Does Ultimate Table of Contents have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultimate Table of Contents have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Table of Contents compatible with WordPress 6.2.9?

According to WordPress.org data, Ultimate Table of Contents 1.0.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is Ultimate Table of Contents updated?

Ultimate Table of Contents was last updated on May 20, 2023. Frequent updates are generally a positive security signal.

What is Ultimate Table of Contents's security score?

Ultimate Table of Contents has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Table of Contents Security & Risk Analysis

wordpress.org/plugins/ultimate-toc

Ultimate Table of Contents plugin for specific for content have heading.

10 active installs v1.0.1 PHP + WP 4.0+ Updated May 20, 2023

anchorheadingpreg_matchseowidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Table of Contents Safe to Use in 2026?

Generally Safe

Score 85/100

Ultimate Table of Contents has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "ultimate-toc" plugin version 1.0.1 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. The high percentage of properly escaped output suggests good developer attention to preventing cross-site scripting vulnerabilities. Furthermore, the plugin has no known vulnerabilities (CVEs) and no history of past issues, which indicates a mature and well-maintained codebase.

However, there are a couple of areas that warrant attention. The lack of nonce checks and capability checks across all entry points, particularly the single shortcode, presents a potential risk. While the total number of entry points is low, a shortcode without proper authorization checks could theoretically be exploited if it interacts with sensitive data or functionality, though the static analysis did not reveal any direct flows indicating this. The lack of taint analysis results also means we cannot definitively rule out the presence of unsanitized data flows. Despite these minor concerns, the plugin's overall security is good.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Ultimate Table of Contents Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Ultimate Table of Contents Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

57 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped63 total outputs

Attack Surface

Ultimate Table of Contents Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ultimate_toc] classes\class-toc-front.php:29

WordPress Hooks 9

filterrank_math/researches/toc_pluginsclass-toc.php:27

actioninitclasses\class-toc-front.php:23

filterthe_contentclasses\class-toc-front.php:25

filterthe_contentclasses\class-toc-front.php:26

filteracf_the_contentclasses\class-toc-front.php:27

actionwp_enqueue_scriptsclasses\class-toc-front.php:28

actionadmin_menuclasses\class-toc-setting.php:37

actionadmin_initclasses\class-toc-setting.php:38

actionplugins_loadedultimate-toc.php:19

Maintenance & Trust

Ultimate Table of Contents Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMay 20, 2023

PHP min version

Downloads876

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Ultimate Table of Contents Alternatives

XTND Table Of Content

xtnd-table-of-content

100

Adds a dynamic, customizable table of content block for WordPress. Generates anchor links and supports RTL/LTR.

0 No CVEs

Search Engine Insights for Google Search Console

search-engine-insights

100

Verify site ownership on Google Search Console! Analyze the Google Search Console stats, to see your site's performance on Google Search.

2K No CVEs

Add Anchor Links

add-anchor-links

Creates anchor links to heading tags in the content of selected posts, just like Github does within the Readme.md files.

1K No CVEs

Featured Image

featured-image

Add featured image to any part of the website, on each individual post/page. Very Easy to Implement. Shortcode and widget available.

1K 1 CVE

Genesis Club Lite

genesis-club-lite

Mobile Responsive Logos, Hamburger Menus, Animated Top Bars, FAQ Accordions, User Signatures, Google Calendars and much more for Genesis sites

900 1 unpatched

Developer Profile

Ultimate Table of Contents Developer Profile

irfankhan30

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Table of Contents

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-toc/assets/css/toc-front.css/wp-content/plugins/ultimate-toc/assets/js/toc-front.js

Script Paths

/wp-content/plugins/ultimate-toc/assets/js/toc-front.js

Version Parameters

toc-style?ver=toc-script?ver=

HTML / DOM Fingerprints

CSS Classes

toc-front-containerultimate-toc-widgetultimate-toc-wrap

HTML Comments

Data Attributes

data-toc-options

Shortcode Output

[ultimate_toc]

FAQ