WP-Safety

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Security & Risk Analysis

wordpress.org/plugins/widget-options

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K active installs v4.2.0 PHP 7.4+ WP 5.6+ Updated Mar 12, 2026
blocksblocks-visibility-rulesclassic-widgetsgutenberg-widgetswidget-control
52
C · Use Caution
CVEs total7
Unpatched1
Last CVEMar 2, 2026
Plugin page Download
Safety Verdict

Is Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Safe to Use in 2026?

Use With Caution

Score 52/100

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

7 known CVEs 1 unpatched Last CVE: Mar 2, 2026Updated 22d ago
Risk Assessment

The "widget-options" plugin v4.2.0 exhibits a concerning security posture due to a significant historical vulnerability record and several weaknesses identified in the static analysis. While the plugin demonstrates some positive security practices, such as a moderate use of prepared statements for SQL queries and a decent number of capability checks, these are overshadowed by critical vulnerabilities and potential attack vectors. The presence of multiple historical CVEs, including a critical one, and one currently unpatched critical vulnerability highlights a recurring pattern of significant security flaws. The common vulnerability types associated with this plugin (Code Injection, XSS, Missing Authorization, Information Exposure) further reinforce this concern, indicating a history of inadequate input sanitization and authorization checks.

From a code analysis perspective, the plugin presents a substantial attack surface with 22 AJAX handlers, three of which lack authorization checks. This is a direct pathway for potential unauthorized actions. Although no critical or high-severity taint flows were identified, the low percentage of properly escaped output (30%) is a significant concern, suggesting a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The limited use of prepared statements for SQL queries (22%) also indicates a risk of SQL injection vulnerabilities. The existence of a file operation and an external HTTP request without further context on their sanitization also warrants attention. Bundling the Select2 library, while not inherently a vulnerability, could be a risk if the bundled version is outdated and contains known vulnerabilities.

In conclusion, despite some adherence to security best practices, the "widget-options" plugin v4.2.0 presents a high risk to WordPress installations. The consistent history of critical and high-severity vulnerabilities, coupled with specific findings of unprotected AJAX handlers and insufficient output escaping, strongly suggests a need for immediate attention and updates. Users should consider disabling or removing this plugin until these issues are definitively addressed and remediated.

Key Concerns

  • Unpatched critical CVE
  • Unprotected AJAX handlers (3)
  • Low percentage of properly escaped output (30%)
  • Low percentage of prepared SQL statements (22%)
  • Large attack surface
  • Historical critical vulnerabilities
  • Historical high severity vulnerabilities
Vulnerabilities
7

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
3 CVEs in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
4

7 total CVEs

CVE-2026-27984high · 8.8Improper Control of Generation of Code ('Code Injection')

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets <= 4.1.3 - Authenticated (Contributor+) Remote Code Execution

Mar 2, 2026Unpatched
CVE-2025-10580medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2025 Patched in 4.1.3 (1d)
CVE-2025-22630high · 8.8Improper Control of Generation of Code ('Code Injection')

Widget Options <= 4.1.0 - Authenticated (Contributor+) Remote Code Execution

Feb 11, 2025 Patched in 4.1.1 (9d)
CVE-2025-22722medium · 4.3Missing Authorization

Widget Options <= 4.0.8 - Missing Authorization to Notice Dismissal

Jan 15, 2025 Patched in 4.0.9 (7d)
CVE-2024-56219medium · 4.3Missing Authorization

Widget Options <= 4.0.6.1 - Missing Authorization

Dec 19, 2024 Patched in 4.0.8 (21d)
CVE-2024-8672critical · 9.9Improper Control of Generation of Code ('Code Injection')

Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution

Nov 27, 2024 Patched in 4.0.8 (1d)
CVE-2024-35691medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure

Jun 6, 2024 Patched in 4.0.2 (8d)
Code Analysis
Analyzed Mar 16, 2026

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
21
6 prepared
Unescaped Output
220
95 escaped
Nonce Checks
13
Capability Checks
57
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

22% prepared27 total queries

Output Escaping

30% escaped315 total outputs
Data Flows
All sanitized

Data Flow Analysis

7 flows
settings_page (includes\admin\import-export.php:52)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Attack Surface

