Does VNEcategory have any unpatched vulnerabilities?

No. All known vulnerabilities in VNEcategory have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VNEcategory compatible with WordPress 3.4.2?

According to WordPress.org data, VNEcategory 1.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is VNEcategory updated?

VNEcategory was last updated on Dec 14, 2012. Frequent updates are generally a positive security signal.

What is VNEcategory's security score?

VNEcategory has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VNEcategory Security & Risk Analysis

wordpress.org/plugins/vnecategory

Show category and subcategory and post in these categories

10 active installs v1.0 PHP + WP 2.8+ Updated Dec 14, 2012

categoryeach-categoryeach-postpost-in-sub-categorysub-category

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is VNEcategory Safe to Use in 2026?

Generally Safe

Score 85/100

VNEcategory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "vnecategory" v1.0 plugin exhibits a mixed security posture. On the positive side, it has a minimal attack surface with no reported CVEs, external requests, file operations, or cron events, suggesting a potentially safe design. All SQL queries are prepared, and there are no recorded vulnerabilities, which is a strong indicator of good development practices or a lack of extensive prior security analysis.

However, significant concerns arise from the static analysis. The presence of `create_function` is a critical security flaw, as it can lead to arbitrary code execution if user-supplied input is passed to it without proper sanitization. Furthermore, the plugin has a very low rate of output escaping (only 8%), leaving it highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce and capability checks across all entry points (even though the attack surface appears to be zero) means that if any entry points were to be introduced or exposed in future updates or through other means, they would be completely unprotected.

In conclusion, while the plugin's current known vulnerability history is clean and it demonstrates good practices in SQL handling and a limited attack surface, the identified `create_function` usage and the severely inadequate output escaping present substantial risks. These issues, if exploited, could lead to arbitrary code execution and widespread XSS attacks, overriding the benefits of its otherwise clean record.

Key Concerns

Use of dangerous create_function
Very low output escaping rate (8%)
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

VNEcategory Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

VNEcategory Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

VNEcategory Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("VNEcategory");') );vn_category.php:215

Output Escaping

8% escaped26 total outputs

Attack Surface

VNEcategory Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initvn_category.php:215

Maintenance & Trust

VNEcategory Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedDec 14, 2012

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

VNEcategory Alternatives

Category Family Tree

category-family-tree

Show Category ancestors and sub categories on the sidebar

40 No CVEs

Category Order and Taxonomy Terms Order

taxonomy-terms-order

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs

No Category Base (WPML)

no-category-base-wpml

100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs

Pages with category and tag

pages-with-category-and-tag

100

Add Categories and Tags to Pages.

60K No CVEs

Remove Category URL – Remove 'category' base from category permalinks

remove-category-url

100

Remove Category URL strips the /category/ base from your category URLs, turning something like /category/my-category/ into simply /my-category/.

60K No CVEs

Developer Profile

VNEcategory Developer Profile

drmen8x

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VNEcategory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vnecategory/vne_category.css

HTML / DOM Fingerprints

CSS Classes

vne_boxvne_box_headervne_parentvne_subvne_headingvne_thumbvne_descvne_box_list

HTML Comments

Data Attributes

id="vne_box_"id="vne_box_header_"name="cat"name="show_sub"name="vne_num"name="sort_by"+2 more

FAQ