Does WP Anywhere Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Anywhere Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Anywhere Widgets compatible with WordPress 6.8.5?

According to WordPress.org data, WP Anywhere Widgets 4.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Anywhere Widgets updated?

WP Anywhere Widgets was last updated on May 27, 2025. Frequent updates are generally a positive security signal.

What is WP Anywhere Widgets's security score?

WP Anywhere Widgets has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Anywhere Widgets Security & Risk Analysis

wordpress.org/plugins/wp-anywhere-widgets

Create and display widgets anywhere on your site with WP Anywhere Widgets—simple, flexible, and code-free!

700 active installs v4.0 PHP + WP 3.3+ Updated May 27, 2025

easy-widgetshortcodesimple-widgetwidgetwidget-shortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Anywhere Widgets Safe to Use in 2026?

Generally Safe

Score 100/100

WP Anywhere Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "wp-anywhere-widgets" v4.0 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates excellent adherence to security best practices, with a complete absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests. Furthermore, it incorporates robust security measures such as nonce and capability checks, and nearly all output is properly escaped, significantly mitigating common web vulnerabilities.

Concerns are minimal. While the plugin has only one AJAX handler, the analysis indicates it does not require authentication, which is a potential risk. However, the absence of taint analysis results suggesting unsanitized paths or vulnerabilities in its limited attack surface provides some reassurance. The plugin's clean vulnerability history with zero recorded CVEs is a significant positive indicator of its secure development and maintenance.

Overall, the plugin's strengths in secure coding practices and lack of historical vulnerabilities outweigh the minor concern of an unprotected AJAX handler. This suggests a well-maintained and secure plugin, though vigilance regarding the unprotected entry point is still advised.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

WP Anywhere Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Anywhere Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped51 total outputs

Attack Surface

WP Anywhere Widgets Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wpaw_preview_widgetincludes\class-wp-anywhere-widgets.php:26

WordPress Hooks 5

actionadmin_menuincludes\class-wp-anywhere-widgets.php:22

actionadmin_bar_menuincludes\class-wp-anywhere-widgets.php:23

actionadmin_enqueue_scriptsincludes\class-wp-anywhere-widgets.php:24

actionin_widget_formincludes\class-wp-anywhere-widgets.php:25

actionadmin_menuincludes\class-wp-anywhere-widgets.php:27

Maintenance & Trust

WP Anywhere Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 27, 2025

PHP min version

Downloads5K

Community Trust

Rating96/100

Number of ratings4

Active installs700

Alternatives

WP Anywhere Widgets Alternatives

Shortcodes In Widgets

shortcodes-in-widgets

Use this plugin to display output in a widget using a shortcode.

100 No CVEs

K-Dev Widget Shortcode

k-dev-widget-shortcode

You can use Shortcode In Widget and you can use [widget_shortcode_test] for test in this plugin.

0 No CVEs

Orufy Connect

orufy-connect

100

Seamlessly connect your WordPress site and WooCommerce store with Orufy Connect’s chatbot and WhatsApp automation.

0 No CVEs

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Developer Profile

WP Anywhere Widgets Developer Profile

Yudiz Solutions Pvt. Ltd.

14 plugins · 6K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

59 days

View full developer profile

Detection Fingerprints

How We Detect WP Anywhere Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-anywhere-widgets/assets/css/admin.css/wp-content/plugins/wp-anywhere-widgets/admin/admin-styles.css/wp-content/plugins/wp-anywhere-widgets/assets/js/admin.js

Script Paths

/wp-content/plugins/wp-anywhere-widgets/assets/js/admin.js

Version Parameters

wp-anywhere-widgets/assets/css/admin.css?ver=wp-anywhere-widgets/admin/admin-styles.css?ver=wp-anywhere-widgets/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

widget-shortcodesidebar-shortcodewidget-shortcode-title

HTML Comments

WP Anywhere Widget: /WP Anywhere Widget

Data Attributes

data-widget-shortcode-wrap

JS Globals

wpaw_ajax

Shortcode Output

<div class="widget-shortcode<div class="widget-shortcode sidebar-shortcode<h3 class="widget-shortcode-title">

FAQ