BeerXML Shortcode Security & Risk Analysis
wordpress.org/plugins/beerxml-shortcodeAutomatically insert and display beer recipes by linking to a BeerXML document.
Is BeerXML Shortcode Safe to Use in 2026?
Generally Safe
Score 91/100BeerXML Shortcode has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "beerxml-shortcode" plugin v0.8 exhibits a generally good security posture based on the static analysis, with no critical or high-severity taint flows detected and a high percentage of properly escaped outputs. The attack surface is minimal, with only one shortcode entry point and no unprotected AJAX handlers or REST API routes. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its profile.
However, a significant concern is the single SQL query which is not using prepared statements. This presents a potential risk for SQL injection, especially if user-supplied data is directly incorporated into this query. Additionally, the lack of nonce checks and capability checks on its entry points means that any logic executed by the shortcode could potentially be triggered by any authenticated user, regardless of their role or intended permissions. The historical vulnerability of Server-Side Request Forgery (SSRF) is also a notable pattern, even though it is currently patched. This suggests a past weakness in handling external resources or user-controlled input that could lead to such vulnerabilities.
In conclusion, while the plugin has strengths in its limited attack surface and output escaping, the unescaped SQL query and lack of proper authorization checks on the shortcode present notable weaknesses that require attention. The historical SSRF vulnerability also warrants ongoing vigilance and review of how external data is handled.
Key Concerns
- SQL queries not using prepared statements
- No nonce checks on entry points
- No capability checks on entry points
- Past medium severity SSRF vulnerability
BeerXML Shortcode Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
BeerXML Shortcode <= 0.7.1 - Authenticated (Contributor+) Server-Side Request Forgery
BeerXML Shortcode Release Timeline
BeerXML Shortcode Code Analysis
SQL Query Safety
Output Escaping
BeerXML Shortcode Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
BeerXML Shortcode Maintenance & Trust
Maintenance Signals
Community Trust
BeerXML Shortcode Alternatives
Beer Directory
beer-directory
Enables a beer post type and beer list shortcode.
Mailchimp Food-Cook Subscribe
mailchimp-subscribe-for-food-cook-theme
This makes easy, the setup of a website's newsletter subscription widget and modal popup. Best used in food and cook recipe theme or woothemes.
Cocktail Recipes
cocktail-recipes
Elegant, structured cocktail recipe rendering using a simple shortcode, with automatic formatting and unit conversion.
WP Shortcodes Plugin — Shortcodes Ultimate
shortcodes-ultimate
A comprehensive collection of visual components for your site
MW WP Form
mw-wp-form
MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, …
BeerXML Shortcode Developer Profile
2 plugins · 200 total installs
How We Detect BeerXML Shortcode
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/beerxml-shortcode/css/beerxml.css/wp-content/plugins/beerxml-shortcode/js/beerxml.js/wp-content/plugins/beerxml-shortcode/js/beerxml.jsbeerxml-shortcode/css/beerxml.css?ver=beerxml-shortcode/js/beerxml.js?ver=HTML / DOM Fingerprints
beerxml-actuals<!-- BeerXML shortcode passed invalid attributes --><!-- BeerXML shortcode source not set --><!-- Error parsing BeerXML document -->recipecachemetricdownloadstylemash+4 more<tr class='beerxml-actuals'><th><td></table>