Does amr shortcodes have any unpatched vulnerabilities?

Yes — amr shortcodes currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is amr shortcodes compatible with WordPress 5.7.15?

According to WordPress.org data, amr shortcodes 1.7 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is amr shortcodes updated?

amr shortcodes was last updated on May 9, 2021. Frequent updates are generally a positive security signal.

What is amr shortcodes's security score?

amr shortcodes has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

amr shortcodes Security & Risk Analysis

wordpress.org/plugins/amr-shortcodes

View the shortcodes available and used on your site, with links to the pages or posts that contain the shortcode text. Check if a page has a shortcode …

100 active installs v1.7 PHP + WP 4.0+ Updated May 9, 2021

shortcodeshortcodes

C · Use Caution

CVEs total1

Unpatched1

Last CVENov 18, 2024

Download

Safety Verdict

Is amr shortcodes Safe to Use in 2026?

Use With Caution

Score 64/100

amr shortcodes has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 18, 2024Updated 4yr ago

Risk Assessment

The 'amr-shortcodes' plugin v1.7 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries, including nonce and capability checks, and has a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, there are significant concerns. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user input could be used in an unsafe manner. Furthermore, only 27% of output escaping is properly done, which is a notable weakness and a common precursor to cross-site scripting vulnerabilities. The plugin's vulnerability history is also a cause for concern, with one medium-severity Cross-site Scripting (XSS) vulnerability being recently discovered and currently unpatched. This pattern suggests a recurring issue with input sanitization and output escaping, despite some efforts to implement security checks.

Key Concerns

Unpatched CVE
High severity taint flow (x2)
Low output escaping rate (27%)

Vulnerabilities

amr shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-52464medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

amr shortcodes <= 1.7 - Reflected Cross-Site Scripting

Nov 18, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

amr shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

27% escaped15 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

where_one_shortcode (amr_shortcodes.php:249)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

amr shortcodes Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuamr_shortcodes.php:24

actionplugins_loadedamr_shortcodes.php:278

actiontemplate_redirectamr_shortcodes.php:298

Maintenance & Trust

amr shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMay 9, 2021

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

amr shortcodes Alternatives

Column Shortcodes

column-shortcodes

Adds shortcodes to easily create columns in your posts or pages.

60K No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Futurio Extra

futurio-extra

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs

ND Shortcodes

nd-shortcodes

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …

20K 5 CVEs

Contact Form 7 Shortcode Enabler

contact-form-7-shortcode-enabler

This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.

10K No CVEs

Developer Profile

amr shortcodes Developer Profile

anmari

3 plugins · 320 total installs

trust score

Avg Security Score

70/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect amr shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/amr-shortcodes/amr-shortcodes.php/wp-content/plugins/amr-shortcodes/amr-shortcodes-admin.js/wp-content/plugins/amr-shortcodes/amr-shortcodes-admin.css

Script Paths

/wp-content/plugins/amr-shortcodes/amr-shortcodes-admin.js

Version Parameters

amr-shortcodes/amr-shortcodes-admin.css?ver=amr-shortcodes/amr-shortcodes-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wrapicon32

Data Attributes

data-shortcode-text

JS Globals

amr_shortcodes_admin_ajax_object

Shortcode Output

[]

FAQ