WP-Safety

Arconix Shortcodes Security & Risk Analysis

wordpress.org/plugins/arconix-shortcodes

Arconix Shortcodes provides a number of useful design elements like buttons, boxes, tabs and toggles to help compliment any website.

4K active installs v2.1.20 PHP + WP 4.3+ Updated Mar 27, 2026
arconixbuttonsshortcodestabstoggle
72
B · Generally Safe
CVEs total10
Unpatched1
Last CVEDec 1, 2025
Plugin page Download
Safety Verdict

Is Arconix Shortcodes Safe to Use in 2026?

Mostly Safe

Score 72/100

Arconix Shortcodes is generally safe to use. 10 past CVEs were resolved.

10 known CVEs 1 unpatched Last CVE: Dec 1, 2025Updated 1mo ago
Risk Assessment

The Arconix Shortcodes plugin version 2.1.19 presents a mixed security posture. On the positive side, static analysis indicates a small attack surface with no identified shortcodes, cron events, or REST API routes, and the single AJAX handler appears to have authentication checks. SQL queries are exclusively using prepared statements, and there are no file operations or bundled libraries to worry about. Taint analysis also reveals no critical or high severity flows with unsanitized paths.

However, significant concerns arise from the plugin's vulnerability history. A substantial number of past CVEs (10 in total) indicate a recurring pattern of security weaknesses. The presence of one currently unpatched vulnerability, specifically a medium severity Cross-site Scripting (XSS) or Missing Authorization issue, is a critical red flag. Furthermore, the output escaping is only properly implemented in 60% of cases, leaving a considerable portion of output potentially vulnerable to XSS attacks. The 2 external HTTP requests also warrant scrutiny, as their implementation and handling of external data could introduce vulnerabilities.

In conclusion, while the plugin demonstrates some good security practices in its current code structure, the extensive history of vulnerabilities and the unpatched CVE strongly suggest a need for caution. The unescaped output further contributes to the risk profile. Users should prioritize addressing the unpatched vulnerability and consider the potential risks associated with the remaining unescaped output.

Key Concerns

  • Unpatched CVE
  • Medium severity vulnerability history (10)
  • Output escaping only 60% properly
  • External HTTP requests
Vulnerabilities
10 published

Arconix Shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
5 CVEs in 2024
2024
4 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
10

10 total CVEs

CVE-2025-13835medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 1, 2025Unpatched
CVE-2025-66085medium · 4.3Missing Authorization

Arconix Shortcodes <= 2.1.18 - Missing Authorization

Oct 30, 2025 Patched in 2.1.19 (27d)
CVE-2025-49858medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 12, 2025 Patched in 2.1.18 (6d)
CVE-2025-47673medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.16 - Reflected Cross-Site Scripting

May 16, 2025 Patched in 2.1.17 (28d)
CVE-2025-24621medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.15 - Reflected Cross-Site Scripting

Dec 30, 2024 Patched in 2.1.16 (114d)
CVE-2024-56242medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 2.1.15 (10d)
CVE-2024-10226medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

Oct 29, 2024 Patched in 2.1.14 (1d)
CVE-2024-9703medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 17, 2024 Patched in 2.1.13 (1d)
CVE-2024-38769medium · 5.3Missing Authorization

Arconix Shortcodes <= 2.1.11 - Missing Authorization

Jul 19, 2024 Patched in 2.1.12 (7d)
CVE-2023-23703medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Apr 24, 2023 Patched in 2.1.8 (274d)
Version History

Arconix Shortcodes Release Timeline

v2.1.20Current1 CVE
CVE-2025-13835
v2.1.191 CVE
CVE-2025-13835
v2.1.182 CVEs
CVE-2025-66085 CVE-2025-13835
v2.1.173 CVEs
CVE-2025-49858 CVE-2025-66085 CVE-2025-13835
v2.1.164 CVEs
CVE-2025-49858 CVE-2025-47673 CVE-2025-66085 +1 more
v2.1.155 CVEs
CVE-2025-49858 CVE-2025-47673 CVE-2025-66085 +2 more
v2.1.146 CVEs
CVE-2025-49858 CVE-2025-47673 CVE-2025-66085 +3 more
v2.1.137 CVEs
CVE-2025-49858 CVE-2025-47673 CVE-2025-66085 +4 more
v2.1.128 CVEs
CVE-2025-49858 CVE-2025-47673 CVE-2025-66085 +5 more
v2.1.119 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2025-47673 +6 more
v2.1.109 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2025-47673 +6 more
v2.1.99 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2025-47673 +6 more
v2.1.89 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2025-47673 +6 more
v2.1.710 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
v2.1.610 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
v2.1.510 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
v2.1.410 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
v2.1.310 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
v2.1.210 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
v2.1.110 CVEs
CVE-2025-49858 CVE-2024-38769 CVE-2023-23703 +7 more
Code Analysis
Analyzed Mar 16, 2026

Arconix Shortcodes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
35
53 escaped
Nonce Checks
6
Capability Checks
4
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

