TTC Category of Posts Widget Security & Risk Analysis

wordpress.org/plugins/timestocome-category-of-posts-sidebar-widget

This widget creates a list of posts from a single category in your sidebar

10 active installs v1.1 PHP + WP + Updated Jul 30, 2008
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is TTC Category of Posts Widget Safe to Use in 2026?

Generally Safe

Score 85/100

TTC Category of Posts Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago
Risk Assessment

The 'timestocome-category-of-posts-sidebar-widget' plugin version 1.1 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history are strong indicators of the plugin's past security efforts. Furthermore, the lack of exposed AJAX handlers, REST API routes, shortcodes, cron events, and file operations significantly limits the plugin's attack surface. However, the analysis does reveal critical weaknesses in code practices. The presence of a single SQL query that does not utilize prepared statements poses a potential SQL injection risk. More concerning is the complete lack of output escaping, meaning any dynamic data displayed by the plugin is vulnerable to cross-site scripting (XSS) attacks. While the plugin has a small attack surface, these fundamental security flaws could be exploited if data is not properly sanitized and validated before outputting to the user. The plugin's strengths lie in its limited attack surface and clean vulnerability history, but its weaknesses in output escaping and SQL query preparation are significant and require immediate attention.

Key Concerns

  • SQL query not using prepared statements
  • 0% output escaping
  • 0% nonce checks
  • 0% capability checks
Vulnerabilities
None known

TTC Category of Posts Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

TTC Category of Posts Widget Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

TTC Category of Posts Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
7
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped7 total outputs
Attack Surface

TTC Category of Posts Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initttc_category_of_posts_widget.php:145
Maintenance & Trust

TTC Category of Posts Widget Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedJul 30, 2008
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

TTC Category of Posts Widget Alternatives

No alternatives data available yet.

Developer Profile

TTC Category of Posts Widget Developer Profile

ljmacphee

6 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TTC Category of Posts Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes
ttc_category_of_posts-titlettc_category_of_posts-categoryttc_category_of_posts-submit
FAQ

Frequently Asked Questions about TTC Category of Posts Widget