TOC Builder by RobertIvan Security & Risk Analysis

wordpress.org/plugins/toc-builder-by-robertivan

A Table of Contents generator for WordPress with admin interface.

0 active installs v1.3.0 PHP 7.4+ WP 6.0+ Updated Dec 2, 2025
gutenbergheadingsnavigationtable-of-contentstoc
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is TOC Builder by RobertIvan Safe to Use in 2026?

Generally Safe

Score 100/100

TOC Builder by RobertIvan has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "toc-builder-by-robertivan" plugin, version 1.3.0, exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates good development practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of external HTTP requests, file operations, and bundled libraries further minimizes potential attack vectors. Crucially, the static analysis reports no dangerous functions, no unsanitized taint flows, and a clean vulnerability history with zero known CVEs, indicating a history of secure development.

However, there are a few areas that warrant attention. The plugin lacks nonce checks and capability checks, which, while not directly leading to exploitable vulnerabilities in this version due to a limited attack surface and the absence of unsanitized flows, represent a missed opportunity to implement robust access control. The presence of a shortcode, although currently unprotected, is a potential entry point. If future versions introduce functionality that processes user input through this shortcode without proper sanitization or authorization, it could become a security concern. Overall, this version appears safe, but continued vigilance regarding input validation and access control on exposed entry points is recommended.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • Unprotected shortcode
Vulnerabilities
None known

TOC Builder by RobertIvan Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

TOC Builder by RobertIvan Release Timeline

v1.3.0Current
Code Analysis
Analyzed Apr 16, 2026

TOC Builder by RobertIvan Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
34 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped36 total outputs
Attack Surface

TOC Builder by RobertIvan Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[tbrv] includes/class-toc-generator.php:18
WordPress Hooks 8
actioninitincludes/class-toc-block.php:10
actionenqueue_block_editor_assetsincludes/class-toc-block.php:11
filterthe_contentincludes/class-toc-generator.php:15
actionadmin_menuincludes/class-toc-settings.php:13
actionadmin_initincludes/class-toc-settings.php:14
actionadmin_enqueue_scriptsincludes/class-toc-settings.php:15
actionwp_enqueue_scriptstoc-builder-by-robertivan.php:52
actionplugins_loadedtoc-builder-by-robertivan.php:67
Maintenance & Trust

TOC Builder by RobertIvan Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 2, 2025
PHP min version7.4
Downloads165

Community Trust

Rating100/100
Number of ratings1
Active installs0
Developer Profile

TOC Builder by RobertIvan Developer Profile

Robert

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TOC Builder by RobertIvan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/toc-builder-by-robertivan/assets/css/style.css/wp-content/plugins/toc-builder-by-robertivan/assets/js/script.js/wp-content/plugins/toc-builder-by-robertivan/assets/js/block.js/wp-content/plugins/toc-builder-by-robertivan/assets/css/admin-premium.css/wp-content/plugins/toc-builder-by-robertivan/assets/js/admin-settings.js
Script Paths
/wp-content/plugins/toc-builder-by-robertivan/assets/js/script.js/wp-content/plugins/toc-builder-by-robertivan/assets/js/block.js/wp-content/plugins/toc-builder-by-robertivan/assets/js/admin-settings.js
Version Parameters
toc-builder-by-robertivan/assets/css/style.css?ver=toc-builder-by-robertivan/assets/js/script.js?ver=toc-builder-by-robertivan/assets/js/block.js?ver=toc-builder-by-robertivan/assets/css/admin-premium.css?ver=toc-builder-by-robertivan/assets/js/admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
tbrv-settings-wraptoc-premium-headertoc-header-icontoc-premium-content
Shortcode Output
[tbrv]
FAQ

Frequently Asked Questions about TOC Builder by RobertIvan