Workbox Nasdaq XML News Reader Plugin Security & Risk Analysis
wordpress.org/plugins/workbox-nasdaq-xml-news-readerAllows to import NASDAQ news feed and show it on your Wordpress site.
Is Workbox Nasdaq XML News Reader Plugin Safe to Use in 2026?
Generally Safe
Score 85/100Workbox Nasdaq XML News Reader Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "workbox-nasdaq-xml-news-reader" plugin version 1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements. It also has a very small attack surface, with only one shortcode entry point and no identified AJAX handlers or REST API routes without proper checks. The absence of known vulnerabilities in its history is also a strong indicator of its current stability. However, significant concerns arise from the code analysis. The presence of the `create_function` dangerous function is a notable risk, as it can be exploited for code injection. Furthermore, the fact that 50% of output is not properly escaped means there is a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is outputted directly. The taint analysis revealing two flows with unsanitized paths, though not classified as critical or high severity, still points to potential weaknesses in how data is handled, especially when combined with the file operations and lack of capability checks.
Key Concerns
- Dangerous function create_function used
- Half of outputs are not properly escaped
- Taint flows with unsanitized paths found
- No nonce checks on entry points
- No capability checks on entry points
- File operations present without clear sanitization
Workbox Nasdaq XML News Reader Plugin Security Vulnerabilities
Workbox Nasdaq XML News Reader Plugin Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Workbox Nasdaq XML News Reader Plugin Attack Surface
Shortcodes 1
WordPress Hooks 10
Maintenance & Trust
Workbox Nasdaq XML News Reader Plugin Maintenance & Trust
Maintenance Signals
Community Trust
Workbox Nasdaq XML News Reader Plugin Alternatives
XML Sitemap Generator for Google
google-sitemap-generator
Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.
Hostinger Reach – AI-Powered Email Marketing for WordPress
hostinger-reach
Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.
MC4WP: Mailchimp for WordPress
mailchimp-for-wp
The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.
MailPoet – Newsletters, Email Marketing, and Automation
mailpoet
Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more
Creative Mail – Easier WordPress & WooCommerce Email Marketing
creative-mail-by-constant-contact
Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …
Workbox Nasdaq XML News Reader Plugin Developer Profile
3 plugins · 410 total installs
How We Detect Workbox Nasdaq XML News Reader Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/workbox-nasdaq-xml-news-reader/css/style.cssWorkbox Nasdaq XML News Reader Plugin. v1.0workbox-nasdaq-xml-news-reader/css/style.css?ver=HTML / DOM Fingerprints
name="wb_xml_news_user_id"name="wb_xml_news_items_amount"name="wb_xml_news_cache_minutes"name="wb_xml_news_read_all"value="WorkboxNewsXMLoptionsUpdate2"[workbox_xml_news