Does Spice Accordion FAQ have any unpatched vulnerabilities?

No. All known vulnerabilities in Spice Accordion FAQ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Spice Accordion FAQ compatible with WordPress 4.9.29?

According to WordPress.org data, Spice Accordion FAQ 1.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Spice Accordion FAQ updated?

Spice Accordion FAQ was last updated on Nov 29, 2018. Frequent updates are generally a positive security signal.

What is Spice Accordion FAQ's security score?

Spice Accordion FAQ has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spice Accordion FAQ Security & Risk Analysis

wordpress.org/plugins/spice-faq

Spice Accordion FAQ plugin lets you easily create responsive accordion style FAQ for your wordpress website.

0 active installs v1.3 PHP + WP 3.7+ Updated Nov 29, 2018

faqfaqsfrequently-asked-questionstogglewoocommerce-faq

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Spice Accordion FAQ Safe to Use in 2026?

Generally Safe

Score 85/100

Spice Accordion FAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "spice-faq" plugin version 1.3 exhibits a mixed security posture. On the positive side, the absence of known CVEs and the fact that all SQL queries use prepared statements are strong indicators of good development practices in these areas. Furthermore, the plugin does not perform file operations or external HTTP requests, and there are no identified taint flows or dangerous functions, which reduces the potential attack surface.

However, significant concerns arise from the static analysis. The most critical finding is that 100% of the plugin's outputs are not properly escaped. This presents a high risk of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through the FAQ content. Additionally, the plugin lacks nonce checks and capability checks, which, combined with the shortcode as an entry point, could potentially lead to unauthorized actions or information disclosure if an attacker can control the shortcode's input or trigger it in a malicious context.

Overall, while the plugin has avoided known vulnerabilities and uses secure SQL practices, the lack of output escaping is a severe deficiency that significantly elevates the risk. The absence of capability and nonce checks also contributes to this elevated risk. Recommendations should prioritize addressing the output escaping issues to mitigate the prominent XSS threat.

Key Concerns

All outputs are unescaped
No nonce checks
No capability checks

Vulnerabilities

None known

Spice Accordion FAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Spice Accordion FAQ Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped7 total outputs

Attack Surface

Spice Accordion FAQ Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[spice-faq] include\show-faq.php:71

WordPress Hooks 5

actioninitinclude\admin-faq.php:41

actioninitinclude\admin-faq.php:92

actionsave_postinclude\admin-faq.php:113

actionadmin_menuinclude\shortcodes-and-info.php:11

actionplugins_loadedspice-faq.php:58

Maintenance & Trust

Spice Accordion FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 29, 2018

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Spice Accordion FAQ Alternatives

FAQ Builder AYS

faq-builder-ays

Create FAQs and accordions for your WP website without effort with FAQ Builder. Has Gutenberg Block, responsive design, 20+ style options, etc.

100 3 CVEs

FAQ Page

faq-page

Display your frequently asked question (FAQs) with a simple shortcode.

10 No CVEs

ZPLMOd – FAQ Lite

zplmod-faq-lite

A WordPress Plugin : FAQ.Lite, it easy for you to FAQs on your site add using shortcode, fully compatible with all responsive themes and reduce databa …

0 No CVEs

Ultimate FAQ Accordion Plugin

ultimate-faqs

Full-featured FAQ and accordion plugin with advanced search, simple UI and easy-to-use FAQ blocks and shortcodes.

30K 6 CVEs

Happy WooCommerce FAQs – Ultimate Product FAQ Plugin

faq-for-woocommerce

WooCommerce Product FAQ Plugin and accordion plugin create FAQs with Google FAQ schema, AI Generator, Comment and customization support.

1K 3 CVEs

Developer Profile

Spice Accordion FAQ Developer Profile

a.ankit

6 plugins · 21K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Spice Accordion FAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spice-faq/include/assets/faq-custom-js.js/wp-content/plugins/spice-faq/include/assets/faq-css.css

Script Paths

/wp-content/plugins/spice-faq/include/assets/faq-custom-js.js/wp-content/plugins/spice-faq/include/assets/faq-css.css

Version Parameters

spice-faq/include/assets/faq-custom-js.js?ver=spice-faq/include/assets/faq-css.css?ver=

HTML / DOM Fingerprints

CSS Classes

spice-faq-wrapspice-faq-titlefaq-closedspice-faq-content

Data Attributes

data-source='spice-faq'

Shortcode Output

<div class="spice-faq-wrap"><div class="spice-faq-title faq-closed"> <h4><div class="spice-faq-content faq-closed" style="display: none;"><p>

FAQ