Does Simple Link List Widget have any unpatched vulnerabilities?

Yes — Simple Link List Widget currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Simple Link List Widget compatible with WordPress 4.9.29?

According to WordPress.org data, Simple Link List Widget 0.3.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Simple Link List Widget updated?

Simple Link List Widget was last updated on Nov 9, 2018. Frequent updates are generally a positive security signal.

What is Simple Link List Widget's security score?

Simple Link List Widget has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Link List Widget Security & Risk Analysis

wordpress.org/plugins/simple-link-list-widget

This plugin makes a widget available which allows you to add a simple link list (bulleted or numbered) to a sidebar.

2K active installs v0.3.2 PHP + WP 2.8+ Updated Nov 9, 2018

linkslistlistswidget

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 5, 2025

Download

Safety Verdict

Is Simple Link List Widget Safe to Use in 2026?

Use With Caution

Score 63/100

Simple Link List Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 7yr ago

Risk Assessment

The static analysis of simple-link-list-widget v0.3.2 reveals a seemingly low attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. The code also shows good practices by using prepared statements for all SQL queries and performing no file operations or external HTTP requests. However, a significant concern arises from the low percentage of properly escaped output, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. This is further supported by the vulnerability history, which shows one unpatched medium severity CVE directly related to XSS. The lack of nonce and capability checks on the identified entry points, though minimal, also contributes to a reduced security posture. While the absence of dangerous functions and critical taint flows is positive, the combination of prevalent unescaped output and a historical XSS vulnerability makes this plugin a notable risk.

Key Concerns

Unpatched medium severity CVE
Low percentage of properly escaped output
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

Simple Link List Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58810medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Link List Widget <= 0.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Simple Link List Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped85 total outputs

Attack Surface

Simple Link List Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_enqueue_scriptssimple-link-list-widget.php:20

actionwidgets_initsimple-link-list-widget.php:230

Maintenance & Trust

Simple Link List Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 9, 2018

PHP min version

Downloads56K

Community Trust

Rating92/100

Number of ratings9

Active installs2K

Alternatives

Simple Link List Widget Alternatives

Lists Shortcode and Widget

lists-shortcode-and-widget

Create Lists. Nice and easy interface. Insert anywhere in your site - page/post editor, sidebars, template files.

100 No CVEs

Twitter Goodies Widgets

twitter-goodies-widgets

Uses the twitter goodies widgets API to create offical twitter widgets (profiles, lists, faves and search) straight from your control panel.

100 No CVEs

Limited Category Lists Widget

limited-category-lists-widget

Limited Category Lists Widget is a wordPress widget, lists the limited category as shown in the name.

10 No CVEs

Mailgun Subscriptions

mailgun-subscriptions

Add a Mailgun subscription form to your WordPress site. Your visitors can use the form to subscribe to your lists using the Mailgun API.

10 1 CVE

Unlimited Lists Widget

unlimited-lists-widget

A widget to show HTML list elements.

10 No CVEs

Developer Profile

Simple Link List Widget Developer Profile

jimmywb

1 plugin · 2K total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Link List Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-link-list-widget/simple-link-list-widget.css/wp-content/plugins/simple-link-list-widget/simple-link-list-widget.js/wp-content/plugins/simple-link-list-widget/images/delete.png

Script Paths

/wp-content/plugins/simple-link-list-widget/simple-link-list-widget.js

Version Parameters

simple-link-list-widget/simple-link-list-widget.css?ver=simple-link-list-widget/simple-link-list-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

widget_link_listsllw-instructionshide-if-no-jshide-if-jssimple-link-listlist-itemmoving-handlesllw-edit-item+2 more

HTML Comments

Data Attributes

data-widget-id

JS Globals

jQuery

FAQ