Does wp custom lists have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is wp custom lists compatible with WordPress 4.0.38?

According to WordPress.org data, wp custom lists 1.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is wp custom lists updated?

wp custom lists was last updated on Sep 18, 2014. Frequent updates are generally a positive security signal.

What is wp custom lists's security score?

wp custom lists has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wp custom lists Security & Risk Analysis

wordpress.org/plugins/wp-custom-lists

Create lists content by adding shortcode into pages, posts, custom types

10 active installs v1.0 PHP + WP 3.8+ Updated Sep 18, 2014

listlists

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is wp custom lists Safe to Use in 2026?

Generally Safe

Score 85/100

wp custom lists has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The wp-custom-lists v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, avoiding dangerous functions, and having no known vulnerabilities in its history. The plugin also has a limited attack surface with only one shortcode as an entry point and no unprotected AJAX or REST API endpoints. However, the static analysis reveals significant concerns regarding output escaping and taint analysis. The low percentage of properly escaped outputs suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data might be directly rendered in the frontend without proper sanitization. Furthermore, the presence of a high-severity taint flow with unsanitized paths indicates a potential pathway for malicious data to be processed in an insecure manner, which could lead to various security issues depending on the context of that flow. While there are no known CVEs, the identified code signals warrant caution.

Key Concerns

Low percentage of properly escaped output
High severity taint flow with unsanitized path
No capability checks on entry points

Vulnerabilities

None known

wp custom lists Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

wp custom lists Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

wp custom lists Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

16% escaped19 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<list-item-panel> (list-item-panel.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

wp custom lists Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[customlist] lists.php:61

WordPress Hooks 10

actioninitlists.php:36

actionadmin_menulists.php:38

actionadmin_initlists.php:40

actionsave_postlists.php:42

actionadmin_headlists.php:45

filtermce_external_languageslists.php:48

actionadmin_headlists.php:52

actionadmin_enqueue_scriptslists.php:55

filtermce_external_pluginslists.php:134

filtermce_buttonslists.php:135

Maintenance & Trust

wp custom lists Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedSep 18, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

wp custom lists Alternatives

MailChimp Forms by MailMunch

mailchimp-forms-by-mailmunch

MailChimp Forms to get more email subscribers. Subscribe your WordPress visitors to your MailChimp lists easily.

10K 5 CVEs

YourChannel: Everything you want in a YouTube plugin.

yourchannel

Setup beautiful YouTube feed streams with 1 copy paste & 2 clicks. Displays banner, uploads, playlists and more (All optional).

10K 9 CVEs

User Avatar

user-avatar

Provides a thumbnail area in Your Profile, for users to upload & crop new images in an overlay to be saved and stored to their profile.

4K 1 CVE

Simple Link List Widget

simple-link-list-widget

This plugin makes a widget available which allows you to add a simple link list (bulleted or numbered) to a sidebar.

2K 1 unpatched

WPJM Extra Fields

wpjm-extra-fields

Adds Salary and Important Information extra fields to WP Job Manager plugin. Both in the front-end for Job Submissions as well as in the back end for …

2K No CVEs

Developer Profile

wp custom lists Developer Profile

sevy29

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect wp custom lists

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-custom-lists/css/admin.css/wp-content/plugins/wp-custom-lists/js/admin.js/wp-content/plugins/wp-custom-lists/js/wp_list.js

Script Paths

/wp-content/plugins/wp-custom-lists/js/admin.js/wp-content/plugins/wp-custom-lists/js/wp_list.js

Version Parameters

wp-custom-lists/css/admin.css?ver=wp-custom-lists/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

list-blocklist-titlelist-content

Data Attributes

data-wp_list_tc_button

JS Globals

wplist_tinymce_custom_getValues$list_error_msg

Shortcode Output

<div class="list-block">
			  <a class="list-title" href="#">

<div class="list-content">

<div class="clearfix"></div>
			  </div>
			</div>

FAQ