-simple-author-box.php:195

actioninitinc\class-simple-author-box.php:201

actionadmin_enqueue_scriptsinc\class-simple-author-box.php:202

filteruser_contactmethodsinc\class-simple-author-box.php:203

actionwp_enqueue_scriptsinc\class-simple-author-box.php:299

filtersabox_hide_social_iconsinc\class-simple-author-box.php:301

filtersabox_check_if_showinc\class-simple-author-box.php:302

filterthe_contentinc\class-simple-author-box.php:305

actionwp_footerinc\class-simple-author-box.php:309

actionwp_headinc\class-simple-author-box.php:318

actionplugins_loadedinc\elementor\class-simple-author-box-elementor-check.php:40

actionadmin_noticesinc\elementor\class-simple-author-box-elementor-check.php:51

actionadmin_noticesinc\elementor\class-simple-author-box-elementor-check.php:57

actionelementor/widgets/widgets_registeredinc\elementor\class-simple-author-box-elementor-widget-activation.php:51

filtersafe_style_cssinc\functions.php:63

filtersafe_style_cssinc\functions.php:346

actionadmin_noticesinc\functions.php:431

actionadmin_noticesinc\functions.php:452

actionadmin_initwf-flyout\wf-flyout.php:26

actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:72

actionadmin_headwf-flyout\wf-flyout.php:73

actionadmin_footerwf-flyout\wf-flyout.php:74

Maintenance & Trust

Simple Author Box Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.6

Downloads1.6M

Community Trust

Rating86/100

Number of ratings113

Active installs80K

Alternatives

Simple Author Box Alternatives

WP Post Author – Author Box, Co-Authors & Guest Authors

wp-post-author

WP Post Author provides a complete solution for displaying author information, managing multiple authors, collecting post ratings, and creating user r …

10K 6 CVEs

Smart Author Box Widget

smart-author-box-widget

100

Smart Author Box Widget displays author bio box with an image, description, and social links—perfect for multi-author blogs and personal sites.

70 No CVEs

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

authorsy

Authorsy is a powerful WordPress author box plugin. Add customizable author profiles, multiple authors, guest authors, bios, social links, and post ra …

1K 2 CVEs

Cool Author Box – For Widget and Post Content

hm-cool-author-box-widget

Cool Author Box displays an responsive author box with social media links to your widget and post content area.

600 2 CVEs

Magic Author Box

magic-author-box

100

Display responsive customized author box with social icons on posts. Fully customizable templates for each author with separate UI design.

0 No CVEs

Developer Profile

Simple Author Box Developer Profile

WebFactory

28 plugins · 3.5M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

699 days

View full developer profile

Detection Fingerprints

How We Detect Simple Author Box

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-author-box/wf-flyout/css/wf-flyout.css/wp-content/plugins/simple-author-box/assets/css/sabox-style.css/wp-content/plugins/simple-author-box/assets/css/sabox-editor.css/wp-content/plugins/simple-author-box/assets/js/webfont.js/wp-content/plugins/simple-author-box/assets/js/sab-preview.js/wp-content/plugins/simple-author-box/assets/js/simple-author-box.js

Script Paths

/wp-content/plugins/simple-author-box/assets/js/webfont.js/wp-content/plugins/simple-author-box/assets/js/sab-preview.js/wp-content/plugins/simple-author-box/assets/js/simple-author-box.js

Version Parameters

simple-author-box/assets/css/sabox-style.css?ver=simple-author-box/assets/css/sabox-editor.css?ver=simple-author-box/assets/js/webfont.js?ver=simple-author-box/assets/js/sab-preview.js?ver=simple-author-box/assets/js/simple-author-box.js?ver=

HTML / DOM Fingerprints

CSS Classes

saboxplugin-wrapsaboxplugin-tabs-wrappersaboxplugin-tabsaboxplugin-tab-aboutsaboxplugin-gravatarsab-rotate-imgsab-round-imagesab-fancy-image+16 more

Data Attributes

data-tab

JS Globals

sabox_webfontsabox_previewersimple_author_box

FAQ