WP-Safety

CFP.DEV shortcodes Security & Risk Analysis

wordpress.org/plugins/cfp-dev-shortcodes

The CFP.DEV shortcodes plugin provides several short codes to list speakers, talks and much more from your CFP.DEV server. Version 3.

10 active installs v3.6.2 PHP 5.2.4+ WP 4.6+ Updated Jun 23, 2025
cfpdevoxxschedulespeakersvoxxeddays
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CFP.DEV shortcodes Safe to Use in 2026?

Generally Safe

Score 100/100

CFP.DEV shortcodes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The 'cfp-dev-shortcodes' plugin, in version 3.6.2, exhibits a mixed security posture. While it demonstrates strengths such as the absence of dangerous functions, a complete reliance on prepared statements for SQL queries, and no recorded vulnerability history, significant concerns arise from its attack surface and output escaping practices. A substantial number of AJAX handlers lack authentication checks, creating a large potential entry point for unauthorized actions. Furthermore, a low percentage of output is properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly rendered without adequate sanitization.

The taint analysis reveals a concerning number of flows with unsanitized paths, although they did not reach a critical or high severity. This suggests potential weaknesses in how the plugin handles file operations or user inputs that could be exploited. The lack of nonces on a significant portion of its entry points, coupled with limited capability checks on AJAX handlers, further exacerbates the risk of unauthorized access and manipulation. While the plugin has a clean vulnerability history, the presence of these exploitable patterns in the code analysis warrants caution.

In conclusion, the plugin's zero CVE history and good SQL practices are positive indicators. However, the high number of unprotected AJAX endpoints, coupled with insufficient output escaping and unsanitized path flows, significantly elevates the security risk. Addressing these areas is crucial to improving the overall security posture of 'cfp-dev-shortcodes'.

Key Concerns

  • High number of AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • Unsanitized paths in taint analysis flows
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

CFP.DEV shortcodes Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CFP.DEV shortcodes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
183
51 escaped
Nonce Checks
1
Capability Checks
2
File Operations
1
External Requests
12
Bundled Libraries
0

Output Escaping

22% escaped234 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
rating_process_request (cfp-dev-wordpress-shortcodes.php:169)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

CFP.DEV shortcodes Attack Surface

Entry Points24
Unprotected14

AJAX Handlers 16

authwp_ajax_ratingcfp-dev-wordpress-shortcodes.php:177
noprivwp_ajax_ratingcfp-dev-wordpress-shortcodes.php:178
authwp_ajax_favouritescfp-dev-wordpress-shortcodes.php:207
noprivwp_ajax_favouritescfp-dev-wordpress-shortcodes.php:208
authwp_ajax_delete_favcfp-dev-wordpress-shortcodes.php:245
noprivwp_ajax_delete_favcfp-dev-wordpress-shortcodes.php:246
authwp_ajax_my_schedulecfp-dev-wordpress-shortcodes.php:257
noprivwp_ajax_my_schedulecfp-dev-wordpress-shortcodes.php:258
authwp_ajax_activationcfp-dev-wordpress-shortcodes.php:284
noprivwp_ajax_activationcfp-dev-wordpress-shortcodes.php:285
authwp_ajax_verifycfp-dev-wordpress-shortcodes.php:322
noprivwp_ajax_verifycfp-dev-wordpress-shortcodes.php:323
authwp_ajax_cfp_dev_delete_cachecfp-dev-wordpress-shortcodes.php:1225
noprivwp_ajax_cfp_dev_delete_cachecfp-dev-wordpress-shortcodes.php:1226
authwp_ajax_get_speaker_photosshortcode\shortcode-cfp-speaker-details.php:356
noprivwp_ajax_get_speaker_photosshortcode\shortcode-cfp-speaker-details.php:357

