SmoothTOC Security & Risk Analysis

wordpress.org/plugins/smooth-toc

Automatically generates a Table of Contents for your posts and pages.

0 active installs v1.0 PHP + WP 5.0+ Updated Jun 22, 2025
contentheadingsnavigationtable-of-contentstoc
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is SmoothTOC Safe to Use in 2026?

Generally Safe

Score 92/100

SmoothTOC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "smooth-toc" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent adherence to secure coding practices, with 100% of SQL queries using prepared statements and all output being properly escaped. Furthermore, the plugin includes necessary nonce and capability checks for its single shortcode entry point, and importantly, there are no identified dangerous functions, file operations, or external HTTP requests. The lack of any identified taint flows with unsanitized paths or critical/high severity issues further reinforces this positive assessment.

The vulnerability history is also exceptionally clean, with zero known CVEs recorded. This suggests a mature and well-maintained codebase, or at least one that has not yet attracted significant security attention. The absence of common vulnerability types and recent vulnerabilities is a strong indicator of a secure plugin. While the attack surface is minimal (only one shortcode), the fact that it is properly secured is commendable.

In conclusion, "smooth-toc" v1.0 appears to be a secure plugin. Its strengths lie in its robust implementation of security best practices, particularly regarding SQL and output handling, coupled with a clean vulnerability history. There are no direct security concerns identified in the provided data that would warrant deductions from its initial score.

Vulnerabilities
None known

SmoothTOC Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SmoothTOC Release Timeline

v1.0Current
Code Analysis
Analyzed Apr 16, 2026

SmoothTOC Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
48 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped48 total outputs
Attack Surface

SmoothTOC Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[smooth_toc] includes/toc-functions.php:112
WordPress Hooks 6
actionadd_meta_boxesincludes/admin-functions.php:17
actionsave_postincludes/admin-functions.php:61
actionadmin_initincludes/settings.php:18
actionadmin_menuincludes/settings.php:123
filterthe_contentincludes/toc-functions.php:133
actionwp_enqueue_scriptssmooth-toc.php:30
Maintenance & Trust

SmoothTOC Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 22, 2025
PHP min version
Downloads269

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

SmoothTOC Developer Profile

Hardik

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SmoothTOC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smooth-toc/css/easy-toc-style.css/wp-content/plugins/smooth-toc/js/easy-toc-script.js
Script Paths
/wp-content/plugins/smooth-toc/js/easy-toc-script.js
Version Parameters
smooth-toc/css/easy-toc-style.css?ver=smooth-toc/js/easy-toc-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
smoothtoc-wrappersmoothtoc-titlesmoothtoc-togglesmoothtoc-listsmoothtoc-level-
Data Attributes
id="smoothtoc-smoothtoc_disabled
JS Globals
smoothtoc_toggle_list
Shortcode Output
[smooth_toc]
FAQ

Frequently Asked Questions about SmoothTOC