Does Widget Taxonomy have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Widget Taxonomy compatible with WordPress 5.1.22?

According to WordPress.org data, Widget Taxonomy 1.0.0 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

How often is Widget Taxonomy updated?

Widget Taxonomy was last updated on Mar 30, 2019. Frequent updates are generally a positive security signal.

What is Widget Taxonomy's security score?

Widget Taxonomy has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widget Taxonomy Security & Risk Analysis

wordpress.org/plugins/widget-taxonomy

Widget Taxonomy provides widget for post and custom post type taxonomy display. Taxonomy and Terms disply with listing options and post count of terms …

10 active installs v1.0.0 PHP + WP 3.6+ Updated Mar 30, 2019

custom-post-type-taxonomy-widgettaxonomytermwidgetwidget-taxonomy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Widget Taxonomy Safe to Use in 2026?

Generally Safe

Score 85/100

Widget Taxonomy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The widget-taxonomy v1.0.0 plugin exhibits a mixed security posture. While the absence of known CVEs and a clean vulnerability history are positive indicators, the static analysis reveals several concerning practices. The plugin's attack surface appears minimal with no apparent entry points for direct exploitation. However, the use of `create_function`, a deprecated and often insecure function, is a significant concern. Furthermore, the low percentage of properly escaped output suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially if any of the data processed by the plugin originates from user input. The lack of nonce and capability checks, while not directly exploitable due to the limited attack surface, indicates a potential for privilege escalation or unauthorized actions if new entry points are introduced in future versions or if the existing code is leveraged indirectly.

Key Concerns

Use of dangerous function: create_function
Low percentage of properly escaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Widget Taxonomy Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Widget Taxonomy Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Widget Taxonomy Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$my_get_term_link = create_function( '$matches' , 'global $taxonomy; return "value=\"" . get_term_liwidget-texonomy .php:66

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "ttw_widget" );' ) );widget-texonomy .php:176

Output Escaping

16% escaped37 total outputs

Attack Surface

Widget Taxonomy Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initwidget-texonomy .php:176

Maintenance & Trust

Widget Taxonomy Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedMar 30, 2019

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Widget Taxonomy Alternatives

Beautiful taxonomy filters

beautiful-taxonomy-filters

Supercharge your custom post type archives by letting visitors filter posts by their terms/categories. This plugin handles the whole thing for you!

3K 1 CVE

Taxonomy Term Widget

taxonomy-term-widget

Add an advanced widget to your WordPress blog, like an extension of the Categories widget.

300 No CVEs

Posts By Taxonomy Widget

posts-by-taxonomy-widget

Display a list of taxonomy terms with recent posts in those terms in a simple to use widget

10 No CVEs

Category Order and Taxonomy Terms Order

taxonomy-terms-order

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs

Custom Taxonomy Order

custom-taxonomy-order-ne

100

Allows for the ordering of categories and custom taxonomy terms through a simple drag-and-drop interface

50K No CVEs

Developer Profile

Widget Taxonomy Developer Profile

Juhi Patel

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Widget Taxonomy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widget-taxonomy/widget-taxonomy.php

HTML / DOM Fingerprints

CSS Classes

texonomy_widget_terms

HTML Comments

<![CDATA[]]>

Data Attributes

id="ttwvalue="-1"

JS Globals

var dropdown

FAQ