Does Widget Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in Widget Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Widget Builder compatible with WordPress 4.3.34?

According to WordPress.org data, Widget Builder 1.6.2 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Widget Builder updated?

Widget Builder was last updated on Aug 21, 2015. Frequent updates are generally a positive security signal.

What is Widget Builder's security score?

Widget Builder has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widget Builder Security & Risk Analysis

wordpress.org/plugins/widget-builder

Widget Builder uses native WordPress editing interface to provide a unique tool to build custom widgets for your site(s).

600 active installs v1.6.2 PHP + WP 3.0+ Updated Aug 21, 2015

adminfeatured-imagesidebarsimplewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Widget Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Widget Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "widget-builder" v1.6.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of identified vulnerabilities in its history and the static analysis showing no critical or high-severity taint flows, dangerous functions, or raw SQL queries are positive indicators. The presence of nonce and capability checks, along with 100% of SQL queries using prepared statements, demonstrates good coding practices for security.

However, a significant concern arises from the low percentage of properly escaped output (18%). This indicates that a substantial portion of the plugin's output might be susceptible to cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is directly rendered without adequate sanitization. While the attack surface appears small and protected, the insufficient output escaping presents a tangible risk that could be exploited to inject malicious scripts into the website.

In conclusion, while the plugin has a clean vulnerability history and employs some key security measures, the widespread lack of output escaping is a critical weakness. Addressing this would significantly improve the plugin's overall security. The current state suggests a plugin that has avoided major historical security issues but needs attention to a common vulnerability vector.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

Widget Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Widget Builder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

18% escaped22 total outputs

Attack Surface

Widget Builder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actioninitclasses\widget-builder.php:42

actionwidgets_initclasses\widget-builder.php:43

actionadmin_menuclasses\widget-builder.php:48

actionadd_meta_boxesclasses\widget-builder.php:51

actionsave_postclasses\widget-builder.php:52

filterpost_updated_messagesclasses\widget-builder.php:55

actionsave_postclasses\widget-builder.php:58

actionadded_post_metaclasses\widget-builder.php:59

actionupdated_post_metaclasses\widget-builder.php:60

actiondeleted_post_metaclasses\widget-builder.php:61

actionplugins_loadedwidget-builder.php:18

Maintenance & Trust

Widget Builder Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedAug 21, 2015

PHP min version

Downloads44K

Community Trust

Rating74/100

Number of ratings10

Active installs600

Alternatives

Widget Builder Alternatives

Widget Disable

wp-widget-disable

Disable sidebar and dashboard widgets with an easy to use interface.

10K No CVEs

Simple Page to Sidebar

simple-page-to-sidebar

Simple Page to Sidebar lets you simply add page content to a sidebar. No more, no less.

200 No CVEs

Widget Wrangler

widget-wrangler

A plugin for managing the display of widgets on a page by page basis. Using widgets as a post type.

200 No CVEs

Attach Files Widget

attach-files-widget

Simple attachment widget that uses native Wordpress upload manager to add files link widgets to your site.

100 No CVEs

last updated

last-updated

Mark posts as significantly updated an display them in a widget.

100 No CVEs

Developer Profile

Widget Builder Developer Profile

Modern Tribe, Inc.

7 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Widget Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widget-builder/lib/tribe-widget-factory/tribe-widget-factory.php/wp-content/plugins/widget-builder/classes/widget-builder.php/wp-content/plugins/widget-builder/classes/custom-widget-display.php/wp-content/plugins/widget-builder/wp_add_dashboard_widget.php

HTML / DOM Fingerprints

Data Attributes

data-tribe-widget-builder-token

JS Globals

TribeWidgetBuilderAdminTribeWidgetBuilderFrontEnd

FAQ