Entry Points22
Unprotected3

AJAX Handlers 22

authwp_ajax_widgetopts_migratorincludes\admin\import-export.php:31
authwp_ajax_widgetopts_ajax_settingsincludes\ajax-functions.php:113
authwp_ajax_widgetopts_hideRatingincludes\ajax-functions.php:141
authwp_ajax_widgetopts_ajax_validate_expressionincludes\ajax-functions.php:162
authwp_ajax_widgetopts_run_migrationincludes\snippets\class-snippets-admin.php:41
authwp_ajax_widgetopts_dismiss_migration_noticeincludes\snippets\class-snippets-admin.php:42
authwp_ajax_widgetopts_migration_scanincludes\snippets\class-snippets-admin.php:45
authwp_ajax_widgetopts_migration_migrateincludes\snippets\class-snippets-admin.php:46
authwp_ajax_widgetopts_migration_deleteincludes\snippets\class-snippets-admin.php:47
authwp_ajax_widgetopts_get_snippetsincludes\snippets\class-snippets-api.php:27
authwp_ajax_widgetopts_get_typesincludes\widgets\gutenberg\gutenberg-toolbar.php:1092
authwp_ajax_widgetopts_get_taxonomiesincludes\widgets\gutenberg\gutenberg-toolbar.php:1105
authwp_ajax_widgetopts_acf_get_field_groupsincludes\widgets\gutenberg\gutenberg-toolbar.php:1133
authwp_ajax_widgetopts_get_legacy_dataincludes\widgets\gutenberg\gutenberg-toolbar.php:1159
authwp_ajax_widgetopts_get_settings_ajaxincludes\widgets\gutenberg\gutenberg-toolbar.php:1175
authwp_ajax_widgetopts_get_snippets_ajaxincludes\widgets\gutenberg\gutenberg-toolbar.php:1206
authwp_ajax_widgetopts_get_pagesincludes\widgets\gutenberg\gutenberg-toolbar.php:1239
authwp_ajax_widgetopts_get_termsincludes\widgets\gutenberg\gutenberg-toolbar.php:1261
authwp_ajax_widgetopts_get_usersincludes\widgets\gutenberg\gutenberg-toolbar.php:1295
authwp_ajax_widgetopts_ajax_roles_search_blockincludes\widgets\gutenberg\gutenberg-toolbar.php:1324
authwp_ajax_widgetopts_ajax_page_searchincludes\widgets\option-tabs\visibility.php:447
authwp_ajax_widgetopts_ajax_taxonomy_searchincludes\widgets\option-tabs\visibility.php:477
WordPress Hooks 138
actioninitincludes\admin\globals.php:12
actionadmin_initincludes\admin\globals.php:24
actionadmin_menuincludes\admin\import-export.php:30
actionload-tools_page_widgetopts_migrator_settingsincludes\admin\import-export.php:32
actionload-tools_page_widgetopts_migrator_settingsincludes\admin\import-export.php:33
actionadmin_footerincludes\admin\import-export.php:36
filterwp_check_filetype_and_extincludes\admin\import-export.php:374
filterupload_mimesincludes\admin\import-export.php:375
actionadmin_noticesincludes\admin\notices.php:83
actionadmin_noticesincludes\admin\notices.php:140
actionadmin_noticesincludes\admin\notices.php:184
actionadmin_noticesincludes\admin\notices.php:196
actionadmin_noticesincludes\admin\notices.php:213
actionadmin_noticesincludes\admin\notices.php:226
actionadmin_initincludes\admin\notices.php:246
actionadmin_menuincludes\admin\settings\display-settings.php:30
actionwidgetopts_module_cardsincludes\admin\settings\modules\acf.php:67
actionwidgetopts_module_cardsincludes\admin\settings\modules\alignment.php:61
actionwidgetopts_module_cardsincludes\admin\settings\modules\animation.php:33
actionwidgetopts_module_cardsincludes\admin\settings\modules\beaver_builder.php:69
actionwidgetopts_module_cardsincludes\admin\settings\modules\cache.php:33
actionwidgetopts_module_cardsincludes\admin\settings\modules\classes.php:137
actionwidgetopts_module_cardsincludes\admin\settings\modules\classic-widgets-screen.php:60
actionwidgetopts_module_cardsincludes\admin\settings\modules\clone.php:33
actionwidgetopts_module_cardsincludes\admin\settings\modules\columns.php:34
actionwidgetopts_module_cardsincludes\admin\settings\modules\custom-sidebar.php:39
actionwidgetopts_module_cardsincludes\admin\settings\modules\dates.php:34
actionwidgetopts_module_cardsincludes\admin\settings\modules\devices.php:61
actionwidgetopts_module_cardsincludes\admin\settings\modules\disable_widgets.php:33
actionwidgetopts_module_cardsincludes\admin\settings\modules\elementor.php:69
actionwidgetopts_module_cardsincludes\admin\settings\modules\fixed.php:36
actionwidgetopts_module_cardsincludes\admin\settings\modules\import-export.php:66
actionwidgetopts_module_cardsincludes\admin\settings\modules\links.php:33
actionwidgetopts_module_cardsincludes\admin\settings\modules\logic.php:99
actionwidgetopts_module_cardsincludes\admin\settings\modules\move.php:68
actionwidgetopts_module_cardsincludes\admin\settings\modules\page-and-post-block.php:75
actionwidgetopts_module_cardsincludes\admin\settings\modules\permission.php:34
actionwidgetopts_module_cardsincludes\admin\settings\modules\roles.php:34
actionwidgetopts_module_cardsincludes\admin\settings\modules\search.php:66
actionwidgetopts_module_cardsincludes\admin\settings\modules\shortcodes.php:33
actionwidgetopts_module_sidebarincludes\admin\settings\modules\sidebar-support_box.php:51
actionwidgetopts_module_sidebarincludes\admin\settings\modules\sidebar-support_box.php:102
actionwidgetopts_module_sidebarincludes\admin\settings\modules\sidebar-upsell_pro.php:67
actionwidgetopts_module_cardsincludes\admin\settings\modules\siteorigin.php:67
actionwidgetopts_module_cardsincludes\admin\settings\modules\sliding.php:41
actionwidgetopts_module_cardsincludes\admin\settings\modules\state.php:66
actionwidgetopts_module_cardsincludes\admin\settings\modules\styling.php:33
actionwidgetopts_module_cardsincludes\admin\settings\modules\title.php:61
actionwidgetopts_module_cardsincludes\admin\settings\modules\visibility.php:92
actionwidgetopts_module_cardsincludes\admin\settings\modules\widget-area.php:86
actionadmin_enqueue_scriptsincludes\admin\welcome.php:24
actionadmin_menuincludes\admin\welcome.php:25
actionadmin_headincludes\admin\welcome.php:27
actionadmin_noticesincludes\install.php:14
