WP-Safety

User Bio Widget Security & Risk Analysis

wordpress.org/plugins/user-bio-widget

Easily display the "Biographical Info", and Gravatar, of any author's user profile in your blog's sidebar.

20 active installs v0.2 PHP + WP 2.8+ Updated Unknown
author-biobiogravataruser-biowidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is User Bio Widget Safe to Use in 2026?

Generally Safe

Score 100/100

User Bio Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The user-bio-widget plugin version 0.2 exhibits a mixed security posture. While it demonstrates good practices in terms of SQL query handling, utilizing prepared statements exclusively, and has no recorded vulnerability history, several concerning aspects arise from the static analysis. The plugin has a remarkably small attack surface with no identifiable entry points, which is a positive sign. However, the complete lack of nonce checks and capability checks across all code signals is a significant oversight. Furthermore, the low percentage of properly escaped output (8%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-provided data is likely being rendered directly without sufficient sanitization.

Key Concerns

  • Low output escaping percentage
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

User Bio Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

User Bio Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
22
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

8% escaped24 total outputs
Attack Surface

User Bio Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_inituser-bio-widget.php:168
Maintenance & Trust

User Bio Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4
Last updatedUnknown
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

User Bio Widget Alternatives

About the Author Advanced

About the Author Advanced

about-the-author-advanced

A
85

This plugin creates a sidebar widget which displays the post/page author's information.

50 No CVEs
Author Bio Widget

Author Bio Widget

author-bio-widget

A
85

A simple sidebar widget to display page or post author's bio and link through to other content from the author.

50 No CVEs
Bangla Author Bio

Bangla Author Bio

bangla-author-bio

A
85

Simply adds a author bio after every post automatically in Bangla.

10 No CVEs
Simple Author Box

Simple Author Box

simple-author-box

A
99

Add a responsive author box or guest author box with social icons to any post. Great author box for any site!

80K 2 CVEs
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

publishpress-authors

A
92

PublishPress Authors is the best plugin for adding authors, co-authors, multiple authors and guest authors to WordPress posts.

20K 4 CVEs
Developer Profile

User Bio Widget Developer Profile

Anthony Bubel

2 plugins · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect User Bio Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/user-bio-widget/user-bio-widget.php

HTML / DOM Fingerprints

CSS Classes
ub-grav
Data Attributes
id="extra-options"name="title"name="author"name="gravatar"name="grav_size"name="grav_align"+1 more
JS Globals
jQuery
FAQ

Frequently Asked Questions about User Bio Widget