Does Widgetize Pages Light have any unpatched vulnerabilities?

Yes — Widgetize Pages Light currently has 3 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Widgetize Pages Light compatible with WordPress 5.9.13?

According to WordPress.org data, Widgetize Pages Light 3.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Widgetize Pages Light updated?

Widgetize Pages Light was last updated on May 7, 2022. Frequent updates are generally a positive security signal.

What is Widgetize Pages Light's security score?

Widgetize Pages Light has a WP-Safety security score of 30/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widgetize Pages Light Security & Risk Analysis

wordpress.org/plugins/widgetize-pages-light

Drop widgets in page or post content area. Widgetized pages. Build your custom Responsive page layout in no time. No coding, easy and fun!

3K active installs v3.0 PHP + WP 3.0+ Updated May 7, 2022

custom-sidebarsidebarwidgetize-pagewidgetswidgets-in-page

D · High Risk

CVEs total3

Unpatched3

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is Widgetize Pages Light Safe to Use in 2026?

High Risk

Score 30/100

Widgetize Pages Light carries significant security risk with 3 known CVEs, 3 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 3 unpatched Last CVE: Sep 5, 2025Updated 3yr ago

Risk Assessment

The widgetize-pages-light v3.0 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and includes some nonce and capability checks, significant concerns arise from its attack surface and code signals. A large number of AJAX handlers (15) are exposed without any authentication checks, creating a broad entry point for potential malicious activity. The presence of the dangerous `unserialize` function, coupled with a taint flow identified with unsanitized paths, raises red flags for potential remote code execution or data manipulation vulnerabilities. Furthermore, only 46% of output is properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities.

The plugin's vulnerability history, with 3 currently unpatched medium severity CVEs related to CSRF and XSS, strongly suggests recurring security weaknesses. The recurrence of these vulnerability types, combined with the static analysis findings of unprotected AJAX handlers and poor output escaping, paints a picture of a plugin that has struggled with secure development practices. While the use of prepared statements for SQL is a positive, it is overshadowed by the numerous other identified risks. The plugin presents a moderate to high risk due to the combination of a large unprotected attack surface, insecure function usage, and a history of unpatched vulnerabilities.

Key Concerns

Unprotected AJAX handlers
Dangerous function 'unserialize'
Unsanitized path taint flow
Insufficient output escaping (46% proper)
Unpatched CVEs (3 medium)
Bundled library 'Select2'

Vulnerabilities

Widgetize Pages Light Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-58805medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Widgetize Pages Light <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched

CVE-2025-30995medium · 6.1Cross-Site Request Forgery (CSRF)

Widgetize Pages Light <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Jun 5, 2025Unpatched

CVE-2025-22313medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Widgetize Pages Light <= 3.0 - Reflected Cross-Site Scripting

Jan 6, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Widgetize Pages Light Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize( urldecode( $value ) );include\otw_components\otw_functions\otw_functions.php:600

unserialize$templates_array = unserialize( $templates );include\otw_components\otw_grid_manager\otw_grid_manager.class.php:172

unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager\otw_grid_manager.class.php:354

unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager\otw_grid_manager.class.php:384

unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager\otw_grid_manager.class.php:421

unserialize$templates_array = unserialize( $templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:172

unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:354

unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:384

unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:421

Bundled Libraries

Select2

Output Escaping

46% escaped137 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

build_meta_box (include\otw_components\otw_grid_manager\otw_grid_manager.class.php:157)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

Widgetize Pages Light Attack Surface

Entry Points18

Unprotected15

AJAX Handlers 15

authwp_ajax_otw_grid_manager_column_dialoginclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:64

authwp_ajax_otw_grid_manager_save_templateinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:65

authwp_ajax_otw_grid_manager_delete_templateinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:66

authwp_ajax_otw_grid_manager_load_templateinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:67

authwp_ajax_otw_grid_manager_column_dialoginclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:64

authwp_ajax_otw_grid_manager_save_templateinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:65

authwp_ajax_otw_grid_manager_delete_templateinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:66

authwp_ajax_otw_grid_manager_load_templateinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:67

authwp_ajax_otw_shortcode_editor_dialoginclude\otw_components\otw_shortcode\otw_shortcode.class.php:166

authwp_ajax_otw_shortcode_get_codeinclude\otw_components\otw_shortcode\otw_shortcode.class.php:167

authwp_ajax_otw_shortcode_live_previewinclude\otw_components\otw_shortcode\otw_shortcode.class.php:168

authwp_ajax_otw_shortcode_live_reloadinclude\otw_components\otw_shortcode\otw_shortcode.class.php:169

authwp_ajax_otw_shortcode_preview_shortcodesinclude\otw_components\otw_shortcode\otw_shortcode.class.php:170

authwp_ajax_otw_shortcode_preview_front_shortcodesinclude\otw_components\otw_shortcode\otw_shortcode.class.php:171

authwp_ajax_otw_wpl_shortcode_editor_dialogotw_sidebar_manager.php:166

Shortcodes 3

[otw_shortcode_grid_column] include\otw_components\otw_grid_manager\otw_grid_manager.class.php:70

