Does BeerXML Shortcode have any unpatched vulnerabilities?

No. All known vulnerabilities in BeerXML Shortcode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BeerXML Shortcode compatible with WordPress 6.8.5?

According to WordPress.org data, BeerXML Shortcode 0.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is BeerXML Shortcode updated?

BeerXML Shortcode was last updated on Apr 29, 2025. Frequent updates are generally a positive security signal.

What is BeerXML Shortcode's security score?

BeerXML Shortcode has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BeerXML Shortcode Security & Risk Analysis

wordpress.org/plugins/beerxml-shortcode

Automatically insert and display beer recipes by linking to a BeerXML document.

100 active installs v0.8 PHP + WP 3.4+ Updated Apr 29, 2025

beerbeerxmlhomebrewrecipeshortcode

A · Safe

CVEs total1

Unpatched0

Last CVEApr 24, 2025

Plugin page Download

Safety Verdict

Is BeerXML Shortcode Safe to Use in 2026?

Generally Safe

Score 99/100

BeerXML Shortcode has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 24, 2025Updated 11mo ago

Risk Assessment

The "beerxml-shortcode" plugin v0.8 exhibits a generally good security posture based on the static analysis, with no critical or high-severity taint flows detected and a high percentage of properly escaped outputs. The attack surface is minimal, with only one shortcode entry point and no unprotected AJAX handlers or REST API routes. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its profile.

However, a significant concern is the single SQL query which is not using prepared statements. This presents a potential risk for SQL injection, especially if user-supplied data is directly incorporated into this query. Additionally, the lack of nonce checks and capability checks on its entry points means that any logic executed by the shortcode could potentially be triggered by any authenticated user, regardless of their role or intended permissions. The historical vulnerability of Server-Side Request Forgery (SSRF) is also a notable pattern, even though it is currently patched. This suggests a past weakness in handling external resources or user-controlled input that could lead to such vulnerabilities.

In conclusion, while the plugin has strengths in its limited attack surface and output escaping, the unescaped SQL query and lack of proper authorization checks on the shortcode present notable weaknesses that require attention. The historical SSRF vulnerability also warrants ongoing vigilance and review of how external data is handled.

Key Concerns

SQL queries not using prepared statements
No nonce checks on entry points
No capability checks on entry points
Past medium severity SSRF vulnerability

Vulnerabilities

BeerXML Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-46511medium · 6.4Server-Side Request Forgery (SSRF)

BeerXML Shortcode <= 0.7.1 - Authenticated (Contributor+) Server-Side Request Forgery

Apr 24, 2025 Patched in 0.8 (8d)

Code Analysis

Analyzed Mar 16, 2026

BeerXML Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

93% escaped27 total outputs

Attack Surface

BeerXML Shortcode Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[beerxml] beerxml-shortcode.php:55

WordPress Hooks 5

actioninitbeerxml-shortcode.php:22

actioninitbeerxml-shortcode.php:23

actionadmin_menuincludes\admin.php:13

actionadmin_initincludes\admin.php:14

filterupload_mimesincludes\mime.php:12

Maintenance & Trust

BeerXML Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 29, 2025

PHP min version

Downloads7K

Community Trust

Rating98/100

Number of ratings9

Active installs100

Alternatives

BeerXML Shortcode Alternatives

Beer Directory

beer-directory

Enables a beer post type and beer list shortcode.

30 No CVEs

Mailchimp Food-Cook Subscribe

mailchimp-subscribe-for-food-cook-theme

This makes easy, the setup of a website's newsletter subscription widget and modal popup. Best used in food and cook recipe theme or woothemes.

10 No CVEs

Cocktail Recipes

cocktail-recipes

100

Elegant, structured cocktail recipe rendering using a simple shortcode, with automatic formatting and unit conversion.

0 No CVEs

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A comprehensive collection of visual components for your site

400K 32 CVEs

MW WP Form

mw-wp-form

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, …

200K 5 CVEs

Developer Profile

BeerXML Shortcode Developer Profile

Derek Springer

2 plugins · 200 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect BeerXML Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/beerxml-shortcode/css/beerxml.css/wp-content/plugins/beerxml-shortcode/js/beerxml.js

Script Paths

/wp-content/plugins/beerxml-shortcode/js/beerxml.js

Version Parameters

beerxml-shortcode/css/beerxml.css?ver=beerxml-shortcode/js/beerxml.js?ver=

HTML / DOM Fingerprints

CSS Classes

beerxml-actuals

HTML Comments

Data Attributes

recipecachemetricdownloadstylemash+4 more

Shortcode Output

<tr class='beerxml-actuals'><th><td></table>

FAQ