actionadmin_initincludes\install.php:52
actionplugins_loadedincludes\install.php:69
filterfl_builder_register_settings_formincludes\pagebuilders\beaver\beaver.php:39
actionfl_builder_control_widgetopts-beaver-tabnavincludes\pagebuilders\beaver\beaver.php:40
actionwp_enqueue_scriptsincludes\pagebuilders\beaver\beaver.php:41
actionfl_builder_control_widgetopts-select2includes\pagebuilders\beaver\beaver.php:42
actionfl_builder_control_widgetopts-upgradeincludes\pagebuilders\beaver\beaver.php:43
filterfl_builder_is_node_visibleincludes\pagebuilders\beaver\beaver.php:46
actionfl_builder_control_widgetopts-beaver-legacyincludes\pagebuilders\beaver\beaver.php:47
actionplugins_loadedincludes\pagebuilders\beaver\beaver.php:953
filterfl_builder_before_save_layoutincludes\pagebuilders\beaver\beaver.php:963
actionelementor/element/after_section_endincludes\pagebuilders\elementor\elementor.php:15
actionelementor/document/before_saveincludes\pagebuilders\elementor\elementor.php:626
actionelementor/document/after_saveincludes\pagebuilders\elementor\elementor.php:631
actionelementor/editor/after_enqueue_scriptsincludes\pagebuilders\elementor\elementor.php:724
actionelementor/widget/render_contentincludes\pagebuilders\elementor\render.php:14
actionelementor/frontend/widget/before_renderincludes\pagebuilders\elementor\render.php:406
actionwp_footerincludes\pagebuilders\elementor\render.php:423
filtersiteorigin_panels_dataincludes\pagebuilders\siteorigin.php:15
filterupdate_post_metadataincludes\pagebuilders\siteorigin.php:78
filtersiteorigin_panels_widget_classesincludes\pagebuilders\siteorigin.php:166
actionwp_enqueue_scriptsincludes\scripts.php:41
actioncustomize_controls_enqueue_scriptsincludes\scripts.php:42
actionadmin_enqueue_scriptsincludes\scripts.php:229
actionadmin_footer-widgets.phpincludes\scripts.php:253
actionadmin_footer-widgets.phpincludes\scripts.php:439
actionadmin_footerincludes\scripts.php:544
actionadmin_menuincludes\snippets\class-snippets-admin.php:31
actionadmin_noticesincludes\snippets\class-snippets-admin.php:32
actionadmin_noticesincludes\snippets\class-snippets-admin.php:33
actionadmin_noticesincludes\snippets\class-snippets-admin.php:34
actionadd_meta_boxesincludes\snippets\class-snippets-admin.php:35
actionadmin_enqueue_scriptsincludes\snippets\class-snippets-admin.php:50
actionadmin_initincludes\snippets\class-snippets-admin.php:53
actionadmin_enqueue_scriptsincludes\snippets\class-snippets-api.php:30
actioninitincludes\snippets\class-snippets-cpt.php:41
actioninitincludes\snippets\class-snippets-cpt.php:42
filterpost_row_actionsincludes\snippets\class-snippets-cpt.php:43
actionadmin_head-post.phpincludes\snippets\class-snippets-cpt.php:44
actionadmin_head-post-new.phpincludes\snippets\class-snippets-cpt.php:45
actiontransition_post_statusincludes\transient.php:14
actioncreate_termincludes\transient.php:32
actionedit_termincludes\transient.php:33
actiondelete_termincludes\transient.php:34
filterwidget_display_callbackincludes\widgets\display.php:601
filterwidget_titleincludes\widgets\display.php:626
filterdynamic_sidebar_paramsincludes\widgets\display.php:709
actionwp_loadedincludes\widgets\extras.php:105
filtersidebars_widgetsincludes\widgets\extras.php:108
actionenqueue_block_editor_assetsincludes\widgets\gutenberg\gutenberg-toolbar.php:40
actionrest_api_initincludes\widgets\gutenberg\gutenberg-toolbar.php:60
filterregister_block_type_argsincludes\widgets\gutenberg\gutenberg-toolbar.php:75
filterwidget_types_to_hide_from_legacy_widget_blockincludes\widgets\gutenberg\gutenberg-toolbar.php:156
filterwidget_update_callbackincludes\widgets\gutenberg\gutenberg-toolbar.php:161
filterrest_pre_insert_postincludes\widgets\gutenberg\gutenberg-toolbar.php:241
filterrest_pre_insert_pageincludes\widgets\gutenberg\gutenberg-toolbar.php:242
filterwp_insert_post_dataincludes\widgets\gutenberg\gutenberg-toolbar.php:383
filterrender_blockincludes\widgets\gutenberg\gutenberg-toolbar.php:430
actionextended_widget_opts_tabsincludes\widgets\option-tabs\alignment.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\alignment.php:86
actionextended_widget_opts_tabsincludes\widgets\option-tabs\animation.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\animation.php:229
actionextended_widget_opts_tabsincludes\widgets\option-tabs\behavior.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\behavior.php:271
actionextended_widget_opts_tabsincludes\widgets\option-tabs\days-dates.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\days-dates.php:113
actionextended_widget_opts_tabsincludes\widgets\option-tabs\devices.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\devices.php:105
actionextended_widget_opts_tabsincludes\widgets\option-tabs\settings.php:32
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\settings.php:260
actionextended_widget_opts_tabsincludes\widgets\option-tabs\state.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\state.php:115
actionextended_widget_opts_tabsincludes\widgets\option-tabs\styling.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\styling.php:171
actionextended_widget_opts_tabsincludes\widgets\option-tabs\upsell.php:29
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\upsell.php:91
actionextended_widget_opts_tabsincludes\widgets\option-tabs\visibility.php:31
actionextended_widget_opts_tabcontentincludes\widgets\option-tabs\visibility.php:410
actionwidgets_admin_pageincludes\widgets\widgets.php:36
actionin_widget_formincludes\widgets\widgets.php:139
filterwidget_update_callbackincludes\widgets\widgets.php:191
filterwidget_form_callbackincludes\widgets\widgets.php:193
filteruse_widgets_block_editorplugin.php:58
actionplugins_loadedplugin.php:318
Maintenance & Trust

