Does Spots have any unpatched vulnerabilities?

No. All known vulnerabilities in Spots have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Spots compatible with WordPress 6.0.11?

According to WordPress.org data, Spots 1.3.10 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Spots updated?

Spots was last updated on Sep 29, 2022. Frequent updates are generally a positive security signal.

What is Spots's security score?

Spots has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spots Security & Risk Analysis

wordpress.org/plugins/spots

Content manage those little snippets of text that you need across your WordPress site and in widgets properly. Forget the text widget.

900 active installs v1.3.10 PHP + WP 4.0+ Updated Sep 29, 2022

content-managementelementsspotswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Spots Safe to Use in 2026?

Generally Safe

Score 85/100

Spots has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "spots" plugin v1.3.10 exhibits a mixed security posture. On the positive side, there are no known critical or high severity vulnerabilities in its history, and the plugin does not perform file operations or external HTTP requests. The taint analysis found no unsanitized paths, indicating a potential for robust input handling. However, significant concerns arise from the static analysis. The presence of two AJAX handlers without authentication checks represents a direct attack surface that could be exploited. Furthermore, only 42% of output is properly escaped, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities, especially in conjunction with the unprotected AJAX endpoints.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
Low number of nonce checks relative to entry points

Vulnerabilities

None known

Spots Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Spots Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

42% escaped84 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<icit-spots> (icit-spots.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Spots Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 3

authwp_ajax_find-spoticit-spots.php:63

authwp_ajax_spots_mce_popupicit-spots.php:766

authwp_ajax_set-spot-thumbnailicit-spots.php:933

Shortcodes 1

[icitspot] icit-spots.php:352

WordPress Hooks 33

actionplugins_loadedicit-spots.php:34

actionadmin_initicit-spots.php:40

actioniniticit-spots.php:56

actionadmin_headicit-spots.php:57

actionadmin_initicit-spots.php:58

actiondo_once_icit_spotsicit-spots.php:59

actionsave_posticit-spots.php:61

actiondelete_posticit-spots.php:62

actionwidgets_initicit-spots.php:64

actionwp_headicit-spots.php:67

filterthe_contenticit-spots.php:71

filteradmin_body_classicit-spots.php:236

actionwp_footericit-spots.php:653

actionadmin_initicit-spots.php:765

actionadmin_enqueue_scriptsicit-spots.php:768

filtermce_external_pluginsicit-spots.php:781

filtermce_buttonsicit-spots.php:782

actionadmin_initicit-spots.php:931

actionadmin_footericit-spots.php:932

filtermce_buttonsicit-spots.php:1006

actionwp_footericit-spots.php:1099

actionplugins_loadedincludes\icit-plugin.php:23

actionadmin_menuincludes\icit-plugin.php:46

actionadmin_initincludes\icit-plugin.php:49

actionadmin_print_stylesincludes\icit-plugin.php:101

actionadmin_enqueue_stylesincludes\icit-plugin.php:102

actionadmin_enqueue_scriptsincludes\icit-plugin.php:103

actionadmin_print_footer_scriptsincludes\icit-plugin.php:104

actionadmin_menuincludes\icit-plugin.php:342

actionadmin_initincludes\icit-plugin.php:345

actionadmin_print_stylesincludes\icit-plugin.php:397

actionadmin_enqueue_stylesincludes\icit-plugin.php:398

actionadmin_enqueue_scriptsincludes\icit-plugin.php:399

Maintenance & Trust

Spots Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedSep 29, 2022

PHP min version

Downloads38K

Community Trust

Rating100/100

Number of ratings10

Active installs900

Alternatives

Spots Alternatives

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress

jeg-elementor-kit

Extend Elementor with 68+ widgets, 114 prebuilt demos, Mega Menu Builder, Theme Builder, and advanced interactive effects.

400K 17 CVEs

Qi Addons For Elementor

qi-addons-for-elementor

Qi Addons for Elementor is a comprehensive library of 60+ custom, flexible & easily styled Elementor widgets developed by Qode Interactive.

200K 10 CVEs

Addon Elements for Elementor (formerly Elementor Addon Elements)

addon-elements-for-elementor-page-builder

Addon Elements for Elementor comes with 40+ widgets and extensions to extend the power of Elementor Page Builder.

90K 28 CVEs

UiCore Elements – Free widgets and templates for Elementor

uicore-elements

Enhance your website with UiCore Elements – a free plugin offering diverse widgets for effortless design enrichment.

40K 3 CVEs

Mega Elements – Addons for Elementor

mega-elements-addons-for-elementor

A powerful and advanced all in one Elementor addons with unique styling features to create a beautiful website effortlessly.

10K 6 CVEs

Developer Profile

Spots Developer Profile

interconnectit

4 plugins · 4K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Spots

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spots/js/spots.js/wp-content/plugins/spots/css/spots.css

Script Paths

/wp-content/plugins/spots/js/spots.js

Version Parameters

spots/style.css?ver=spots.js?ver=

HTML / DOM Fingerprints

CSS Classes

spots-search-inputspots-search-results

HTML Comments

Data Attributes

data-spot-iddata-spot-action

JS Globals

spots_ajax_object

REST Endpoints

/wp-json/spots/v1/spot

Shortcode Output

[spot[/spot]

FAQ