Does Spice Archive Page have any unpatched vulnerabilities?

No. All known vulnerabilities in Spice Archive Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Spice Archive Page compatible with WordPress 4.9.29?

According to WordPress.org data, Spice Archive Page 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Spice Archive Page updated?

Spice Archive Page was last updated on Oct 10, 2018. Frequent updates are generally a positive security signal.

What is Spice Archive Page's security score?

Spice Archive Page has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spice Archive Page Security & Risk Analysis

wordpress.org/plugins/spice-archive-page

Plugin allows you to display yearly, monthly and daily archives in pages.

10 active installs v1.0 PHP + WP 3.7+ Updated Oct 10, 2018

archivearchivesdailymonthlyyearly

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Spice Archive Page Safe to Use in 2026?

Generally Safe

Score 85/100

Spice Archive Page has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The spice-archive-page v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates excellent practices in its handling of SQL queries, utilizing prepared statements exclusively, and shows no history of known vulnerabilities (CVEs) or critical taint analysis findings. The attack surface is also minimal, with only one shortcode and no exposed AJAX or REST API endpoints without authentication. However, a significant concern arises from the complete lack of output escaping. This means that any data processed or displayed by the plugin, if sourced from user input or external sources, could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks on the identified entry point (the shortcode) raises questions about authorization and integrity for the actions it performs, although the static analysis did not reveal any specific dangerous functions or file operations that would immediately exploit this.

Key Concerns

Output escaping is missing
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Spice Archive Page Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Spice Archive Page Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped7 total outputs

Attack Surface

Spice Archive Page Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[spicearchive] spice-archive-page.php:85

WordPress Hooks 2

actionadmin_menushortcodes-and-info.php:9

actionplugins_loadedspice-archive-page.php:39

Maintenance & Trust

Spice Archive Page Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 10, 2018

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Spice Archive Page Alternatives

Compact Archives

compact-archives

Displays a smart monthly archive of posts in a more compact form rather than the default long archive widget.

2K 1 unpatched

Archivist

archivist

Gives you a few extra function for the archives widget including limiting the amount of archives to show and wether you want to display yearly, monthl …

20 No CVEs