Does Widget Citation have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Widget Citation compatible with WordPress 5.6.17?

According to WordPress.org data, Widget Citation 1.0 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is Widget Citation compatible with PHP 5.2.4+?

Widget Citation requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Widget Citation updated?

Widget Citation was last updated on Feb 26, 2021. Frequent updates are generally a positive security signal.

What is Widget Citation's security score?

Widget Citation has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widget Citation Security & Risk Analysis

wordpress.org/plugins/widget-citation

It allows you to offer your users famous quotes and even include your own quotes.

0 active installs v1.0 PHP 5.2.4+ WP 5.6.1+ Updated Feb 26, 2021

citationmessagespersonquotewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Widget Citation Safe to Use in 2026?

Generally Safe

Score 85/100

Widget Citation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The widget-citation plugin v1.0 presents a generally good security posture based on the static analysis. The absence of any dangerous functions, file operations, or external HTTP requests is a significant positive. Furthermore, all SQL queries utilize prepared statements, which is a strong defense against SQL injection. The plugin also demonstrates some commitment to security with a capability check present, though the overall number of checks is limited.

However, there are notable areas for concern. The most significant is the very low percentage (26%) of properly escaped output. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected through user-supplied data and executed in the browser of other users. The lack of any nonce checks, especially given the absence of AJAX handlers or REST API routes which might otherwise necessitate them, could be an oversight if any future functionality is added that requires nonces for security.

The vulnerability history being entirely clean is a positive indicator for this specific version. It suggests that the developers have either been diligent in addressing past issues or that the plugin has not been a significant target. However, the lack of any recorded vulnerabilities doesn't inherently mean the code is perfect, especially in light of the output escaping issues. The strengths lie in the secure handling of database interactions and the absence of common dangerous code patterns. The primary weakness lies in the substantial risk of XSS due to insufficient output escaping.

Key Concerns

Low output escaping percentage
Missing nonce checks

Vulnerabilities

None known

Widget Citation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Widget Citation Release Timeline

v1.0Current

Code Analysis

Analyzed Apr 16, 2026

Widget Citation Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

26% escaped27 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<wdctt_adm_page> (includes/wdctt_adm_page.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Widget Citation Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwidgets_initincludes/functions.php:90

actionadmin_menuincludes/functions.php:128

actionplugins_loadedwidget_citation.php:29

actionwp_enqueue_scriptswidget_citation.php:36

actionadmin_enqueue_scriptswidget_citation.php:39

Maintenance & Trust

Widget Citation Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedFeb 26, 2021

PHP min version5.2.4

Downloads885

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Widget Citation Alternatives

Easy Random Quotes

easy-random-quotes

Insert quotes and pull them randomly into your pages and posts (via shortcodes) or your template (via template tags).

500 No CVEs

XV Random Quotes

xv-random-quotes

Display and rotate quotes anywhere on your WordPress site. Fully integrated with WordPress Custom Post Types, Gutenberg blocks, and REST API.

300 2 unpatched

Quote Master

quote-master

This plugin gives you the ability to add, edit, and delete quotes and display them randomly.

200 1 unpatched

Quote of the Day and Random Quote

quote-of-the-day-and-random-quote

This plugins shows a Quote of the Day, or a Random Quote.

100 No CVEs

Quotes Shortcode and Widget

quotes-shortcode-and-widget

Create Quotes. Nice and easy interface. Insert anywhere in your site - page/post editor, sidebars, template files.

100 No CVEs

Developer Profile

Widget Citation Developer Profile

Andre Brum

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Widget Citation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widget-citation/css/wdctt_style.css

HTML / DOM Fingerprints

CSS Classes

widget_citationwdctt-container

Data Attributes

data-widget-citation

Shortcode Output

[widget_citation]

FAQ