Does Loops & Logic have any unpatched vulnerabilities?

No. All known vulnerabilities in Loops & Logic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Loops & Logic compatible with WordPress 6.8.5?

According to WordPress.org data, Loops & Logic 4.2.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Loops & Logic compatible with PHP 7.4+?

Loops & Logic requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Loops & Logic updated?

Loops & Logic was last updated on Jun 11, 2025. Frequent updates are generally a positive security signal.

What is Loops & Logic's security score?

Loops & Logic has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Loops & Logic Security & Risk Analysis

wordpress.org/plugins/tangible-loops-and-logic

Loops & Logic is a template system with content loops and conditions.

2K active installs v4.2.3 PHP 7.4+ WP 6.0+ Updated Jun 11, 2025

contentlogicloopquerytemplate

A · Safe

CVEs total1

Unpatched0

Last CVESep 26, 2024

Plugin page Download

Safety Verdict

Is Loops & Logic Safe to Use in 2026?

Generally Safe

Score 99/100

Loops & Logic has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 26, 2024Updated 9mo ago

Risk Assessment

The static analysis of tangible-loops-and-logic v4.2.3 indicates a generally good security posture with no identified attack surface or dangerous functions. The plugin demonstrates strong practices by utilizing prepared statements for all SQL queries and having no observed file operations or external HTTP requests. However, the limited output escaping (29% properly escaped) presents a significant concern, as this could potentially lead to cross-site scripting vulnerabilities if user-supplied data is not handled carefully in the remaining outputs. The absence of identified taint flows is positive, but this may be due to the limited scope of the analysis or the absence of certain types of inputs being present during the analysis.

The vulnerability history reveals one past medium severity vulnerability, specifically Cross-site Scripting, which was last patched on September 26, 2024. While this vulnerability is currently patched, its existence, coupled with the low output escaping rate, suggests a recurring area of risk. The plugin has strengths in its secure handling of database queries and external interactions. However, the concern around output escaping and the historical presence of XSS vulnerabilities are key weaknesses that require ongoing attention. The overall risk is moderate, leaning towards low due to the lack of active vulnerabilities and a relatively small attack surface detected.

Key Concerns

Low percentage of properly escaped output
Past medium vulnerability (XSS)

Vulnerabilities

Loops & Logic Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-47333medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Loops & Logic <= 4.1.4 - Reflected Cross-Site Scripting

Sep 26, 2024 Patched in 4.1.5 (8d)

Code Analysis

Analyzed Mar 16, 2026

Loops & Logic Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

29% escaped7 total outputs

Attack Surface

Loops & Logic Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionplugins_loadedtangible-loops-and-logic.php:31

actionplugins_loadedtangible-loops-and-logic.php:68

Maintenance & Trust

Loops & Logic Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 11, 2025

PHP min version7.4

Downloads53K

Community Trust

Rating98/100

Number of ratings39

Active installs2K

Alternatives

Loops & Logic Alternatives

Inject Query Posts

inject-query-posts

100

Facilitates injecting an array of posts into a WP query object as if queried. Particularly useful to allow use of standard template tags.

10 No CVEs

Visibility Logic for Elementor

visibility-logic-elementor

Conditional visibility for Elementor — show or hide widgets based on user role, ACF fields, device type, date & time, browser and more.

30K 3 CVEs

Advanced Query Loop

advanced-query-loop

100

Transform your Query Loop blocks into powerful, flexible content engines! 🚀

5K No CVEs

Kits, Templates and Patterns

kits-templates-and-patterns

100

Import Kits, Templates and Patterns with just one click.

5K No CVEs

RSWPTHEMES ONE CLICK DEMO CONTENT

rs-wp-themes-one-click-demo-content

100

Import RS WP THEMES demo content including settings, widgets, and starter templates with a single click.

1K No CVEs

Developer Profile

Loops & Logic Developer Profile

Tangible

1 plugin · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Loops & Logic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tangible-loops-and-logic/assets/dist/styles/app.css/wp-content/plugins/tangible-loops-and-logic/assets/dist/scripts/app.js

Script Paths

/wp-content/plugins/tangible-loops-and-logic/assets/dist/scripts/app.js

Version Parameters

tangible-loops-and-logic/assets/dist/styles/app.css?ver=tangible-loops-and-logic/assets/dist/scripts/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

tangible-framework-plugintangible-template-system-plugintangible-fields-plugin

JS Globals

tangible_loops_and_logic

FAQ