Does Smart Recent Posts Widget have any unpatched vulnerabilities?

Yes — Smart Recent Posts Widget currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Smart Recent Posts Widget compatible with WordPress 6.5.8?

According to WordPress.org data, Smart Recent Posts Widget 1.0.4 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Smart Recent Posts Widget compatible with PHP 5.6+?

Smart Recent Posts Widget requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smart Recent Posts Widget updated?

Smart Recent Posts Widget was last updated on Jul 28, 2024. Frequent updates are generally a positive security signal.

What is Smart Recent Posts Widget's security score?

Smart Recent Posts Widget has a WP-Safety security score of 71/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Recent Posts Widget Security & Risk Analysis

wordpress.org/plugins/smart-recent-posts-widget

Provides advanced recent posts widget,you can display it with thumbnails, excerpt, date, author, comment count and more.

9K active installs v1.0.4 PHP 5.6+ WP 5.8+ Updated Jul 28, 2024

popular-postsrandom-postsrecent-poststhumbnailswidget

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 26, 2024

Plugin page Download

Safety Verdict

Is Smart Recent Posts Widget Safe to Use in 2026?

Mostly Safe

Score 71/100

Smart Recent Posts Widget is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 26, 2024Updated 1yr ago

Risk Assessment

The "smart-recent-posts-widget" plugin exhibits a mixed security posture. While the static analysis reveals a lack of direct entry points like AJAX handlers, REST API routes, or shortcodes, and all SQL queries appear to use prepared statements, there are significant concerns. The plugin has a concerningly low percentage of properly escaped output (41%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks in any entry points further exacerbates this risk, as there's no mechanism to verify the integrity of requests. The plugin's vulnerability history is particularly worrying, with one known medium-severity CVE that remains unpatched. This indicates a pattern of past security flaws and a current state of vulnerability. The past XSS vulnerability type aligns with the observed lack of output escaping, suggesting a recurring issue. While the plugin avoids dangerous functions and external requests, the high proportion of unescaped output and the presence of an unpatched vulnerability present a substantial risk.

Key Concerns

Unpatched medium severity CVE
Low percentage of properly escaped output
Missing nonce checks on entry points

Vulnerabilities

Smart Recent Posts Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-33692medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Recent Posts Widget <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 26, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Smart Recent Posts Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

114

78 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

41% escaped192 total outputs

Attack Surface

Smart Recent Posts Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionplugins_loadedsrpw.php:36

actionplugins_loadedsrpw.php:39

actionplugins_loadedsrpw.php:42

actionadmin_enqueue_scriptssrpw.php:45

actioncustomize_controls_enqueue_scriptssrpw.php:46

actionenqueue_block_editor_assetssrpw.php:47

actionwidgets_initsrpw.php:50

actionwp_enqueue_scriptssrpw.php:53

actionenqueue_block_editor_assetssrpw.php:54

Maintenance & Trust

Smart Recent Posts Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJul 28, 2024

PHP min version5.6

Downloads132K

Community Trust

Rating96/100

Number of ratings30

Active installs9K

Alternatives

Smart Recent Posts Widget Alternatives

Logicrays Recent Post Widget

logicrays-recent-post-widget

Recent Post Widget With Two Option Slider and List..

0 No CVEs

Fancy Posts Widget

fancy-posts-widget

Another posts widget plugin

10 No CVEs

Latest Posts With Thumbnails and Ads

latest-posts-with-thumbnails-and-ads

Just like the default Recent Posts widget except that posts are with thumbnails and you can show ads between them, show post date and comments count.

30 No CVEs

Developer Profile

Smart Recent Posts Widget Developer Profile

Ga Satrya

6 plugins · 41K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

524 days

View full developer profile

Detection Fingerprints

How We Detect Smart Recent Posts Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-recent-posts-widget/assets/css/srpw-admin.css/wp-content/plugins/smart-recent-posts-widget/assets/css/srpw-frontend.css

HTML / DOM Fingerprints

CSS Classes

srpw-blocksrpw-alignleftsrpw-imgsrpw-lisrpw-clearfixsrpw-thumbnailsrpw-ul

Data Attributes

data-thumbnail_defaultdata-thumbnail_aligndata-excerptdata-lengthdata-readmoredata-readmore_text+9 more

FAQ