Does Wikipedia Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Wikipedia Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wikipedia Widget compatible with WordPress 4.2.39?

According to WordPress.org data, Wikipedia Widget 0.13.12 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is Wikipedia Widget updated?

Wikipedia Widget was last updated on May 13, 2015. Frequent updates are generally a positive security signal.

What is Wikipedia Widget's security score?

Wikipedia Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wikipedia Widget Security & Risk Analysis

wordpress.org/plugins/wikipedia-widget

Shows a simple Ajax based Wikipedia search-formular and the results for the current post/page title or default keywords.

10 active installs v0.13.12 PHP + WP 3.5+ Updated May 13, 2015

knowledgesearchsidebarwidgetwikipedia

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wikipedia Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Wikipedia Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "wikipedia-widget" plugin v0.13.12 exhibits a concerning security posture primarily due to its unprotected entry points. While the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding file operations and bundled libraries, the presence of two AJAX handlers without any authentication or capability checks creates a significant attack surface. This means any authenticated user, regardless of their role or permissions, could potentially trigger these handlers, leading to unintended actions or information disclosure.

The static analysis also flags the use of the "create_function" dangerous function, which is a known security risk due to its ability to execute arbitrary code. While taint analysis found no specific unsanitized paths, the absence of proper output escaping for a substantial portion of the plugin's output (83%) is a clear vulnerability. This could lead to Cross-Site Scripting (XSS) attacks, where malicious scripts are injected into the user's browser.

Adding to the concerns, the plugin lacks nonce checks on its AJAX handlers, further exacerbating the risk of unauthorized actions. The complete absence of recorded vulnerabilities in its history might suggest it hasn't been extensively targeted or audited, but this should not be mistaken for inherent security. The combination of unprotected AJAX handlers, the dangerous "create_function", and insufficient output escaping presents a high risk, outweighing the positive aspects of its SQL handling.

Key Concerns

Unprotected AJAX handlers
Dangerous function create_function
Insufficient output escaping
Missing nonce checks on AJAX

Vulnerabilities

None known

Wikipedia Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Wikipedia Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "wikipedia_widget" );' ) );wikipedia-widget.php:236

Output Escaping

17% escaped36 total outputs

Attack Surface

2 unprotected

Wikipedia Widget Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wikipedia_requestwikipedia-widget.php:36

noprivwp_ajax_wikipedia_requestwikipedia-widget.php:37

WordPress Hooks 2

actionwp_enqueue_scriptswikipedia-widget.php:33

actionwidgets_initwikipedia-widget.php:236

Maintenance & Trust

Wikipedia Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedMay 13, 2015

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings1

Active installs10

Alternatives

Wikipedia Widget Alternatives

Search by Google

search-google

Search by Google widget.

100 1 unpatched

Live Search Popup

live-search-popup

Spotlight (tm) like live search with an ajax popup

40 No CVEs

Enhanced Search Form

enhanced-search-form

Enhance wordpress search form to allow searching posts in certain category(s), month archive(s) or tag(s).

30 No CVEs

Multiple Category Search Storm

search-storm

Search Storm allows you to search for an article by combining multiple categories

10 No CVEs

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

custom-sidebars

Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!

100K 3 CVEs

Developer Profile

Wikipedia Widget Developer Profile

asimeon

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Wikipedia Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wikipedia-widget/style.css/wp-content/plugins/wikipedia-widget/script.js

Script Paths

/wp-content/plugins/wikipedia-widget/script.js

Version Parameters

wikipedia-widget/style.css?ver=wikipedia-widget/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wikipedia_widget-search_formwikipedia_widget-searchwikipedia_widget-default_searchwikipedia_widget-loaderwikipedia_widget-result

Data Attributes

wikipedia_widget-searchwikipedia_widget-default_searchwikipedia_widget-loaderwikipedia_widget-resultwikipedia_widget-search_form

JS Globals

wikipedia_widget_script

REST Endpoints

/wp-json/wikipedia_widget/v1/search

FAQ