Does Today In History have any unpatched vulnerabilities?

No. All known vulnerabilities in Today In History have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Today In History compatible with WordPress 3.4.2?

According to WordPress.org data, Today In History 0.5.1 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Today In History updated?

Today In History was last updated on Nov 3, 2012. Frequent updates are generally a positive security signal.

What is Today In History's security score?

Today In History has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Today In History Security & Risk Analysis

wordpress.org/plugins/today-in-history

Today In History provides a simple widget that displays notable events that have occurred previously on this day in history.

10 active installs v0.5.1 PHP + WP 3.0+ Updated Nov 3, 2012

countfriendsnetworknetworkssocial

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Today In History Safe to Use in 2026?

Generally Safe

Score 85/100

Today In History has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "today-in-history" plugin v0.5.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by not utilizing dangerous functions, all SQL queries are prepared statements, and there are no known vulnerabilities or CVEs recorded in its history. This suggests a developer who is mindful of common web security pitfalls.

However, significant concerns arise from the static analysis. The most alarming finding is that 100% of the 32 output operations are not properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the plugin's output, which could then be executed in the user's browser. While the attack surface is zero and there are no recorded vulnerability history patterns, the lack of output escaping is a critical oversight that leaves the plugin exposed.

In conclusion, while the plugin avoids several common vulnerabilities and has a clean history, the complete absence of output escaping is a severe weakness. This single deficiency significantly outweighs the otherwise good practices observed, making the plugin a risky choice until this issue is addressed.

Key Concerns

0% of output properly escaped

Vulnerabilities

None known

Today In History Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Today In History Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped32 total outputs

Attack Surface

Today In History Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_inittoday_in_history.php:297

Maintenance & Trust

Today In History Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedNov 3, 2012

PHP min version

Downloads5K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

Today In History Alternatives

NextScripts: Social Networks Auto-Poster

social-networks-auto-poster-facebook-twitter-g

Automatically publishes blogposts to profiles/pages/groups on Twitter, Google+, Pinterest, LinkedIn, Blogger, Tumblr ... 22 more

30K 2 unpatched

Scriptless Social Sharing

scriptless-social-sharing

This plugin adds super simple social sharing buttons to your content.

10K 2 CVEs

Friends

friends

Follow others via RSS and ActivityPub and read their posts on your own WordPress.

1K 3 CVEs

Shariff for WordPress

shariff-sharing

Shariff enables website users to share their favorite content without compromising their privacy.

1K 1 CVE

Highlight and Share – Unobtrusive and Lightweight Content Sharing

highlight-and-share

A lightweight social sharing plugin for showing social networks when users highlight text, share images, headlines, or use Click to Share.

800 2 CVEs

Developer Profile

Today In History Developer Profile

bdoga

2 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Today In History

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

tih-widgetTIH_DateTIH_Event

Data Attributes

id="TIH_Bottom"

Shortcode Output

<h5 class="TIH_Date"><p class="TIH_Event">

<a href='http://www.macnative.com/development/todayInHistory/'>Today In History</a> Provided By <a href='http://www.macnative.com'>Macnative</a>

FAQ