Does WPMU Featured Blog Tag Cloud have any unpatched vulnerabilities?

No. All known vulnerabilities in WPMU Featured Blog Tag Cloud have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPMU Featured Blog Tag Cloud compatible with WordPress 3.0.5?

According to WordPress.org data, WPMU Featured Blog Tag Cloud 1.2.1 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is WPMU Featured Blog Tag Cloud updated?

WPMU Featured Blog Tag Cloud was last updated on Jul 12, 2010. Frequent updates are generally a positive security signal.

What is WPMU Featured Blog Tag Cloud's security score?

WPMU Featured Blog Tag Cloud has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPMU Featured Blog Tag Cloud Security & Risk Analysis

wordpress.org/plugins/wpmu-featured-blog-tag-cloud

A widget that allows for a custom tag cloud and creates a shortcode for using a tag cloud on a page.

10 active installs v1.2.1 PHP + WP 2.8+ Updated Jul 12, 2010

shortcodetagswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WPMU Featured Blog Tag Cloud Safe to Use in 2026?

Generally Safe

Score 85/100

WPMU Featured Blog Tag Cloud has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "wpmu-featured-blog-tag-cloud" plugin v1.2.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries and having no known vulnerabilities (CVEs) in its history. There are no external HTTP requests, file operations, or bundled libraries, which reduces potential attack vectors.

However, several areas raise significant concerns. The presence of a `create_function` call is a critical code signal, as this function is deprecated and can be a source of security vulnerabilities, especially if user-controlled input is involved. Furthermore, only 20% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on the single shortcode entry point is also a serious deficiency, potentially allowing unauthorized actions if the shortcode's functionality is sensitive.

The vulnerability history is a strength, showing no prior issues, which suggests a level of developer diligence. However, this should not be relied upon entirely, especially given the current code signals indicating potential weaknesses. The overall risk is moderate, with the primary concerns being the `create_function` usage and insufficient output escaping, coupled with a lack of proper authentication/authorization checks on its entry point.

Key Concerns

Dangerous function create_function used
Low percentage of properly escaped output
No nonce checks on shortcode entry point
No capability checks on shortcode entry point

Vulnerabilities

None known

WPMU Featured Blog Tag Cloud Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WPMU Featured Blog Tag Cloud Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("cets_widget_tag_cloud");'));cets_tag_cloud.php:259

Output Escaping

20% escaped60 total outputs

Attack Surface

WPMU Featured Blog Tag Cloud Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cets_tag_cloud] cets_tag_cloud.php:354

WordPress Hooks 1

actionwidgets_initcets_tag_cloud.php:259

Maintenance & Trust

WPMU Featured Blog Tag Cloud Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJul 12, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WPMU Featured Blog Tag Cloud Alternatives

Tags All In One

tags-all-in-one

Display a customizable tag cloud from selected taxonomies with various sorting and styling options.

100 No CVEs

WPMU Featured Blog Widget

wpmu-featured-blog-widget

A widget that allows you to pull recent posts from another blog within the WPMU Site.

10 No CVEs

Widget Logic

widget-logic

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Developer Profile

WPMU Featured Blog Tag Cloud Developer Profile

DeannaS

7 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WPMU Featured Blog Tag Cloud

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpmu-featured-blog-tag-cloud/cets_tag_cloud.php

HTML / DOM Fingerprints

Data Attributes

for="cets_tag_cloud-title"id="cets_tag_cloud-title"name="cets_tag_cloud-title"for="cets_tag_cloud-blogid"id="cets_tag_cloud-blogid"name="cets_tag_cloud-blogid"+30 more

Shortcode Output

<p class="more"><a href="

FAQ