Does WP News and Scrolling Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in WP News and Scrolling Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP News and Scrolling Widgets compatible with WordPress 6.9.4?

According to WordPress.org data, WP News and Scrolling Widgets 5.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP News and Scrolling Widgets updated?

WP News and Scrolling Widgets was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is WP News and Scrolling Widgets's security score?

WP News and Scrolling Widgets has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP News and Scrolling Widgets Security & Risk Analysis

wordpress.org/plugins/sp-news-and-widget

A quick, easy way to add an News custom post type, News widget, vertical scrolling news widget to WordPress. Also work with Gutenberg shortcode block.

10K active installs v5.0.6 PHP + WP 4.0+ Updated Feb 20, 2026

free-scrolling-news-wordpress-pluginmain-news-page-scrollingwordpress-horizontal-news-plugin-widgetwordpress-news-pluginwordpress-vertical-news-plugin-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP News and Scrolling Widgets Safe to Use in 2026?

Generally Safe

Score 100/100

WP News and Scrolling Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The sp-news-and-widget plugin version 5.0.6 exhibits a generally good security posture based on the static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history are strong indicators of responsible development and maintenance. Furthermore, the plugin demonstrates strong adherence to WordPress security best practices by utilizing prepared statements for all SQL queries, performing a high percentage of output escaping, and implementing nonce and capability checks on its entry points. The limited attack surface, with no unprotected AJAX handlers or REST API routes, is also a positive sign.

However, a few areas warrant attention. The presence of the `unserialize` function, even if not directly flagged by taint analysis in this specific scan, represents a potential risk if not handled with extreme caution. Unserialized data from untrusted sources can lead to object injection vulnerabilities. The static analysis also notes the existence of file operations and external HTTP requests, which, while not inherently insecure, always introduce a degree of risk and should be meticulously reviewed for proper sanitization and validation of any user-controlled input.

In conclusion, this plugin appears to be well-secured, with its strengths significantly outweighing its potential weaknesses. The developer's commitment to security practices like prepared statements and output escaping is commendable. The primary concern revolves around the `unserialize` function, which necessitates careful review of its usage within the plugin's codebase to ensure it is only processing trusted data. Overall, the plugin presents a low-risk profile.

Key Concerns

Usage of unserialize function

Vulnerabilities

None known

WP News and Scrolling Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP News and Scrolling Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

426 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$info = @unserialize($data);wpos-analytics\includes\class-anylc-admin.php:696

Output Escaping

93% escaped456 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<solutions-features> (includes\admin\settings\solution-features\solutions-features.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP News and Scrolling Widgets Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sp_news] includes\shortcode\sp-news-shortcode.php:212

WordPress Hooks 35

actionadmin_menuincludes\admin\class-wpnw-admin.php:20

actionadd_meta_boxesincludes\admin\class-wpnw-admin.php:23

actionadmin_initincludes\admin\class-wpnw-admin.php:26

filterpre_get_postsincludes\admin\class-wpnw-admin.php:32

actioninitincludes\admin\supports\blocks\gutenberg-block.php:42

actionenqueue_block_editor_assetsincludes\admin\supports\blocks\gutenberg-block.php:59

