Does Author Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Author Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Author Widget compatible with WordPress 4.0.38?

According to WordPress.org data, Author Widget 2.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Author Widget updated?

Author Widget was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Author Widget's security score?

Author Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Author Widget Security & Risk Analysis

wordpress.org/plugins/stylish-top-author-widget

Show your Blog author list in Cool Styles & more features

10 active installs v2.0 PHP + WP 3.0+ Updated Unknown

awesomecss3fontawesome-integratedhtml5visual

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Author Widget Safe to Use in 2026?

Generally Safe

Score 100/100

Author Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The plugin "stylish-top-author-widget" v2.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, suggesting a generally stable and well-maintained codebase. Furthermore, the static analysis reveals no identified taint flows, suggesting that the handling of user-supplied data is likely robust.

However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a critical security risk, as it can be exploited to inject and execute arbitrary PHP code if user input is not strictly validated before being passed to it. Additionally, a very low percentage (13%) of output escaping is concerning, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, particularly as the plugin lacks explicit nonce and capability checks on its potential entry points. While there are no immediate exploitable entry points listed, the identified code quality issues pose a substantial threat if any user-controllable data reaches these problematic functions or unescaped outputs.

In conclusion, while the plugin has a clean vulnerability history and handles SQL safely, the identified use of `create_function` and the pervasive lack of output escaping are serious security weaknesses. These issues, coupled with the absence of nonce and capability checks, create a substantial risk profile that requires immediate attention and remediation.

Key Concerns

Presence of dangerous function 'create_function'
Low percentage of properly escaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Author Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Author Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("alwp");'));widget.php:144

Output Escaping

13% escaped38 total outputs

Attack Surface

Author Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menufunction.php:3

actionadmin_initfunction.php:11

actioninitwidget.php:8

actionwidgets_initwidget.php:144

Maintenance & Trust

Author Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedUnknown

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Author Widget Alternatives

Image Hover Effects Ultimate

image-hover-effects-ultimate

Create stunning image hover effects like gallery, lightbox, comparison, or magnifier with 500+ modern, elegant, lightweight animations.

20K 8 CVEs

Ultimate Hover Effects

ultimate-hover-effects

Ultimate Hover Effects WordPress Plugin is an impressive powerfull modern, yet stylish hover effects for image captions.

300 No CVEs

HTML5 Slideshow Presentations

html5-slideshow-presentations

Create HTML5 slideshow presentations using our favorite cms, WordPress. Host your own presentations and share/present them anytime.

100 No CVEs

WP Sponsor Flip Wall

wp-sponsor-flip-wall

This is a WordPress plugin that use CSS 3 flip animation. This use wordpress post type to create sponsors. This plugin was update to prevent any probl …

40 No CVEs

Image Hover Effects for Visual Composer

image-hover-effect-for-visual-composer

Requires at least: 3.5 Tested up to: 4.9 Stable tag: 1.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.

10 No CVEs

Developer Profile

Author Widget Developer Profile

Obaid Hossain

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Author Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stylish-top-author-widget/css/visual.css

HTML / DOM Fingerprints

CSS Classes

alwp_visualicon-alwp

Data Attributes

id="alwp"class="icon-

FAQ