WP-Safety

WP-jScrollPane Security & Risk Analysis

wordpress.org/plugins/wp-jscrollpane

This plugin gives support for the jQuery plugin, jScrollPane.

90 active installs v2.0.3 PHP + WP 2.0+ Updated Feb 16, 2012
custom-scrollbarsjqueryjscrollpanescrollbars
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 7, 2025
Plugin page Download
Safety Verdict

Is WP-jScrollPane Safe to Use in 2026?

Use With Caution

Score 63/100

WP-jScrollPane has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 7, 2025Updated 14yr ago
Risk Assessment

The wp-jscrollpane v2.0.3 plugin exhibits a concerning security posture due to a combination of insecure coding practices and a history of vulnerabilities. While the plugin utilizes prepared statements for SQL queries and includes nonce checks, the complete lack of output escaping and the presence of unprotected AJAX handlers are significant weaknesses. The fact that all analyzed output is unescaped presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the taint analysis identified a flow with an unsanitized path, which, although not classified as critical or high, still warrants attention. The plugin's vulnerability history, including a currently unpatched medium severity CVE for XSS, reinforces these concerns. The presence of an unpatched vulnerability and the demonstrated insecurity in handling output strongly suggest that this plugin poses a considerable risk to WordPress installations.

Key Concerns

  • Unpatched CVE (Medium Severity)
  • Output escaping: 0% properly escaped
  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Dangerous functions: unserialize
  • Capability checks: 0
Vulnerabilities
1

WP-jScrollPane Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49062medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-jScrollPane <= 2.0.3 - Reflected Cross-Site Scripting

Aug 7, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

WP-jScrollPane Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
6
0 escaped
Nonce Checks
2
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$form_options = unserialize( $form_options );wp-jscrollpane.php:134
unserializewhile( $opts != is_array($opts) ) $opts = unserialize($opts);wp-jscrollpane.php:546

Bundled Libraries

Select2

Output Escaping

0% escaped6 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
wpjsp_generate_scrollpane (wp-jscrollpane.php:577)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP-jScrollPane Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_getthemeswp-jscrollpane.php:37
authwp_ajax_gethtmlwp-jscrollpane.php:38
WordPress Hooks 3
actionadmin_initwp-jscrollpane.php:29
actionadmin_menuwp-jscrollpane.php:34
actioninitwp-jscrollpane.php:45
Maintenance & Trust

WP-jScrollPane Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedFeb 16, 2012
PHP min version
Downloads11K

Community Trust

Rating100/100
Number of ratings1
Active installs90
Alternatives

WP-jScrollPane Alternatives

VR jScrollPane Shortcode

VR jScrollPane Shortcode

vr-jscrollpane-shortcode

A
85

A simple short code for inserting jScrollPane content in any WordPress post or page.

70 No CVEs
Enable jQuery Migrate Helper

Enable jQuery Migrate Helper

enable-jquery-migrate-helper

B
71

Get information about calls to deprecated jQuery features in plugins or themes.

90K 1 unpatched
Animate It!

Animate It!

animate-it

A
98

Add cool CSS3 animations to your content.

30K 4 CVEs
jQuery Updater

jQuery Updater

jquery-updater

A
100

This plugin updates jQuery to the latest stable version on your website.

20K No CVEs
Scroll To Top

Scroll To Top

scroll-top

A
85

Automatically adds a flexible Back to Top button to your WordPress website that allows your visitor to scroll back to the top of your page with one cl &hellip;

20K 1 CVE
Developer Profile

WP-jScrollPane Developer Profile

cornfeed

1 plugin · 90 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP-jScrollPane

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-jscrollpane/js/admin.js/wp-content/plugins/wp-jscrollpane/css/admin.css/wp-content/plugins/wp-jscrollpane/js/jquery.colorpicker.min.js/wp-content/plugins/wp-jscrollpane/css/jquery.colorpicker.min.css
Script Paths
/wp-content/plugins/wp-jscrollpane/js/admin.js/wp-content/plugins/wp-jscrollpane/js/jquery.colorpicker.min.js
Version Parameters
wp-jscrollpane/js/admin.js?ver=wp-jscrollpane/css/admin.css?ver=wp-jscrollpane/js/jquery.colorpicker.min.js?ver=wp-jscrollpane/css/jquery.colorpicker.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpjsp-wrapwpjsp-errorswpjsp-addwpjsp-tipswpjsp-scrollbars
HTML Comments
<!-- When testing while logged-in, the Wordpress Admin Bar changes the whole-page behavior. Log-out and it will work fine. --><!-- "H" for Horizontal bar. "V" for Vertical bar. All sizes are in pixels (px) --><!-- I need someone to re-make this form's html to be displayed on normal 1024x768, with the appropriate styles included --><!-- The "WinXP" theme does not work yet. It was included so I could maybe get someone to help with it, and another called "OSX" -->+1 more
Data Attributes
id="wpjsp-wrap"id="wpjsp-errors"id="wpjsp-add"id="wpjsp-form"id="wpjsp-tips"id="mousewheel"+5 more
JS Globals
window.jQuery
FAQ

Frequently Asked Questions about WP-jScrollPane