filterblock_categories_allincludes\admin\supports\blocks\gutenberg-block.php:81

actionadmin_enqueue_scriptsincludes\class-wpnw-script.php:19

actionwp_enqueue_scriptsincludes\class-wpnw-script.php:22

actionelementor/editor/after_enqueue_scriptsincludes\class-wpnw-script.php:25

actionsiteorigin_panel_enqueue_admin_scriptsincludes\class-wpnw-script.php:28

actionwidgets_initincludes\widgets\wpnw-widgets.php:26

actioninitincludes\wpnw-post-types.php:73

actioninitincludes\wpnw-post-types.php:114

filterpost_updated_messagesincludes\wpnw-post-types.php:144

actionplugins_loadedsp-news-and-widget.php:83

actionupdate_option_active_pluginssp-news-and-widget.php:119

actionadmin_noticessp-news-and-widget.php:180

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:45

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:48

actionadmin_initwpos-analytics\includes\class-anylc-admin.php:51

actionadmin_noticeswpos-analytics\includes\class-anylc-admin.php:54

actionadmin_footerwpos-analytics\includes\class-anylc-admin.php:57

actionwp_loadedwpos-analytics\includes\class-anylc-admin.php:60

actioninitwpos-analytics\includes\class-anylc-admin.php:63

filtercron_scheduleswpos-analytics\includes\class-anylc-admin.php:66

actionwpos_monthly_cron_hookwpos-analytics\includes\class-anylc-admin.php:69

actionrest_api_initwpos-analytics\includes\class-anylc-admin.php:72

filterrest_pre_serve_requestwpos-analytics\includes\class-anylc-admin.php:585

actionadmin_enqueue_scriptswpos-analytics\includes\class-anylc-script.php:20

actionactivated_pluginwpos-analytics\wpos-analytics.php:244

actionplugins_loadedwpos-analytics\wpos-analytics.php:258

actionadmin_menuwpos-plugins\includes\admin\class-espbw-admin.php:19

actionadmin_enqueue_scriptswpos-plugins\includes\class-espbw-script.php:19

actionplugins_loadedwpos-plugins\wpos-recommendation.php:185

Scheduled Events 1

wpos_monthly_cron_hook

Maintenance & Trust

WP News and Scrolling Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version

Downloads677K

Community Trust

Rating88/100

Number of ratings81

Active installs10K

Alternatives

WP News and Scrolling Widgets Alternatives

News, Magazine and Blog Elements

news-magazine-and-blog-elements

News, Magazine and Blog Elements is shipped as Visual Composer addon , Page builder Widgets, Widgets & Shortcode.

60 1 unpatched

News Announcement Scroll

news-announcement-scroll

News Announcement Scroll is a simple vertical scroll news widget for your WordPress website. Easy to use & no coding knowledge required.

2K 2 CVEs

Vertical News Scroller

vertical-news-scroller

100

Vertical News Scroller is a plugin for display vertical scrolling news for WordPress site. Admin can manage any number of news.

5K No CVEs

Custom News Widget

custom-news-widget

Creates a widget which renders posts from News post type.

20 No CVEs

Simple News and Slider

simple-news-list-and-slider

A quick, easy and simple way to add an News custom post type, vertical scrolling news list to Wordpress. Also work with Gutenberg shortcode block.

0 No CVEs

Developer Profile

WP News and Scrolling Widgets Developer Profile

Essential Plugin

33 plugins · 205K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

219 days

View full developer profile

Detection Fingerprints

How We Detect WP News and Scrolling Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sp-news-and-widget/assets/css/admin-style.css/wp-content/plugins/sp-news-and-widget/assets/css/slick.css/wp-content/plugins/sp-news-and-widget/assets/css/slick-theme.css/wp-content/plugins/sp-news-and-widget/assets/css/wpnw-public-style.css/wp-content/plugins/sp-news-and-widget/assets/js/slick.min.js/wp-content/plugins/sp-news-and-widget/assets/js/wpnw-public.js/wp-content/plugins/sp-news-and-widget/assets/js/wpnw-admin-script.js

Script Paths

/wp-content/plugins/sp-news-and-widget/assets/js/slick.min.js/wp-content/plugins/sp-news-and-widget/assets/js/wpnw-public.js/wp-content/plugins/sp-news-and-widget/assets/js/wpnw-admin-script.js

Version Parameters

sp-news-and-widget/assets/css/admin-style.css?ver=sp-news-and-widget/assets/css/slick.css?ver=sp-news-and-widget/assets/css/slick-theme.css?ver=sp-news-and-widget/assets/css/wpnw-public-style.css?ver=sp-news-and-widget/assets/js/slick.min.js?ver=sp-news-and-widget/assets/js/wpnw-public.js?ver=sp-news-and-widget/assets/js/wpnw-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpnw-news-list-wrapwpnw-news-slider-wrapwpnw-news-grid-wrapwpnw-news-boxed-wrapwpnw-news-thumb-wrapwpnw-news-details

HTML Comments

Data Attributes

data-wpnw-news-iddata-wpnw-type

JS Globals

wpnw_public_script

Shortcode Output

[sp_news_widget]

FAQ