WP-Safety

AnnunciFunebri Security & Risk Analysis

wordpress.org/plugins/annuncifunebri-onoranza

Display funeral announcements from annuncifunebri.it on your website for funeral homes using this service.

100 active installs v4.8.3 PHP + WP 4.0+ Updated Feb 23, 2026
annuncifunebri-itfuneral-homepagepostshortcode
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 12, 2025
Download
Safety Verdict

Is AnnunciFunebri Safe to Use in 2026?

Generally Safe

Score 99/100

AnnunciFunebri has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 12, 2025Updated 1mo ago
Risk Assessment

The "annuncifunebri-onoranza" v4.8.3 plugin demonstrates a generally good security posture with robust practices in place. The high percentage of properly escaped outputs and the exclusive use of prepared statements for SQL queries are positive indicators. The absence of critical or high severity taint flows, along with no identified flows with unsanitized paths, suggests that common injection vulnerabilities are well-mitigated.

However, a notable concern exists with the REST API. One route is exposed without a permission callback, creating an unprotected entry point. While the static analysis did not reveal critical taint flows stemming from this, the lack of authorization on a REST API endpoint is a significant risk, as it could potentially be exploited by unauthenticated users if sensitive operations are exposed. The plugin also utilizes a "dangerous function" (preg_replace(/e)), which, if not handled with extreme care, can lead to code execution vulnerabilities.

The vulnerability history shows a single medium severity CVE, which is now patched. This indicates that while past vulnerabilities have existed, they have been addressed. The common vulnerability type being "Missing Authorization" aligns with the observed unprotected REST API route. Overall, the plugin has strengths in its data handling but requires immediate attention to its REST API security.

Key Concerns

  • Unprotected REST API route
  • Use of dangerous function (preg_replace(/e))
  • Bundled library (Select2)
Vulnerabilities
1

AnnunciFunebri Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-14447medium · 4.3Missing Authorization

AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion

Dec 12, 2025 Patched in 4.7.1 (105d)
Code Analysis
Analyzed Mar 16, 2026

AnnunciFunebri Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
57
2835 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
14
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/efunctions.inc.php:949

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped2892 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
<annuncio> (annuncio.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

