Does ZPP Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in ZPP Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ZPP Widget compatible with WordPress 4.4.34?

According to WordPress.org data, ZPP Widget 0.74 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is ZPP Widget updated?

ZPP Widget was last updated on Mar 18, 2016. Frequent updates are generally a positive security signal.

What is ZPP Widget's security score?

ZPP Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZPP Widget Security & Risk Analysis

wordpress.org/plugins/zpp-widget

Widget losujący okładki dla Złotego Programu Partnerskiego wydawnictwa Złote Myśli.

10 active installs v0.74 PHP + WP 3.0.0+ Updated Mar 18, 2016

ppprogram-partnerskizppzlote-mysli

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ZPP Widget Safe to Use in 2026?

Generally Safe

Score 85/100

ZPP Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "zpp-widget" plugin version 0.74 demonstrates a generally good security posture, particularly in its handling of SQL queries and lack of known vulnerabilities. The static analysis indicates a minimal attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the absence of critical or high severity taint flows suggests that user input is being handled cautiously. The plugin also appears to perform file operations and make external HTTP requests, which are common functionalities.

However, a significant concern arises from the complete lack of proper output escaping (0% properly escaped). This is a critical weakness, as it opens the door to Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by the plugin without proper sanitization could be exploited. The lack of nonce checks is also a point of concern, especially in conjunction with the lack of output escaping, as it could facilitate certain types of attacks if any sensitive actions were present. While the plugin has no recorded vulnerability history, the lack of output escaping presents a serious potential for future issues.

In conclusion, the "zpp-widget" plugin exhibits strengths in its limited attack surface and secure SQL practices. However, the critical deficiency in output escaping represents a substantial security risk that requires immediate attention. The absence of historical vulnerabilities is positive but does not mitigate the immediate threat posed by unescaped output.

Key Concerns

No output escaping found
No nonce checks found

Vulnerabilities

None known

ZPP Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ZPP Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped61 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

zppwidget_plugin_options (zpp-widget.php:550)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ZPP Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionwidgets_initzpp-widget.php:33

actionwp_print_styleszpp-widget.php:34

actionadmin_menuzpp-widget.php:521

Maintenance & Trust

ZPP Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedMar 18, 2016

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ZPP Widget Alternatives

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 42 CVEs

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.

3.0M 3 CVEs

Code Snippets

code-snippets

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

Developer Profile

ZPP Widget Developer Profile

Kalmang

2 plugins · 10K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

2394 days

View full developer profile

Detection Fingerprints

How We Detect ZPP Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zpp-widget/css/zpp-plugin.css

HTML / DOM Fingerprints

CSS Classes

zpp_widgetzpp_coverzpp_product_titlezpp_product_authorzpp_product_pricezpp_buy_now

Data Attributes

id="zpp-widget"

FAQ