60% escaped88 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
ts_tracking_actions (includes\component\tracking-data\ts-tracking.php:321)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Arconix Shortcodes Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_ts_submit_uninstall_reasonincludes\component\deactivate-survey-popup\class-ts-deactivation.php:50
WordPress Hooks 22
actionadmin_footerincludes\component\deactivate-survey-popup\class-ts-deactivation.php:49
actionadmin_menuincludes\component\faq-support\ts-faq-support.php:99
actionadmin_headincludes\component\faq-support\ts-faq-support.php:100
actionadmin_noticesincludes\component\tracking-data\ts-tracking.php:107
actionadmin_footerincludes\component\tracking-data\ts-tracking.php:108
filtercron_schedulesincludes\component\tracking-data\ts-tracking.php:111
actionadmin_initincludes\component\tracking-data\ts-tracking.php:115
actionadmin_initincludes\component\welcome-page\ts-welcome.php:95
actionadmin_initincludes\component\welcome-page\ts-welcome.php:100
actionadmin_menuincludes\component\welcome-page\ts-welcome.php:102
actionadmin_headincludes\component\welcome-page\ts-welcome.php:103
actionadmin_initincludes\component\welcome-page\ts-welcome.php:107
actioninitplugin.php:52
actionadd_meta_boxesplugin.php:53
actionwp_enqueue_scriptsplugin.php:54
actionadmin_enqueue_scriptsplugin.php:55
filterwidget_textplugin.php:61
actioninitplugin.php:66
filterts_deativate_plugin_questionsplugin.php:67
filterts_tracker_dataplugin.php:68
filterts_tracker_opt_out_dataplugin.php:69
actionadmin_initplugin.php:70
Maintenance & Trust

Arconix Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 27, 2026
PHP min version
Downloads140K

Community Trust

Rating92/100
Number of ratings24
Active installs4K
Alternatives

Arconix Shortcodes Alternatives

Meks Flexible Shortcodes

Meks Flexible Shortcodes

meks-flexible-shortcodes

A
97

Add some cool elements to your post/page content with flexible shortcodes.

10K 3 CVEs
WP Shortcode by MyThemeShop

WP Shortcode by MyThemeShop

wp-shortcode

A
85

WP Shortcode is a premium WP plugin for free, that provides easy to use over 24 shortcodes. You can easily add buttons, alerts, videos and more.

10K 1 CVE
Rescue Shortcodes

Rescue Shortcodes

rescue-shortcodes

A
95

A lightweight WordPress shortcodes plugin.

1K 5 CVEs
Shortcode Revolution

Shortcode Revolution

shortcode-revolution

A
85

Shortcode everything. The low code / no code tool for WordPress developers, designers, and power users. /*** This program is free software: you can &hellip;

20 No CVEs
PixCodes

PixCodes

pixcodes

A
85

PixCodes offers you a nice interface to add shortcodes into editor.

8K 1 CVE
Developer Profile

Arconix Shortcodes Developer Profile

tychesoftwares

20 plugins · 159K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
219 days
View full developer profile
Detection Fingerprints

How We Detect Arconix Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/arconix-shortcodes/includes/jquery.tools.min.js/wp-content/plugins/arconix-shortcodes/includes/css/font-awesome.min.css/wp-content/plugins/arconix-shortcodes/includes/arconix-shortcodes.js/wp-content/plugins/arconix-shortcodes/includes/arconix-shortcodes.min.js/wp-content/plugins/arconix-shortcodes/includes/css/arconix-shortcodes.css/wp-content/plugins/arconix-shortcodes/includes/css/arconix-shortcodes.min.css
Script Paths
/wp-content/plugins/arconix-shortcodes/includes/jquery.tools.min.js/wp-content/plugins/arconix-shortcodes/includes/arconix-shortcodes.js/wp-content/plugins/arconix-shortcodes/includes/arconix-shortcodes.min.js
Version Parameters
arconix-shortcodes/includes/jquery.tools.min.js?ver=arconix-shortcodes/includes/css/font-awesome.min.css?ver=arconix-shortcodes/includes/arconix-shortcodes.js?ver=arconix-shortcodes/includes/arconix-shortcodes.min.js?ver=arconix-shortcodes/includes/css/arconix-shortcodes.css?ver=arconix-shortcodes/includes/css/arconix-shortcodes.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
arconix-accordionsac-accordionsac-tabac-tabsac-tabs-navac-tabs-contentarconix-buttonac-button+27 more
HTML Comments
<!-- End Arconix Shortcodes --><!-- Initialize Arconix Shortcodes --><!-- END Arconix Tabs -->
Data Attributes
data-plugin-namedata-plugin-versiondata-plugin-authordata-plugin-uridata-ac-sliderdata-ac-tooltip+1 more
JS Globals
arconix_shortcodes
Shortcode Output
<div class="arconix-accordions"><div class="ac-accordions"><div class="ac-tab"><div class="ac-tabs">
FAQ

Frequently Asked Questions about Arconix Shortcodes