Does WP News – WordPress News / Magazine Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in WP News – WordPress News / Magazine Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP News – WordPress News / Magazine Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, WP News – WordPress News / Magazine Plugin 1.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP News – WordPress News / Magazine Plugin updated?

WP News – WordPress News / Magazine Plugin was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is WP News – WordPress News / Magazine Plugin's security score?

WP News – WordPress News / Magazine Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP News – WordPress News / Magazine Plugin Security & Risk Analysis

wordpress.org/plugins/wp-news-magazine

WP News is a elementor 14+ addons, 6+ WordPress Default widgets For WordPress.

300 active installs v1.2.2 PHP + WP 5.0+ Updated Dec 4, 2025

blogelementormagazinenewswordpress-news

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 28, 2023

Plugin page Download

Safety Verdict

Is WP News – WordPress News / Magazine Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

WP News – WordPress News / Magazine Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 28, 2023Updated 4mo ago

Risk Assessment

The wp-news-magazine plugin v1.2.2 exhibits a generally positive security posture based on the static analysis, with a notable absence of direct attack vectors like unprotected AJAX handlers, REST API routes, or shortcodes. The plugin also demonstrates good practices by using prepared statements for all SQL queries and implementing nonce and capability checks. However, the presence of the `create_function` dangerous function is a significant concern, as it can lead to arbitrary code execution if not handled with extreme care and robust input validation, even though no exploitable flows were found in the taint analysis for this version. The vulnerability history shows a past medium-severity CVE, which was a Cross-Site Request Forgery, indicating that the plugin has had exploitable vulnerabilities in the past. While there are currently no unpatched CVEs, this history suggests a need for ongoing vigilance and prompt patching of any future issues. Overall, the plugin has strengths in its limited attack surface and use of secure coding practices, but the `create_function` and past vulnerability history warrant careful consideration and monitoring.

Key Concerns

Dangerous function used (create_function)
Past medium severity CVE
Output escaping is not fully proper (74%)

Vulnerabilities

WP News – WordPress News / Magazine Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-0502medium · 4.3Cross-Site Request Forgery (CSRF)

WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation

Feb 28, 2023 Patched in 1.2.0 (639d)

Code Analysis

Analyzed Mar 16, 2026

WP News – WordPress News / Magazine Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

188

527 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');admin\include\class.settings-api.php:105

Output Escaping

74% escaped715 total outputs

Attack Surface

WP News – WordPress News / Magazine Plugin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actionadmin_enqueue_scriptsadmin\admin-init.php:7

actionadmin_initadmin\include\admin-setting.php:14

actionadmin_menuadmin\include\admin-setting.php:15

actioninitadmin\include\admin-setting.php:16

actionadmin_noticesadmin\include\admin_notice.php:15

actionplugins_loadedadmin\include\admin_notice.php:19

actionadmin_enqueue_scriptsadmin\include\class.settings-api.php:28

actionadmin_menuadmin\include\Recommended_Plugins.php:78

actionadmin_enqueue_scriptsadmin\include\Recommended_Plugins.php:79

actionelementor/initincludes\helpers_function.php:15

actioninitincludes\init.php:12

actionelementor/editor/after_enqueue_stylesincludes\init.php:13

actionelementor/frontend/after_enqueue_stylesincludes\init.php:14

actionelementor/frontend/after_enqueue_scriptsincludes\init.php:15

actionelementor/frontend/after_register_scriptsincludes\init.php:16

actionelementor/widgets/registerincludes\init.php:20

actionelementor/widgets/widgets_registeredincludes\init.php:22

actionwidgets_initincludes\widgets\author-info.php:237

actionwidgets_initincludes\widgets\company-info-widget.php:165

actionwidgets_initincludes\widgets\newsletter.php:93

actionwidgets_initincludes\widgets\recent-post.php:7

actionwidgets_initincludes\widgets\single-banner.php:125

actionwidgets_initincludes\widgets\video-popup.php:153

Maintenance & Trust

WP News – WordPress News / Magazine Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version

Downloads20K

Community Trust

Rating50/100

Number of ratings4

Active installs300

Alternatives

WP News – WordPress News / Magazine Plugin Alternatives

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

blockspare

Highly customizable Gutenberg blocks and starter templates to build blogs, magazines, and business websites. Create post grids, sliders, filters, and …

10K 6 CVEs

Nemesis All-in-One | Newspaper Builder Elementor Extention

nemesis-all-in-one

The Nemesis All-in-One addon for Elementor is the only one plugin for building blog post pages.

10 1 unpatched

Avid Elements – News Magazine & Blog Grid Layouts

avid-elements

Elementor Blog Grid Layout Widget for Magazine, Newspaper, Blogs.

0 No CVEs

Yasothon

yasothon-blocks

Yasothon is a cool plugin for the Pages editor that have many several blocks to custom your homepage. It is easy to use you just add block and select …

0 No CVEs

Gum Addon for Elementor

gum-elementor-addon

Offers inbuilt widgets for elementor that help to create design more attractive

50K 6 CVEs

Developer Profile

WP News – WordPress News / Magazine Plugin Developer Profile

HT Plugins

23 plugins · 64K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect WP News – WordPress News / Magazine Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-news-magazine/admin/assets/css/admin_optionspanel.css

Version Parameters

ht-magazine/style.css?ver=htnews-admin?ver=

HTML / DOM Fingerprints

CSS Classes

htmagazine-admin-wraphtmagazine-settings-page

Data Attributes

data-htmagazine-iddata-htmagazine-type

JS Globals

HTMagazine_Settings_APIHTMagazine_Admin_Setting

Shortcode Output

[ht-magazine-news-slider[ht-magazine-news-grid[ht-magazine-category-slider

FAQ