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 12, 2026
PHP min version7.4
Downloads4.1M

Community Trust

Rating98/100
Number of ratings1,516
Active installs100K
Alternatives

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Alternatives

Widget Logic

Widget Logic

widget-logic

A
95

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs
Classic Widgets with Block-based Widgets

Classic Widgets with Block-based Widgets

classic-widgets-with-block-based-widgets

B
78

Restore the classic widgets screen as a new menu item without replacing new block-based widgets.

1K 1 unpatched
Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs
Developer Profile

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets Developer Profile

Marketing Fire

4 plugins · 212K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
643 days
View full developer profile
Detection Fingerprints

How We Detect Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/widget-options/includes/pagebuilders/beaver/js/widgetopts-beaver.js/wp-content/plugins/widget-options/includes/pagebuilders/beaver/css/widgetopts-beaver.css/wp-content/plugins/widget-options/includes/select2/select2.min.js/wp-content/plugins/widget-options/includes/select2/select2.css
Script Paths
/wp-content/plugins/widget-options/includes/pagebuilders/beaver/js/widgetopts-beaver.js/wp-content/plugins/widget-options/includes/select2/select2.min.js
Version Parameters
widget-options/includes/pagebuilders/beaver/css/widgetopts-beaver.css?ver=widget-options/includes/pagebuilders/beaver/js/widgetopts-beaver.js?ver=widget-options/includes/select2/select2.min.js?ver=widget-options/includes/select2/select2.css?ver=

HTML / DOM Fingerprints

CSS Classes
widgetopts-beaver-tabnavwidgetopts-select2widgetopts-upgradefl-widgetopts-settings
Data Attributes
data-control="widgetopts-beaver-tabnav"data-control="widgetopts-select2"data-control="widgetopts-upgrade"data-control="widgetopts-beaver-legacy"
JS Globals
WidgetOptsBeaver
FAQ

Frequently Asked Questions about Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets