WP-Safety

Surplus Essentials Security & Risk Analysis

wordpress.org/plugins/surplus-essentials

Surplus Essentials provides necessary features to extend WordPress functionality and for better blogging experience. It also allows you to add and man …

10 active installs v1.0.3 PHP 5.6+ WP 4.3+ Updated Aug 29, 2020
custom-post-typeessentialssurpluswidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Surplus Essentials Safe to Use in 2026?

Generally Safe

Score 85/100

Surplus Essentials has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "surplus-essentials" plugin v1.0.3 exhibits a generally strong security posture based on the provided static analysis. The plugin has no recorded vulnerabilities (CVEs), suggesting a history of secure development or diligent patching. The code analysis reveals a clean codebase with no dangerous functions, no file operations, and no external HTTP requests. Notably, all SQL queries are prepared, and a high percentage (87%) of output is properly escaped, minimizing the risk of common injection and XSS vulnerabilities. The absence of any taint analysis findings further reinforces this positive outlook.

Key Concerns

  • No Nonce Checks
  • No Capability Checks
  • Bundled Libraries (Select2, jQuery)
  • Lower percentage of output escaping (87%)
Vulnerabilities
None known

Surplus Essentials Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Surplus Essentials Release Timeline

v1.0.2
Code Analysis
Analyzed Mar 17, 2026

Surplus Essentials Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
188
1253 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2jQuery

SQL Query Safety

100% prepared6 total queries

Output Escaping

87% escaped1441 total outputs
Attack Surface

Surplus Essentials Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 57
filtersurplus_essentials_no_thumbincludes\class-surplus-essentials-functions.php:18
actionadmin_menuincludes\class-surplus-essentials-settings.php:16
actionadmin_footerincludes\class-surplus-essentials-settings.php:17
actionadmin_initincludes\class-surplus-essentials-settings.php:18
actionplugins_loadedincludes\class-surplus-essentials.php:245
actionadmin_enqueue_scriptsincludes\class-surplus-essentials.php:260
actionadmin_enqueue_scriptsincludes\class-surplus-essentials.php:261
actionadmin_print_footer_scriptsincludes\class-surplus-essentials.php:262
actionadmin_footerincludes\class-surplus-essentials.php:276
actionadmin_footerincludes\class-surplus-essentials.php:295
actioncategory_add_form_fieldsincludes\class-surplus-essentials.php:303
actioncreated_categoryincludes\class-surplus-essentials.php:304
actioncategory_edit_form_fieldsincludes\class-surplus-essentials.php:305
actionedited_categoryincludes\class-surplus-essentials.php:306
actionadmin_footerincludes\class-surplus-essentials.php:309
filtermanage_edit-category_columnsincludes\class-surplus-essentials.php:311
actionmanage_category_custom_columnincludes\class-surplus-essentials.php:312
actionadmin_print_footer_scriptsincludes\class-surplus-essentials.php:314
actionadmin_print_footer_scriptsincludes\class-surplus-essentials.php:315
actionadmin_print_footer_scriptsincludes\class-surplus-essentials.php:316
actioninitincludes\class-surplus-essentials.php:317
actioninitincludes\class-surplus-essentials.php:318
actionwp_enqueue_scriptsincludes\class-surplus-essentials.php:332
actionwp_enqueue_scriptsincludes\class-surplus-essentials.php:333
actionwidgets_initincludes\widgets\widget-advertisement.php:12
actionwidgets_initincludes\widgets\widget-client-logo.php:12
actionwidgets_initincludes\widgets\widget-contact.php:12
actionload-widgets.phpincludes\widgets\widget-contact.php:20
filterkses_allowed_protocolsincludes\widgets\widget-contact.php:29
actionadmin_print_footer_scriptsincludes\widgets\widget-contact.php:40
actionwidgets_initincludes\widgets\widget-cta.php:12
actionadmin_footer-widgets.phpincludes\widgets\widget-cta.php:22
actionload-widgets.phpincludes\widgets\widget-cta.php:23
actionwidgets_initincludes\widgets\widget-custom-categories.php:5
actionwidgets_initincludes\widgets\widget-event.php:12
actionadmin_footer-widgets.phpincludes\widgets\widget-event.php:24
actionload-widgets.phpincludes\widgets\widget-event.php:25
actionwidgets_initincludes\widgets\widget-facebook-page.php:12
actionwidgets_initincludes\widgets\widget-faqs.php:12
actionwidgets_initincludes\widgets\widget-featured-page.php:12
actionwidgets_initincludes\widgets\widget-icon-text.php:12
actionwidgets_initincludes\widgets\widget-image-text.php:12
actionadmin_print_footer_scriptsincludes\widgets\widget-image-text.php:23
actionwidgets_initincludes\widgets\widget-popular-post.php:12
actionwpincludes\widgets\widget-popular-post.php:24
actionwidgets_initincludes\widgets\widget-recent-post.php:12
actionwidgets_initincludes\widgets\widget-socialmedia.php:12
actionload-widgets.phpincludes\widgets\widget-socialmedia.php:20
filterkses_allowed_protocolsincludes\widgets\widget-socialmedia.php:29
actionadmin_print_footer_scriptsincludes\widgets\widget-socialmedia.php:40
actionwidgets_initincludes\widgets\widget-stat-counter.php:12
actionwidgets_initincludes\widgets\widget-team-member.php:12
actionwidgets_initincludes\widgets\widget-testimonial.php:12
actionadmin_print_footer_scriptsincludes\widgets\widget-testimonial.php:23
actionwidgets_initincludes\widgets\widget-twitter-feeds.php:12
actionadmin_footer-widgets.phpincludes\widgets\widget-twitter-feeds.php:35
actionload-widgets.phpincludes\widgets\widget-twitter-feeds.php:36
Maintenance & Trust