AnnunciFunebri Attack Surface

Entry Points5
Unprotected1

REST API Routes 1

GET/wp-json/annfu/versionfunctions.inc.php:630

Shortcodes 4

[ANNFU_ANNUNCI] functions.inc.php:504
[ANNFU_ULTIMI_ANNUNCI] functions.inc.php:522
[ANNFU_ANNUNCIO] functions.inc.php:540
[ANNFU_DIRETTA] functions.inc.php:558
WordPress Hooks 60
actioninitannuncifunebri-onoranza.php:53
actionadd_meta_boxesannuncifunebri-onoranza.php:56
actionsave_postannuncifunebri-onoranza.php:57
filtermanage_annfu_el_template_posts_columnsannuncifunebri-onoranza.php:60
actionmanage_annfu_el_template_posts_custom_columnannuncifunebri-onoranza.php:61
actionquick_edit_custom_boxannuncifunebri-onoranza.php:64
actionsave_postannuncifunebri-onoranza.php:65
actionadmin_footerannuncifunebri-onoranza.php:66
actionelementor/loadedannuncifunebri-onoranza.php:69
actionelementor/initannuncifunebri-onoranza.php:73
filterelementor/utils/get_public_post_typesannuncifunebri-onoranza.php:78
actionwp_logoutannuncifunebri-onoranza.php:86
actionwp_loginannuncifunebri-onoranza.php:87
actionend_session_actionannuncifunebri-onoranza.php:88
actioninitannuncifunebri-onoranza.php:90
actioninitannuncifunebri-onoranza.php:91
actioninitannuncifunebri-onoranza.php:92
actioninitannuncifunebri-onoranza.php:94
filtercron_schedulesannuncifunebri-onoranza.php:95
actioninitannuncifunebri-onoranza.php:97
actionwp_headannuncifunebri-onoranza.php:101
filterquery_varsannuncifunebri-onoranza.php:102
actiontemplate_redirectannuncifunebri-onoranza.php:104
actionrest_api_initannuncifunebri-onoranza.php:105
filteraioseo_conflicting_shortcodesannuncifunebri-onoranza.php:107
filteraioseo_disable_title_rewritesannuncifunebri-onoranza.php:108
filteraioseo_facebook_tagsannuncifunebri-onoranza.php:109
filteraioseo_canonical_urlannuncifunebri-onoranza.php:110
filteraioseo_twitter_tagsannuncifunebri-onoranza.php:111
filterpre_get_document_titleannuncifunebri-onoranza.php:113
filterscript_loader_tagannuncifunebri-onoranza.php:114
filterrobots_txtannuncifunebri-onoranza.php:115
actioninitannuncifunebri-onoranza.php:117
actioninitannuncifunebri-onoranza.php:118
actioninitannuncifunebri-onoranza.php:119
actioninitannuncifunebri-onoranza.php:120
actionwp_body_openannuncifunebri-onoranza.php:122
actionwp_footerannuncifunebri-onoranza.php:123
actionwidgets_initannuncifunebri-onoranza.php:126
actionadmin_menuannuncifunebri-onoranza.php:129
actionadmin_initannuncifunebri-onoranza.php:130
actionadmin_enqueue_scriptsannuncifunebri-onoranza.php:131
actionadmin_action_annfu_reset_optionsannuncifunebri-onoranza.php:132
actionupgrader_process_completeannuncifunebri-onoranza.php:136
filterpre_get_document_titlefunctions.inc.php:96
actionadmin_menufunctions.inc.php:715
filterpre_update_option_annfu_templatefunctions.inc.php:930
filterrun_wptexturizeincludes\elementor\class-annfu-elementor.php:67
actioninitincludes\elementor\class-annfu-elementor.php:70
actionadd_meta_boxesincludes\elementor\class-annfu-elementor.php:71
actionsave_postincludes\elementor\class-annfu-elementor.php:72
actionelementor/elements/categories_registeredincludes\elementor\class-annfu-elementor.php:75
actionelementor/widgets/registerincludes\elementor\class-annfu-elementor.php:80
actionelementor/widgets/widgets_registeredincludes\elementor\class-annfu-elementor.php:81
actionelementor/editor/after_enqueue_stylesincludes\elementor\class-annfu-elementor.php:84
actionelementor/frontend/after_enqueue_stylesincludes\elementor\class-annfu-elementor.php:85
actionelementor/editor/after_enqueue_scriptsincludes\elementor\class-annfu-elementor.php:86
actionelementor/frontend/after_register_scriptsincludes\elementor\class-annfu-elementor.php:87
filtermanage_annfu_el_template_posts_columnsincludes\elementor\class-annfu-elementor.php:90
actionmanage_annfu_el_template_posts_custom_columnincludes\elementor\class-annfu-elementor.php:91

Scheduled Events 1

annfu_create_sitemap
Maintenance & Trust

AnnunciFunebri Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version
Downloads21K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

AnnunciFunebri Alternatives

Display Posts – Easy lists, grids, navigation, and more

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

A
92

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs
Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Posts in Page

Posts in Page

posts-in-page

B
84

Easily add one or more posts to any page using simple shortcodes.

10K 1 CVE
Disable Author Pages

Disable Author Pages

disable-author-pages

A
85

Disable the author pages

6K No CVEs
Menu In Post

Menu In Post

menu-in-post

B
78

A simple but flexible plugin to allow the use of menus in posts and pages.

2K 1 unpatched
Developer Profile

AnnunciFunebri Developer Profile

pcantoni

1 plugin · 100 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
105 days
View full developer profile
Detection Fingerprints

How We Detect AnnunciFunebri

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/annuncifunebri-onoranza/css/annunci.css/wp-content/plugins/annuncifunebri-onoranza/css/owl.carousel.min.css/wp-content/plugins/annuncifunebri-onoranza/css/owl.theme.default.min.css/wp-content/plugins/annuncifunebri-onoranza/js/annunci.js/wp-content/plugins/annuncifunebri-onoranza/js/owl.carousel.min.js
Script Paths
/wp-content/plugins/annuncifunebri-onoranza/js/annunci.js/wp-content/plugins/annuncifunebri-onoranza/js/owl.carousel.min.js
Version Parameters
annuncifunebri-onoranza/css/annunci.css?ver=annuncifunebri-onoranza/css/owl.carousel.min.css?ver=annuncifunebri-onoranza/css/owl.theme.default.min.css?ver=annuncifunebri-onoranza/js/annunci.js?ver=annuncifunebri-onoranza/js/owl.carousel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
annuncifunebri-el-widget-wrapper
JS Globals
annunci_data
REST Endpoints
/wp-json/annuncifunebri-onoranza/v1/get_annunci
Shortcode Output
[ANNFU_ANNUNCI][ANNFU_ANNUNCIO][ANNFU_DIRETTA][ANNFU_ULTIMI_ANNUNCI]
FAQ

Frequently Asked Questions about AnnunciFunebri