Wp Content Layout Security & Risk Analysis

wordpress.org/plugins/wp-content-layout

Simple WordPress layout plugin, with the help of this plugin you can create a layout for your content and easily can display on your page or post.

10 active installs v1.0 PHP + WP 3.0.1+ Updated Sep 13, 2015
columncustom-layoutlayoutresponsive-columnwpcolumn
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Wp Content Layout Safe to Use in 2026?

Generally Safe

Score 85/100

Wp Content Layout has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "wp-content-layout" v1.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface, with only one shortcode identified as an entry point and no AJAX handlers, REST API routes, or cron events that require authentication checks. Furthermore, the plugin demonstrates good practices by using prepared statements for all SQL queries and avoiding file operations and external HTTP requests. However, significant concerns arise from the lack of proper output escaping, with 0% of outputs being correctly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data could be injected into the page's output.

The taint analysis reveals that all analyzed flows involve unsanitized paths, although no critical or high severity issues were flagged. This, combined with the complete absence of nonce checks and capability checks, suggests that user-supplied data is not being adequately validated or authorized before being processed, potentially leading to unintended actions or information disclosure. The vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past security diligence or simply a lack of past discovery. However, the current code quality issues, particularly the unescaped output and lack of authorization checks, present immediate risks that are not reflected in the historical data.

In conclusion, while the plugin's minimal attack surface and use of prepared statements are strengths, the pervasive lack of output escaping and the absence of security checks like nonces and capability checks represent critical weaknesses. These vulnerabilities could be exploited to execute arbitrary JavaScript in the context of a user's session, making it essential to address these code quality issues promptly to improve the plugin's overall security.

Key Concerns

  • 0% output escaping
  • No nonce checks
  • No capability checks
  • Unsanitized paths in taint flows
Vulnerabilities
None known

Wp Content Layout Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Wp Content Layout Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Wp Content Layout Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
33
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped33 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wcl_wpcontentlayout_add_layout (layout.php:36)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Wp Content Layout Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[wcl_wp_content_layout] layout.php:570
WordPress Hooks 1
actionadmin_menulayout.php:14
Maintenance & Trust

Wp Content Layout Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedSep 13, 2015
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

Wp Content Layout Developer Profile

sujit

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wp Content Layout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-content-layout/css/style.css/wp-content/plugins/wp-content-layout/css/gridcss.css/wp-content/plugins/wp-content-layout/js/box.js
Script Paths
/wp-content/plugins/wp-content-layout/js/box.js

HTML / DOM Fingerprints

CSS Classes
main_container_topcol3sel_imagemain_containercol12title_boxinner_textlayout_button+4 more
Data Attributes
onclick="return getValue(1)"onclick="return getValue(2)"onclick="return getValue(3)"onclick="return getValue(4)"
JS Globals
getValue
FAQ

Frequently Asked Questions about Wp Content Layout