[otw_shortcode_grid_column] include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:70

[otw_is] otw_sidebar_manager.php:162

WordPress Hooks 31

actionadmin_menuinclude\otw_components\otw_factory\otw_factory.class.php:34

actionadmin_print_stylesinclude\otw_components\otw_factory\otw_factory.class.php:36

actionadmin_noticesinclude\otw_components\otw_factory\otw_factory.class.php:38

filterpre_set_site_transient_update_pluginsinclude\otw_components\otw_factory\otw_factory.class.php:40

filterplugins_apiinclude\otw_components\otw_factory\otw_factory.class.php:42

actionwp_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:90

actionadmin_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:94

filterthe_contentinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:71

filterthe_contentinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:72

filterthe_contentinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:73

actionadd_meta_boxesinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:100

actionsave_postinclude\otw_components\otw_grid_manager\otw_grid_manager.class.php:101

filterthe_contentinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:71

filterthe_contentinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:72

filterthe_contentinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:73

actionadd_meta_boxesinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:100

actionsave_postinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:101

actionadmin_footerinclude\otw_components\otw_shortcode\otw_shortcode.class.php:164

filtermce_external_pluginsinclude\otw_components\otw_shortcode\otw_shortcode.class.php:175

filtermce_buttonsinclude\otw_components\otw_shortcode\otw_shortcode.class.php:176

actionwp_footerinclude\otw_components\otw_shortcode\otw_shortcode.class.php:185

filtermce_external_pluginsinclude\otw_functions.php:129

filtermce_buttonsinclude\otw_functions.php:130

actionplugins_loadedotw_sidebar_manager.php:148

actionadmin_menuotw_sidebar_manager.php:152

actionadmin_noticesotw_sidebar_manager.php:153

filtersidebars_widgetsotw_sidebar_manager.php:154

filterotwfcr_noticeotw_sidebar_manager.php:155

actionadmin_enqueue_scriptsotw_sidebar_manager.php:160

actionadmin_print_stylesotw_sidebar_manager.php:161

actioninitotw_sidebar_manager.php:171

Maintenance & Trust

Widgetize Pages Light Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMay 7, 2022

PHP min version

Downloads258K

Community Trust

Rating84/100

Number of ratings32

Active installs3K

Alternatives

Widgetize Pages Light Alternatives

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

custom-sidebars

Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!

100K 3 CVEs

Lightweight Sidebar Manager

sidebar-manager

100

Create new sidebar areas and display them conditionally on certain pages. Works with all themes.

90K 1 CVE

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE

Simple Page Sidebars

simple-page-sidebars

Easily assign custom, widget-enabled sidebars to any page.

20K No CVEs

Widgets on Pages

widgets-on-pages

The easiest and highest rated way to Add Widgets or Sidebars to Posts and Pages using Visual editor, shortcodes or template tags.

20K 1 CVE

Developer Profile

Widgetize Pages Light Developer Profile

OTWthemes

12 plugins · 6K total installs

trust score

Avg Security Score

66/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Widgetize Pages Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widgetize-pages-light/css/otw_sbm_admin.css

HTML / DOM Fingerprints

CSS Classes

otw-wpl-admin-page

Data Attributes

data-otw-plugin-id

JS Globals

OTW_WPL

Shortcode Output

[otw_is]

FAQ

Widgetize Pages Light Security & Risk Analysis

Is Widgetize Pages Light Safe to Use in 2026?

High Risk

Key Concerns

Widgetize Pages Light Security Vulnerabilities

CVEs by Year

Severity Breakdown

Widgetize Pages Light Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Widgetize Pages Light Attack Surface

AJAX Handlers 15

Shortcodes 3

Widgetize Pages Light Maintenance & Trust

Maintenance Signals

Community Trust

Widgetize Pages Light Alternatives

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

Lightweight Sidebar Manager

Content Aware Sidebars – Fastest Widget Area Plugin

Simple Page Sidebars

Widgets on Pages

Widgetize Pages Light Developer Profile

How We Detect Widgetize Pages Light

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Widgetize Pages Light