Shortcodes 8

[cfp_speaker_details] cfp-dev-wordpress-shortcodes.php:1350
[cfp_schedule] shortcode\shortcode-cfp-schedule.php:17
[cfp_search_results] shortcode\shortcode-cfp-search-results.php:16
[cfp_speaker_details] shortcode\shortcode-cfp-speaker-details.php:6
[cfp_speakers] shortcode\shortcode-cfp-speakers.php:17
[cfp_talk_details] shortcode\shortcode-cfp-talk-details.php:16
[cfp_talks_by_sessions] shortcode\shortcode-cfp-talks-by-sessions.php:16
[cfp_talks_by_tracks] shortcode\shortcode-cfp-talks-by-tracks.php:16
WordPress Hooks 29
actionwp_print_scriptscfp-dev-wordpress-shortcodes.php:166
actionadmin_menucfp-dev-wordpress-shortcodes.php:391
actionadmin_enqueue_scriptscfp-dev-wordpress-shortcodes.php:1187
actioninitcfp-dev-wordpress-shortcodes.php:1276
filterquery_varscfp-dev-wordpress-shortcodes.php:1290
actionparse_requestcfp-dev-wordpress-shortcodes.php:1347
actioninitcfp-dev-wordpress-shortcodes.php:1352
filterdo_shortcode_tagcfp-dev-wordpress-shortcodes.php:1358
filtertemplate_includecfp-dev-wordpress-shortcodes.php:1376
actionwp_footercfp-dev-wordpress-shortcodes.php:1459
actionwp_headcfp-dev-wordpress-shortcodes.php:1475
actionplugins_loadedshortcode\shortcode-cfp-schedule.php:14
filterquery_varsshortcode\shortcode-cfp-schedule.php:21
actionwp_enqueue_scriptsshortcode\shortcode-cfp-schedule.php:26
actionplugins_loadedshortcode\shortcode-cfp-search-results.php:12
filterquery_varsshortcode\shortcode-cfp-search-results.php:20
actionwp_enqueue_scriptsshortcode\shortcode-cfp-search-results.php:25
actionplugins_loadedshortcode\shortcode-cfp-speaker-details.php:4
actionwp_enqueue_scriptsshortcode\shortcode-cfp-speaker-details.php:10
actionplugins_loadedshortcode\shortcode-cfp-speakers.php:14
actionwp_enqueue_scriptsshortcode\shortcode-cfp-speakers.php:21
actionplugins_loadedshortcode\shortcode-cfp-talk-details.php:14
actionwp_enqueue_scriptsshortcode\shortcode-cfp-talk-details.php:20
actionplugins_loadedshortcode\shortcode-cfp-talks-by-sessions.php:12
filterquery_varsshortcode\shortcode-cfp-talks-by-sessions.php:20
actionwp_enqueue_scriptsshortcode\shortcode-cfp-talks-by-sessions.php:25
actionplugins_loadedshortcode\shortcode-cfp-talks-by-tracks.php:12
filterquery_varsshortcode\shortcode-cfp-talks-by-tracks.php:20
actionwp_enqueue_scriptsshortcode\shortcode-cfp-talks-by-tracks.php:25
Maintenance & Trust

CFP.DEV shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.0
Last updatedJun 23, 2025
PHP min version5.2.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

CFP.DEV shortcodes Alternatives

Sympose

Sympose

sympose

A
92

Sympose makes it easy for anyone to create a conference website. Install WordPress, install Sympose and kick start your conference.

60 No CVEs
The Events Calendar

The Events Calendar

the-events-calendar

B
82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

A
95

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 5 CVEs
OttoKit: All-in-One Automation Platform

OttoKit: All-in-One Automation Platform

suretriggers

A
91

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 4 CVEs
Missed Scheduled Posts Publisher by WPBeginner

Missed Scheduled Posts Publisher by WPBeginner

missed-scheduled-posts-publisher

A
92

Are your scheduled posts missing their publication times? Missed Scheduled Posts Publisher effectively resolves the 'missed scheduled post' …

60K No CVEs
Developer Profile

CFP.DEV shortcodes Developer Profile

Stephan

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CFP.DEV shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cfp-dev-shortcodes/js/jquery-ui.min.js/wp-content/plugins/cfp-dev-shortcodes/js/moment.min.js/wp-content/plugins/cfp-dev-shortcodes/js/luxon2.0.min.js/wp-content/plugins/cfp-dev-shortcodes/css/jquery-ui.min.css/wp-content/plugins/cfp-dev-shortcodes/js/site.js/wp-content/plugins/cfp-dev-shortcodes/js/ajax-cfp-v3.4.js/wp-content/plugins/cfp-dev-shortcodes/js/rating-cfp.js/wp-content/plugins/cfp-dev-shortcodes/shortcode/shortcode-cfp-speakers.php+6 more
Script Paths
wp-content/plugins/cfp-dev-shortcodes/js/jquery-ui.min.jswp-content/plugins/cfp-dev-shortcodes/js/moment.min.jswp-content/plugins/cfp-dev-shortcodes/js/luxon2.0.min.jswp-content/plugins/cfp-dev-shortcodes/js/site.jswp-content/plugins/cfp-dev-shortcodes/js/ajax-cfp-v3.4.jswp-content/plugins/cfp-dev-shortcodes/js/rating-cfp.js
Version Parameters
cfp-dev-shortcodes/js/jquery-ui.min.js?ver=cfp-dev-shortcodes/js/moment.min.js?ver=cfp-dev-shortcodes/js/luxon2.0.min.js?ver=cfp-dev-shortcodes/css/jquery-ui.min.css?ver=cfp-dev-shortcodes/js/site.js?ver=cfp-dev-shortcodes/js/ajax-cfp-v3.4.js?ver=cfp-dev-shortcodes/js/rating-cfp.js?ver=

HTML / DOM Fingerprints

JS Globals
the_ajax_script
REST Endpoints
/wp-json/cfp-dev-shortcodes/v1/speakers/wp-json/cfp-dev-shortcodes/v1/speaker-details/wp-json/cfp-dev-shortcodes/v1/schedule/wp-json/cfp-dev-shortcodes/v1/talk-details/wp-json/cfp-dev-shortcodes/v1/talks-by-tracks/wp-json/cfp-dev-shortcodes/v1/talks-by-sessions/wp-json/cfp-dev-shortcodes/v1/search-results
Shortcode Output
[cfp_speakers][cfp_speaker_details][cfp_schedule][cfp_talk_details]
FAQ

Frequently Asked Questions about CFP.DEV shortcodes