WP-Safety

Widget Visibility Control Security & Risk Analysis

wordpress.org/plugins/widget-visibility-control

Lightweight widget visibility control. Show or hide widgets on specific pages, posts, categories, and more. Jetpack compatible.

60 active installs v1.1.1 PHP 7.4+ WP 5.8+ Updated Jan 19, 2026
blocksconditionaljetpackvisibilitywidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Widget Visibility Control Safe to Use in 2026?

Generally Safe

Score 100/100

Widget Visibility Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The widget-visibility-control plugin v1.1.1 presents a generally good security posture based on the static analysis. The plugin has a relatively small attack surface, consisting of 3 AJAX handlers, none of which are unprotected by authentication checks. The code signals also indicate a commitment to security, with a high percentage of output properly escaped and the presence of nonce and capability checks on all identified entry points. There are no recorded vulnerabilities (CVEs) for this plugin, suggesting a history of stable and secure development.

However, a significant concern arises from the handling of SQL queries. All 4 SQL queries are executed without the use of prepared statements. This practice exposes the plugin to potential SQL injection vulnerabilities, especially if user-supplied data is used in these queries. While the taint analysis did not reveal any unsanitized paths or critical/high severity flows, the lack of prepared statements in SQL queries remains a notable weakness that could be exploited under specific conditions.

In conclusion, widget-visibility-control v1.1.1 demonstrates strong adherence to common WordPress security best practices, particularly in its handling of its attack surface and output escaping. The absence of past vulnerabilities is a positive indicator. The primary weakness lies in the unqualified use of raw SQL queries. Addressing this by implementing prepared statements for all database interactions would significantly strengthen the plugin's overall security.

Key Concerns

  • Raw SQL queries without prepared statements
Vulnerabilities
None known

Widget Visibility Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Widget Visibility Control Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
0 prepared
Unescaped Output
4
140 escaped
Nonce Checks
3
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared4 total queries

Output Escaping

97% escaped144 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
widget_conditions_admin (includes\class-widget-conditions.php:438)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Widget Visibility Control Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_ayudawp_wvc_dismiss_jetpack_noticeincludes\class-jetpack-migrator.php:29
authwp_ajax_ayudawp_wvc_clean_legacyincludes\class-settings.php:30
authwp_ajax_ayudawp_wvc_remigrateincludes\class-settings.php:31
WordPress Hooks 17
actionenqueue_block_editor_assetsincludes\class-block-editor.php:27
filterpre_render_blockincludes\class-block-editor.php:31
filterregister_block_type_argsincludes\class-block-editor.php:91
actionadmin_noticesincludes\class-jetpack-migrator.php:27
actionadmin_enqueue_scriptsincludes\class-jetpack-migrator.php:28
actionadmin_menuincludes\class-settings.php:27
actionadmin_initincludes\class-settings.php:28
actionadmin_enqueue_scriptsincludes\class-settings.php:29
actionin_widget_formincludes\class-widget-conditions.php:106
filterwidget_update_callbackincludes\class-widget-conditions.php:110
actionadmin_enqueue_scriptsincludes\class-widget-conditions.php:114
actionsidebar_admin_setupincludes\class-widget-conditions.php:115
filterwidget_display_callbackincludes\class-widget-conditions.php:121
filtersidebars_widgetsincludes\class-widget-conditions.php:122
actiontemplate_redirectincludes\class-widget-conditions.php:123
filterdoing_it_wrong_trigger_errorwidget-visibility-control.php:54
actionplugins_loadedwidget-visibility-control.php:114
Maintenance & Trust

Widget Visibility Control Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 19, 2026
PHP min version7.4
Downloads442

Community Trust

Rating100/100
Number of ratings2
Active installs60
Alternatives

Widget Visibility Control Alternatives

Widget Logic

Widget Logic

widget-logic

A
95

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

widget-options

B
83

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K 7 CVEs
Block Visibility — Conditional Visibility Control for the Block Editor

Block Visibility — Conditional Visibility Control for the Block Editor

block-visibility

A
100

Easily show or hide any WordPress block. Schedule block visibility. Restrict blocks to specific screen sizes, user roles, post types, and more.

40K No CVEs
Visibility Controls for Editor Blocks

Visibility Controls for Editor Blocks

visibility-controls-for-editor-blocks

A
100

Easily hide or show Gutenberg blocks on mobile, tablet, and desktop devices using customizable breakpoints for responsive design.

700 No CVEs
Wicked Block Conditions

Wicked Block Conditions

wicked-block-conditions

A
100

Show or hide blocks based on conditions.

700 No CVEs
Developer Profile

Widget Visibility Control Developer Profile

Fernando Tellado

21 plugins · 24K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Widget Visibility Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/widget-visibility-control/assets/js/editor.js/wp-content/plugins/widget-visibility-control/assets/css/editor.css
Script Paths
/wp-content/plugins/widget-visibility-control/assets/js/editor.js
Version Parameters
widget-visibility-control/assets/js/editor.js?ver=widget-visibility-control/assets/css/editor.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-conditions
JS Globals
ayudawp_wvc_conditions_data
REST Endpoints
/wp-json/wp/v2/block-renderer
FAQ

Frequently Asked Questions about Widget Visibility Control