WP-Safety

WP Auto Reload Widgets Security & Risk Analysis

wordpress.org/plugins/wp-auto-reload-widgets

Wp Auto Reload Widgets plugin allow you to refresh all of widgets in period of time. Set time in seconds and automatically refresh.

100 active installs v10.0.5 PHP + WP 3.5+ Updated Jun 12, 2019
auto-reload-widgetsautoload-widgetsautomatic-widget-reloadautorefresh-text-widgetautorefresh-widgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Auto Reload Widgets Safe to Use in 2026?

Generally Safe

Score 85/100

WP Auto Reload Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "wp-auto-reload-widgets" plugin v10.0.5 exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and having a clean vulnerability history with no recorded CVEs, several concerning elements were identified during static analysis. The presence of a dangerous `unserialize` function, coupled with two taint flows with unsanitized paths and a significant percentage of improperly escaped output (82%), suggests potential weaknesses that could be exploited. Furthermore, one of its five AJAX handlers lacks authentication checks, creating a direct entry point for attackers. The outdated bundled Select2 library (v3.4.6) also represents a potential vulnerability vector if it contains known exploits.

Despite the absence of historical vulnerabilities, the identified code signals and taint analysis results warrant caution. The direct, unprotected AJAX handler is a critical concern, as is the use of `unserialize` without apparent sanitization, which can lead to remote code execution if exploited with malicious serialized data. The low percentage of properly escaped output also increases the risk of cross-site scripting (XSS) attacks. While the plugin has no recorded CVEs, indicating it hasn't been publicly exploited thus far, the current static analysis reveals potential entry points for attackers that should be addressed to maintain a strong security posture.

Key Concerns

  • AJAX handler without authentication check
  • Dangerous function: unserialize
  • High percentage of improperly escaped output
  • Taint flow with unsanitized path (High severity)
  • Taint flow with unsanitized path (High severity)
  • Bundled outdated library: Select2 v3.4.6
Vulnerabilities
None known

WP Auto Reload Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Auto Reload Widgets Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

WP Auto Reload Widgets Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
84
19 escaped
Nonce Checks
8
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$import_code = unserialize($import_code);admin-page-class/admin-page-class.php:3318

Bundled Libraries

Select23.4.6

Output Escaping

18% escaped103 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
import (admin-page-class/admin-page-class.php:3306)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Auto Reload Widgets Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_apc_delete_muploadadmin-page-class/admin-page-class.php:308
authwp_ajax_plupload_actionadmin-page-class/admin-page-class.php:314
authwp_ajax_at_delete_fileadmin-page-class/admin-page-class.php:1095
authwp_ajax_at_reorder_imagesadmin-page-class/admin-page-class.php:1096
authwp_ajax_at_delete_muploadadmin-page-class/admin-page-class.php:1098
WordPress Hooks 14
filterwidget_form_callbackWp-auto-reload-widget.php:15
filterwidget_update_callbackWp-auto-reload-widget.php:16
filterdynamic_sidebar_paramsWp-auto-reload-widget.php:17
actionwp_enqueue_scriptsWp-auto-reload-widget.php:20
actiontemplate_redirectadmin-page-class/admin-page-class.php:209
filterinitadmin-page-class/admin-page-class.php:210
actionadmin_menuadmin-page-class/admin-page-class.php:274
actionadmin_menuadmin-page-class/admin-page-class.php:278
filterattribute_escapeadmin-page-class/admin-page-class.php:305
actionadmin_print_stylesadmin-page-class/admin-page-class.php:376
actionpost_edit_form_tagadmin-page-class/admin-page-class.php:1075
filtermedia_upload_galleryadmin-page-class/admin-page-class.php:1090
filtermedia_upload_libraryadmin-page-class/admin-page-class.php:1091
filtermedia_upload_imageadmin-page-class/admin-page-class.php:1092
Maintenance & Trust

WP Auto Reload Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedJun 12, 2019
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings9
Active installs100
Alternatives

WP Auto Reload Widgets Alternatives

No alternatives data available yet.

Developer Profile

WP Auto Reload Widgets Developer Profile

Axepro

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Auto Reload Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-auto-reload-widgets/js/auto_reload.min.js
Script Paths
/wp-content/plugins/wp-auto-reload-widgets/js/auto_reload.min.js
Version Parameters
wp-auto-reload-widgets/js/auto_reload.min.js?ver=1.1

HTML / DOM Fingerprints

Data Attributes
id='widget-{$widget->id_base}-{$widget->number}-classes'
JS Globals
ab_reload
FAQ

Frequently Asked Questions about WP Auto Reload Widgets