Stronger GitHub Widget Security & Risk Analysis
wordpress.org/plugins/stronger-github-widgetA plugin to display your Github informations.
Is Stronger GitHub Widget Safe to Use in 2026?
Generally Safe
Score 85/100Stronger GitHub Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The `stronger-github-widget` plugin, version 0.4, exhibits a generally weak security posture despite having a very small attack surface. The static analysis reveals a concerning presence of the `create_function` dangerous function, which is deprecated and can lead to serious security vulnerabilities if not handled with extreme care, especially if user input is involved. Additionally, a very low percentage of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin also lacks any nonce or capability checks for its entry points, which are non-existent, further contributing to its weak security. However, the plugin does demonstrate good practices in its handling of SQL queries, exclusively using prepared statements. The vulnerability history being clear of any known CVEs is a positive sign, suggesting that past versions may not have had exploitable flaws or that the plugin has not been a target. Nevertheless, the combination of `create_function`, poor output escaping, and lack of fundamental security checks presents a significant risk.
Key Concerns
- Uses create_function (dangerous function)
- Low percentage of properly escaped output
- No nonce checks on entry points
- No capability checks on entry points
Stronger GitHub Widget Security Vulnerabilities
Stronger GitHub Widget Release Timeline
Stronger GitHub Widget Code Analysis
Dangerous Functions Found
Output Escaping
Stronger GitHub Widget Attack Surface
WordPress Hooks 1
Maintenance & Trust
Stronger GitHub Widget Maintenance & Trust
Maintenance Signals
Community Trust
Stronger GitHub Widget Alternatives
Nginx Helper
nginx-helper
Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.
Simple Calendar – Google Calendar Plugin
google-calendar-events
Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.
Events Widgets For Elementor And The Events Calendar
events-widgets-for-elementor-and-the-events-calendar
The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.
Nginx Cache
nginx-cache
Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.
Server-Side Cache AutoPurge
server-side-cache-autopurge
Purge server-side cache automatically after making website changes. Optimized for servers managed by SureSupport.
Stronger GitHub Widget Developer Profile
3 plugins · 100 total installs
How We Detect Stronger GitHub Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/stronger-github-widget/js/psk-sgw-admin.js/wp-content/plugins/stronger-github-widget/css/psk-sgw-admin.css/wp-content/plugins/stronger-github-widget/css/psk-sgw.cssstronger-github-widget/js/psk-sgw-admin.js?ver=stronger-github-widget/css/psk-sgw-admin.css?ver=stronger-github-widget/css/psk-sgw.css?ver=HTML / DOM Fingerprints
psk-sgw<!-- PSK_SGW_GITHUB_API_URL = 'https://api.github.com/' --><!-- PSK_SGW_GITHUB_API_OPT = array( 'timeout' => 15 ) --><!-- PSK_SGW_IMG_URL = plugins_url( '/img/' , __FILE__ ) --><!-- Generated by http://www.potsky.com/code/wordpress-plugins/psk-stronger-github-widget/ -->+1 moredata-countdata-typedata-usernamedata-display-usernamedata-display-logodata-post-idPSK_SGW_GITHUB_API_URLPSK_SGW_GITHUB_API_OPTPSK_SGW_IMG_URLPSK_SGW_IDPSK_SGW_NAME[stronger_github_widget][stronger_github_widget username="yourusername"][stronger_github_widget username="yourusername" count="10"][stronger_github_widget username="yourusername" type="repos"]