Surplus Essentials Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedAug 29, 2020
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Surplus Essentials Alternatives

Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Custom Post Type Widgets

Custom Post Type Widgets

custom-post-type-widgets

A
92

Custom Post Type Widgets plugin adds default custom post type widgets.

10K No CVEs
WPSHARE247 Elementor Addons

WPSHARE247 Elementor Addons

wpshare247-elementor-addons

B
79

Widgets (Wpshare247 Addons) for Elementor. Wpshare247 Addons for Elementor plugin includes widgets and addons like Blog Post, Products, Post, Page and …

50 1 unpatched
Custom Post Type Recent Entries Widget

Custom Post Type Recent Entries Widget

cpt-recent-entries-widgets

A
85

Display a list of the most recent "Custom Post Type" entries in the WordPress widgets.

0 No CVEs
LabTheme Companion

LabTheme Companion

labtheme-companion

A
85

The plugin generates multiple custom post types and number of exclusive widgets which are needed for wordpress theme developed by labtheme

0 No CVEs
Developer Profile

Surplus Essentials Developer Profile

surplusthemes

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Surplus Essentials

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/surplus-essentials/admin/css/jquery-ui-fresh.min.css/wp-content/plugins/surplus-essentials/admin/css/surplus-essentials-admin.css/wp-content/plugins/surplus-essentials/admin/css/chosen.min.css/wp-content/plugins/surplus-essentials/admin/css/jquery.timepicker.min.css/wp-content/plugins/surplus-essentials/admin/js/jquery.timepicker.min.js/wp-content/plugins/surplus-essentials/admin/js/surplus-essentials-admin.js/wp-content/plugins/surplus-essentials/admin/js/chosen.jquery.min.js/wp-content/plugins/surplus-essentials/admin/js/all.min.js+1 more
Script Paths
/wp-content/plugins/surplus-essentials/admin/js/jquery.timepicker.min.js/wp-content/plugins/surplus-essentials/admin/js/surplus-essentials-admin.js/wp-content/plugins/surplus-essentials/admin/js/chosen.jquery.min.js/wp-content/plugins/surplus-essentials/admin/js/all.min.js/wp-content/plugins/surplus-essentials/admin/js/v4-shims.min.js
Version Parameters
surplus-essentials-admin?ver=jquery.timepicker.min?ver=chosen.jquery.min?ver=all.min?ver=v4-shims.min?ver=jquery-ui-fresh.min.css?ver=chosen.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
ste-icons-wrap-templateste-icons-wrapste-icons-list
HTML Comments
<!-- This function is provided for demonstration purposes only. An instance of this class should be passed to the run() function defined in Surplus_Essentials_Loader as all of the hooks are defined in that particular class. The Surplus_Essentials_Loader will then create the relationship between the defined hooks and the functions defined in this class. --><!-- * Add a form field in the new category page *
JS Globals
sociconsmsg
FAQ

Frequently Asked Questions about Surplus Essentials