Does WEN Responsive Columns have any unpatched vulnerabilities?

No. All known vulnerabilities in WEN Responsive Columns have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WEN Responsive Columns compatible with WordPress 6.5.8?

According to WordPress.org data, WEN Responsive Columns 1.3.4 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is WEN Responsive Columns updated?

WEN Responsive Columns was last updated on Mar 17, 2024. Frequent updates are generally a positive security signal.

What is WEN Responsive Columns's security score?

WEN Responsive Columns has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WEN Responsive Columns Security & Risk Analysis

wordpress.org/plugins/wen-responsive-columns

Easily display columnized content in your pages or posts.

900 active installs v1.3.4 PHP + WP 4.4+ Updated Mar 17, 2024

columncolumn-shortcodecolumnsgridresponsive

A · Safe

CVEs total1

Unpatched0

Last CVEMar 15, 2024

Plugin page Download

Safety Verdict

Is WEN Responsive Columns Safe to Use in 2026?

Generally Safe

Score 85/100

WEN Responsive Columns has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 15, 2024Updated 2yr ago

Risk Assessment

The "wen-responsive-columns" plugin version 1.3.4 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, unescaped output, file operations, and external HTTP requests is commendable. The plugin also correctly utilizes prepared statements for its SQL queries and performs output escaping for all identified outputs. The presence of capability checks further enhances its security by ensuring proper authorization for certain actions.

However, the plugin's vulnerability history reveals a past medium-severity Cross-Site Scripting (XSS) vulnerability, which, though patched, indicates a potential weakness in input sanitization for web page generation. The lack of explicit nonce checks on any entry points, particularly on the single shortcode, is a notable concern. While the static analysis reports zero unprotected entry points, a shortcode without nonce protection can still be a vector for certain types of attacks if user-supplied data is processed within it without adequate validation and sanitization beyond basic output escaping.

In conclusion, while the current version demonstrates good coding practices in many areas, the historical XSS vulnerability and the absence of nonce checks on its shortcode represent areas where further scrutiny and potential hardening are advisable. The plugin's strengths lie in its secure handling of database queries and output, but the potential for client-side manipulation through its shortcode warrants careful consideration.

Key Concerns

Past medium XSS vulnerability
Missing nonce checks on shortcode

Vulnerabilities

WEN Responsive Columns Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-27988medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 15, 2024 Patched in 1.3.3 (6d)

Code Analysis

Analyzed Mar 17, 2026

WEN Responsive Columns Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

100% escaped5 total outputs

Attack Surface

WEN Responsive Columns Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wrc_column] includes\class-wen-responsive-columns-shortcode.php:26

WordPress Hooks 13

filtermce_buttonsadmin\class-wen-responsive-columns-admin.php:88

filtermce_external_pluginsadmin\class-wen-responsive-columns-admin.php:89

actionplugins_loadedincludes\class-wen-responsive-columns.php:147

actionadmin_enqueue_scriptsincludes\class-wen-responsive-columns.php:176

actionadmin_enqueue_scriptsincludes\class-wen-responsive-columns.php:177

actionadmin_initincludes\class-wen-responsive-columns.php:180

actionadmin_footerincludes\class-wen-responsive-columns.php:181

filtermce_external_languagesincludes\class-wen-responsive-columns.php:184

actionwp_enqueue_scriptsincludes\class-wen-responsive-columns.php:200

actionwp_enqueue_scriptsincludes\class-wen-responsive-columns.php:201

filterwrc_column_contentincludes\class-wen-responsive-columns.php:204

filterthe_contentincludes\class-wen-responsive-columns.php:208

filterwrc_column_contentincludes\class-wen-responsive-columns.php:209

Maintenance & Trust

WEN Responsive Columns Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMar 17, 2024

PHP min version

Downloads27K

Community Trust

Rating74/100

Number of ratings9

Active installs900

Alternatives

WEN Responsive Columns Alternatives

Block Editor Bootstrap Blocks

block-editor-bootstrap-blocks

Fully responsive Bootstrap 5 blocks, components and extends for Gutenberg

900 1 CVE

Advanced Columns Block: Layout builder

advanced-columns-block

100

The professional plugin for creating responsive layouts in WordPress.

100 No CVEs

PixGridder

pixgridder

A simple page grid composer that splits your pages into ordered grids, a builder for rows and columns

100 No CVEs

Responsive Columns

responsive-columns

100

Adaptive column counts, gap controls, and Masonry layouts for core Columns and Query Loop blocks — no custom blocks required.

50 No CVEs

Grid Blocks

grid-blocks

100

Gutenberg blocks for creating responsive grid rows, columns, and block grids.

10 No CVEs

Developer Profile

WEN Responsive Columns Developer Profile

WEN Themes

63 plugins · 35K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect WEN Responsive Columns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wen-responsive-columns/admin/css/wen-responsive-columns-admin.css/wp-content/plugins/wen-responsive-columns/admin/js/wen-responsive-columns-admin.js/wp-content/plugins/wen-responsive-columns/admin/js/wen-responsive-columns-tinymce-plugin.js/wp-content/plugins/wen-responsive-columns/includes/js/wen-responsive-columns-public.js/wp-content/plugins/wen-responsive-columns/includes/css/wen-responsive-columns-public.css

Script Paths

/wp-content/plugins/wen-responsive-columns/admin/js/wen-responsive-columns-tinymce-plugin.js

Version Parameters

wen-responsive-columns/admin/css/wen-responsive-columns-admin.css?ver=wen-responsive-columns/admin/js/wen-responsive-columns-admin.js?ver=wen-responsive-columns/admin/js/wen-responsive-columns-tinymce-plugin.js?ver=wen-responsive-columns/includes/js/wen-responsive-columns-public.js?ver=wen-responsive-columns/includes/css/wen-responsive-columns-public.css?ver=

HTML / DOM Fingerprints

CSS Classes

wrc-form-contentwrc-form-rowwrc-column-mix-wrapwrc-column-mix

Data Attributes

id="wrc-popup-form"id="wrc-grid"id="wrc-column-number"id="wrc-column-mix-wrap"id="wrc-column-mix"id="wrc-submit"

JS Globals

tinymce

Shortcode Output

[wrc_columns[/wrc_columns]

FAQ