Does wp_list_pages tweaks have any unpatched vulnerabilities?

No. All known vulnerabilities in wp_list_pages tweaks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is wp_list_pages tweaks compatible with WordPress 3.2.1?

According to WordPress.org data, wp_list_pages tweaks 1.0 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is wp_list_pages tweaks updated?

wp_list_pages tweaks was last updated on Jul 16, 2011. Frequent updates are generally a positive security signal.

What is wp_list_pages tweaks's security score?

wp_list_pages tweaks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wp_list_pages tweaks Security & Risk Analysis

wordpress.org/plugins/wp-list-pages-tweaks

Remove links for parent-items, add a is-parent class and/or add the parent-item to the submenu.

10 active installs v1.0 PHP + WP 2.0.2+ Updated Jul 16, 2011

wp_list_pages

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is wp_list_pages tweaks Safe to Use in 2026?

Generally Safe

Score 85/100

wp_list_pages tweaks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "wp-list-pages-tweaks" v1.0 plugin exhibits a mixed security posture. On one hand, the static analysis shows an absence of dangerous functions, SQL injection vulnerabilities through prepared statements, file operations, and external HTTP requests. The attack surface is also reported as zero entry points, which is a strong positive sign. However, a significant concern arises from the complete lack of output escaping, indicating that all 30 identified output points are potentially vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks across the board is a major security weakness, as it implies that any potential entry points, if they were to exist, would be entirely unprotected against unauthorized actions or privilege escalation. The vulnerability history is clean, with no known CVEs, which is positive but doesn't mitigate the risks identified in the current code analysis. The plugin's strengths lie in its avoidance of common backend vulnerabilities, but its critical deficiency in output sanitization and lack of any authentication checks on its code present substantial risks.

Key Concerns

0% properly escaped output
0 nonce checks
0 capability checks

Vulnerabilities

None known

wp_list_pages tweaks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

wp_list_pages tweaks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped30 total outputs

Attack Surface

wp_list_pages tweaks Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filterwp_list_pageswp-list-pages-tweaks.php:61

actionadmin_menuwp-list-pages-tweaks.php:71

Maintenance & Trust

wp_list_pages tweaks Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedJul 16, 2011

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

wp_list_pages tweaks Alternatives

Children Pages

children-pages

Displays children pages of the current top-parent page in a sidebar widget.

100 No CVEs

Simply Hide Pages

simply-hide-pages

Easy way to hide some pages from wp_list_pages output.

90 No CVEs

CleanCodeNZ Exclude Pages Plugin

cleancode-exclude-pages

This is a plugin to hide pages from navigation and/or search results using custom fields, parent and child pages are supported too

20 No CVEs

CC-List-Posts

cc-list-posts

This plugin adds similar to wp_list_pages, missing function and shortcode wp_list_posts with pagination support.

10 No CVEs

Delink Pages

delink-pages

This plugin will allow you to specify certain pages to not be linked when wp_list_pages() is used in a theme.

10 No CVEs

Developer Profile

wp_list_pages tweaks Developer Profile

Hiranthi

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect wp_list_pages tweaks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

is-parentdupl-parent

HTML Comments

Desc: add option 'wp_list_pages_tweaks'Desc: add the tweaks to wp_list_pagesDesc: add wp_list_pages tweaks to the admin menuDesc: admin page+1 more

Data Attributes

name="parent_in_submenu"name="remove_parent_link"name="isparent_class"id="parent_in_submenu"id="remove_parent_link"id="isparent_class"

FAQ