Does Widgets on Pages have any unpatched vulnerabilities?

No. All known vulnerabilities in Widgets on Pages have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Widgets on Pages compatible with WordPress 6.7.0?

According to WordPress.org data, Widgets on Pages 1.9.0 has been tested up to WordPress 6.7.0. Check the plugin's changelog for the latest compatibility information.

How often is Widgets on Pages updated?

Widgets on Pages was last updated on Nov 13, 2024. Frequent updates are generally a positive security signal.

What is Widgets on Pages's security score?

Widgets on Pages has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widgets on Pages Security & Risk Analysis

wordpress.org/plugins/widgets-on-pages

The easiest and highest rated way to Add Widgets or Sidebars to Posts and Pages using Visual editor, shortcodes or template tags.

20K active installs v1.9.0 PHP + WP 2.8+ Updated Nov 13, 2024

pagessidebarwidgetswidgets-in-pagewidgets-in-post

A · Safe

CVEs total1

Unpatched0

Last CVEJan 17, 2023

Plugin page Download

Safety Verdict

Is Widgets on Pages Safe to Use in 2026?

Generally Safe

Score 92/100

Widgets on Pages has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 17, 2023Updated 1yr ago

Risk Assessment

The "widgets-on-pages" plugin version 1.9.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks on its entry points. There are no observed critical or high severity taint flows, nor are there any file operations or external HTTP requests, which generally reduce the risk of complex vulnerabilities. The absence of bundled outdated libraries, apart from Freemius which is a common licensing SDK, is also a positive indicator.

However, significant concerns remain due to the presence of an unprotected AJAX handler. This represents a direct entry point for potential attacks that can be executed without proper authentication, making it a prime target for malicious actors. Furthermore, the low percentage of properly escaped output (20%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, which could allow attackers to inject malicious scripts into pages managed by the plugin. The plugin also has a history of medium-severity vulnerabilities, specifically related to XSS, indicating a recurring pattern that warrants attention.

In conclusion, while "widgets-on-pages" demonstrates some commendable security measures, the unprotected AJAX handler and widespread output escaping deficiencies create substantial risks. The plugin's past vulnerability history reinforces the need for careful security auditing and prompt patching. Addressing the unauthenticated AJAX endpoint and improving output escaping are critical steps to enhance the plugin's overall security.

Key Concerns

Unprotected AJAX handler
Low output escaping percentage
Medium severity XSS vulnerability history

Vulnerabilities

Widgets on Pages Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-4488medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 17, 2023 Patched in 1.7.0 (371d)

Code Analysis

Analyzed Mar 16, 2026

Widgets on Pages Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCEFreemius1.0

Output Escaping

20% escaped20 total outputs

Attack Surface

1 unprotected

Widgets on Pages Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_twd_cpt_listadmin\class-widgets-on-pages-admin.php:73

authwp_ajax_wop_maybe_insert_with_headerincludes\class-functions.php:85

Shortcodes 1

[widgets_on_pages] public\class-widgets-on-pages-public.php:56

WordPress Hooks 22

filterplugin_row_metaadmin\class-widgets-on-pages-admin.php:58

actionadmin_menuadmin\class-widgets-on-pages-admin.php:64

actionadmin_initadmin\class-widgets-on-pages-admin.php:65

actionwidgets_initadmin\class-widgets-on-pages-admin.php:66

actionadmin_menuadmin\class-widgets-on-pages-admin.php:67

actionload-post.phpadmin\class-widgets-on-pages-admin.php:69

actionadmin_headadmin\class-widgets-on-pages-admin.php:72

actionadmin_footeradmin\class-widgets-on-pages-admin.php:74

actionadd_meta_boxesadmin\class-widgets-on-pages-admin.php:77

actionadd_meta_boxesadmin\class-widgets-on-pages-admin.php:214

filtermce_external_pluginsadmin\class-widgets-on-pages-admin.php:598

filtermce_buttonsadmin\class-widgets-on-pages-admin.php:599

actionplugins_loadedincludes\class-widgets-on-pages.php:144

actionadmin_enqueue_scriptsincludes\class-widgets-on-pages.php:159

actionadmin_enqueue_scriptsincludes\class-widgets-on-pages.php:160

actioninitincludes\class-widgets-on-pages.php:161

actionwp_enqueue_scriptsincludes\class-widgets-on-pages.php:176

actionwp_enqueue_scriptsincludes\class-widgets-on-pages.php:177

filterthe_contentpublic\class-widgets-on-pages-public.php:59

filtercustom-headerpublic\class-widgets-on-pages-public.php:60

filterconnect_message_on_updatewidgets_on_pages.php:77

actionplugins_loadedwidgets_on_pages.php:124

Maintenance & Trust

Widgets on Pages Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0

Last updatedNov 13, 2024

PHP min version

Downloads670K

Community Trust

Rating94/100

Number of ratings161

Active installs20K

Alternatives

Widgets on Pages Alternatives

Widgetize Pages Light

widgetize-pages-light

Drop widgets in page or post content area. Widgetized pages. Build your custom Responsive page layout in no time. No coding, easy and fun!

3K 3 unpatched

Per Page Sidebars

per-page-sidebars

The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.

1K No CVEs

Per Page Widgets

per-page-widgets

Control widget areas on a per-page / per-post basis.

300 No CVEs

Galaxius Custom Sidebars

galaxius-custom-sidebars

100

Allows quick creation of unique sidebars for posts, pages and categories.

10 No CVEs

DynaSide – Sidebars Dinâmicas por Página

dynaside-sidebars-dinamicas-por-pagina

100

Create dynamic sidebars and assign widgets per page using an intuitive editor panel or a centralized management screen.

0 No CVEs

Developer Profile

Widgets on Pages Developer Profile

toddhalfpenny

9 plugins · 21K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

371 days

View full developer profile

Detection Fingerprints

How We Detect Widgets on Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widgets-on-pages/admin/css/widgets-on-pages-admin.css/wp-content/plugins/widgets-on-pages/admin/js/widgets-on-pages-admin.js/wp-content/plugins/widgets-on-pages/public/css/widgets-on-pages-public.css/wp-content/plugins/widgets-on-pages/public/js/widgets-on-pages-public.js

Script Paths

/wp-content/plugins/widgets-on-pages/admin/js/widgets-on-pages-admin.js/wp-content/plugins/widgets-on-pages/public/js/widgets-on-pages-public.js

Version Parameters

widgets-on-pages/admin/css/widgets-on-pages-admin.css?ver=widgets-on-pages/admin/js/widgets-on-pages-admin.js?ver=widgets-on-pages/public/css/widgets-on-pages-public.css?ver=widgets-on-pages/public/js/widgets-on-pages-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

wop-widget-select

HTML Comments

+2 more

Data Attributes

data-wop-meta

JS Globals

WOP_AdminWOP_Public

REST Endpoints

/wp-json/widgets-on-pages/v1/get-widget-data

FAQ