Does Starbox – the Author Box for Humans have any unpatched vulnerabilities?

No. All known vulnerabilities in Starbox – the Author Box for Humans have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Starbox – the Author Box for Humans compatible with WordPress 6.8.5?

According to WordPress.org data, Starbox – the Author Box for Humans 3.5.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Starbox – the Author Box for Humans compatible with PHP 7.0+?

Starbox – the Author Box for Humans requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Starbox – the Author Box for Humans updated?

Starbox – the Author Box for Humans was last updated on May 9, 2025. Frequent updates are generally a positive security signal.

What is Starbox – the Author Box for Humans's security score?

Starbox – the Author Box for Humans has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Starbox – the Author Box for Humans Security & Risk Analysis

wordpress.org/plugins/starbox

Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship

10K active installs v3.5.4 PHP 7.0+ WP 4.6+ Updated May 9, 2025

authorauthor-bioauthor-boxmultiple-authorsusers

A · Safe

CVEs total6

Unpatched0

Last CVESep 9, 2024

Download

Safety Verdict

Is Starbox – the Author Box for Humans Safe to Use in 2026?

Generally Safe

Score 97/100

Starbox – the Author Box for Humans has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Sep 9, 2024Updated 10mo ago

Risk Assessment

The static analysis of starbox v3.5.4 indicates a generally good security posture with no identified critical vulnerabilities in the code itself. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks is a significant strength, minimizing the plugin's attack surface. The code also demonstrates good practices by using prepared statements for all SQL queries and incorporating both nonce and capability checks. However, a notable concern arises from the output escaping, where 44% of outputs are not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed to the user. The plugin's vulnerability history reveals a significant number of past medium-severity CVEs, primarily related to XSS and improper access control. While there are currently no unpatched vulnerabilities, this history suggests a recurring pattern of issues that require careful monitoring and prompt patching. The most recent vulnerability was reported in September 2024, indicating ongoing security challenges.

Key Concerns

Significant percentage of unescaped output
History of medium-severity vulnerabilities (XSS, Access Control)

Vulnerabilities

Starbox – the Author Box for Humans Security Vulnerabilities

CVEs by Year

6 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2024-8239medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Starbox <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter URL Field

Sep 9, 2024 Patched in 3.5.3 (30d)

CVE-2024-7955medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Starbox – the Author Box for Humans <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 20, 2024 Patched in 3.5.2 (24d)

CVE-2024-1273medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Starbox <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 13, 2024 Patched in 3.5.0 (72d)

CVE-2023-6806medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings

Feb 6, 2024 Patched in 3.5.0 (175d)

CVE-2024-0256medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings

Jan 31, 2024 Patched in 3.5.0 (181d)

CVE-2024-0366medium · 4.3Improper Access Control

Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference

Jan 30, 2024 Patched in 3.4.8 (182d)

Code Analysis

Analyzed Mar 16, 2026

Starbox – the Author Box for Humans Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

56% escaped178 total outputs

Attack Surface

Starbox – the Author Box for Humans Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionwidget_textclasses\HookController.php:164

actionwidget_textclasses\HookController.php:179

filterplugin_action_linksclasses\Tools.php:66

actionedit_user_profilecontrollers\Menu.php:47

actionshow_user_profilecontrollers\Menu.php:51

actionpersonal_options_updatecontrollers\Menu.php:56

actionedit_user_profile_updatecontrollers\Menu.php:60

filterupload_dirmodels\UserSettings.php:16

Maintenance & Trust

Starbox – the Author Box for Humans Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 9, 2025

PHP min version7.0

Downloads518K

Community Trust

Rating90/100

Number of ratings203

Active installs10K

Alternatives

Starbox – the Author Box for Humans Alternatives

Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress

molongui-authorship

All-in-One Authorship Solution: Seamless Author Box, Guest Authors, and Co-Authors to enhance your site's authority, credibility, engagement, and SEO.

10K 6 CVEs

Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating

authorsy

Authorsy is a powerful WordPress author box plugin. Add customizable author profiles, multiple authors, guest authors, bios, social links, and post ra …

1K 2 CVEs

Simple Author Box

simple-author-box

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs

Co-Authors Plus

co-authors-plus

Assign multiple bylines to posts, pages, and custom post types with a search-as-you-type input box.

20K 1 CVE

Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

publishpress-authors

PublishPress Authors is the best plugin for adding authors, co-authors, multiple authors and guest authors to WordPress posts.

20K 3 CVEs

Developer Profile

Starbox – the Author Box for Humans Developer Profile

SEO Squirrly

5 plugins · 50K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect Starbox – the Author Box for Humans

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/starbox/themes/default/css/starbox.css/wp-content/plugins/starbox/themes/default/js/starbox.js/wp-content/plugins/starbox/assets/css/starbox-frontend.css/wp-content/plugins/starbox/assets/js/starbox-frontend.js

Script Paths

/wp-content/plugins/starbox/assets/js/starbox-frontend.js

Version Parameters

starbox/themes/default/css/starbox.css?ver=starbox/themes/default/js/starbox.js?ver=starbox/assets/css/starbox-frontend.css?ver=starbox/assets/js/starbox-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

starbox

Data Attributes

data-starbox-id

JS Globals

Starbox

Shortcode Output

[starbox]

FAQ