Does Xolo Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in Xolo Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Xolo Widgets compatible with WordPress 5.4.19?

According to WordPress.org data, Xolo Widgets 1.0 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is Xolo Widgets compatible with PHP 5.6+?

Xolo Widgets requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Xolo Widgets updated?

Xolo Widgets was last updated on Nov 28, 2020. Frequent updates are generally a positive security signal.

What is Xolo Widgets's security score?

Xolo Widgets has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Xolo Widgets Security & Risk Analysis

wordpress.org/plugins/xolo-widgets

Xolo Widget gives you a collection of widgets in fastest way to add more widgets into your WordPress website.

0 active installs v1.0 PHP 5.6+ WP 5.0+ Updated Nov 28, 2020

contact-widgetsocial-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Xolo Widgets Safe to Use in 2026?

Generally Safe

Score 85/100

Xolo Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The xolo-widgets plugin v1.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL queries (all prepared), unescaped output, file operations, external HTTP requests, or nonce/capability checks indicates a well-developed and secure codebase. The taint analysis also reveals no critical or high-severity unsanitized flows, which is highly encouraging.

The vulnerability history is equally positive, with no recorded CVEs, indicating a lack of publicly known security flaws. This suggests that the developers have either been proactive in securing the plugin or have not yet attracted attention for security issues. The limited attack surface with zero unprotected entry points is a significant strength.

While the overall security is impressive, the complete lack of nonce and capability checks across all entry points, though currently unprotected, is a potential area for future risk if the attack surface expands or if the plugin's functionality evolves to include sensitive operations. However, given the current state, the plugin appears to be very secure.

Key Concerns

No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Xolo Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Xolo Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

168 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped175 total outputs

Attack Surface

Xolo Widgets Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwidgets_initclasses\class-xolo-widgets.php:46

actionwp_enqueue_scriptsclasses\class-xolo-widgets.php:47

actionadmin_enqueue_scriptsclasses\class-xolo-widgets.php:48

actionwp_enqueue_scriptsclasses\widgets\class-social-widget.php:19

actionadmin_enqueue_scriptsclasses\widgets\class-social-widget.php:20

Maintenance & Trust

Xolo Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedNov 28, 2020

PHP min version5.6

Downloads828

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Xolo Widgets Alternatives

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 1 unpatched

Fuse Social Floating Sidebar

fuse-social-floating-sidebar

This plugin allows you to add social media floating sidebar icons connected with your social media profiles.

10K 2 CVEs

WP Social Widget

wp-social-widget

A widget to add links of social networking sites.

4K 1 unpatched

Socials Ignited

socials-ignited

100

The Socials Ignited plugin gives you a widget, allowing you to display and link icons on your website of more than 50 social networks.

2K No CVEs

Easy Share Solution For WordPress

easy-share-solution

100

A powerful, easy-to-use WordPress social sharing plugin with modern share buttons, built-in analytics, and smooth dashboard integration.

1K No CVEs

Developer Profile

Xolo Widgets Developer Profile

Xolo Software

4 plugins · 210 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Xolo Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xolo-widgets/assets/css/widget.css/wp-content/plugins/xolo-widgets/assets/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/xolo-widgets/assets/js/main.js/wp-content/plugins/xolo-widgets/assets/css/admin.css/wp-content/plugins/xolo-widgets/assets/fonticonpicker/jquery.fonticonpicker.min.css/wp-content/plugins/xolo-widgets/assets/fonticonpicker/jquery.fonticonpicker.min.js

HTML / DOM Fingerprints

CSS Classes

mks_social_containermks-social-sortablemks_add_socialmks_social_clonemks-sw-iconiconPicker

Data Attributes

data-icondata-url

JS Globals

jQuery

FAQ