DeMomentSomTres Shortcodes Security & Risk Analysis

wordpress.org/plugins/demomentsomtres-shortcodes

This plugin provides shortcodes that manage multi column layouts.

10 active installs v1.1.1 PHP + WP 3.4+ Updated Nov 26, 2024
responsiveshortcode
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 1, 2026
Safety Verdict

Is DeMomentSomTres Shortcodes Safe to Use in 2026?

Mostly Safe

Score 70/100

DeMomentSomTres Shortcodes is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Jun 1, 2026Updated 1yr ago
Risk Assessment

The "demomentsomtres-shortcodes" plugin version 1.1.1 exhibits a strong security posture based on the provided static analysis. The code demonstrates excellent adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and all output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. Notably, there are no identified taint flows, indicating that data manipulation within the plugin is handled safely.

Despite the robust static analysis, a significant concern arises from the lack of any authorization checks (capability checks and nonce checks) on its 30 shortcode entry points. While the static analysis did not uncover any immediate vulnerabilities, this oversight represents a potential attack vector. If any of these shortcodes were to process user-supplied input without proper validation and authorization, it could lead to unintended actions or information disclosure.

The plugin's vulnerability history is also a positive indicator, with zero known CVEs. This suggests a history of responsible development and a low likelihood of past security oversights. In conclusion, the plugin is technically well-written with strong foundations in secure coding, but the missing authorization checks on its extensive shortcode interface present a notable weakness that should be addressed to ensure comprehensive security.

Key Concerns

  • Missing nonce checks on shortcodes
  • Missing capability checks on shortcodes
Vulnerabilities
1 published

DeMomentSomTres Shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8885medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Jun 1, 2026Unpatched
Version History

DeMomentSomTres Shortcodes Release Timeline

v1.0.11 CVE
v1.01 CVE
Code Analysis
Analyzed Apr 16, 2026

DeMomentSomTres Shortcodes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries
Attack Surface

DeMomentSomTres Shortcodes Attack Surface

Entry Points30
Unprotected0

Shortcodes 30

[one_third] demomentsomtres-shortcodes.php:26
[one_third_last] demomentsomtres-shortcodes.php:32
[two_thirds] demomentsomtres-shortcodes.php:38
[two_thirds_last] demomentsomtres-shortcodes.php:44
[one_half] demomentsomtres-shortcodes.php:52
[one_half_last] demomentsomtres-shortcodes.php:58
[one_fourth] demomentsomtres-shortcodes.php:64
[one_fourth_last] demomentsomtres-shortcodes.php:70
[three_fourths] demomentsomtres-shortcodes.php:76
[three_fourths_last] demomentsomtres-shortcodes.php:82
[one_fifth] demomentsomtres-shortcodes.php:88
[two_fifth] demomentsomtres-shortcodes.php:94
[three_fifth] demomentsomtres-shortcodes.php:100
[four_fifth] demomentsomtres-shortcodes.php:106
[one_fifth_last] demomentsomtres-shortcodes.php:114
[two_fifth_last] demomentsomtres-shortcodes.php:120
[three_fifth_last] demomentsomtres-shortcodes.php:126
[four_fifth_last] demomentsomtres-shortcodes.php:132
[one_sixth] demomentsomtres-shortcodes.php:140
[one_sixth_last] demomentsomtres-shortcodes.php:146
[five_sixth] demomentsomtres-shortcodes.php:153
[five_sixth_last] demomentsomtres-shortcodes.php:159
[callout] demomentsomtres-shortcodes.php:183
[button] demomentsomtres-shortcodes.php:206
[tabgroup] demomentsomtres-shortcodes.php:210
[tab] demomentsomtres-shortcodes.php:228
[toggle] demomentsomtres-shortcodes.php:260
[related_posts] demomentsomtres-shortcodes.php:299
[clear] demomentsomtres-shortcodes.php:350
[clearline] demomentsomtres-shortcodes.php:357
WordPress Hooks 1
actioninitdemomentsomtres-shortcodes.php:20
Maintenance & Trust

DeMomentSomTres Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40
Last updatedNov 26, 2024
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

DeMomentSomTres Shortcodes Developer Profile

Marc Queralt i Bassa

19 plugins · 360 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect DeMomentSomTres Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/demomentsomtres-shortcodes/demomentsomtres-shortcodes.css

HTML / DOM Fingerprints

CSS Classes
one_thirdone_third lasttwo_thirdstwo_thirds lastone_halfone_half lastone_fourthone_fourth last+20 more
HTML Comments
<!-- the tabs --><!-- tab "panes" -->
Data Attributes
stylewidthalignlinksizecolor+4 more
JS Globals
tab_counttabs
Shortcode Output
<div class="one_third"><div class="one_third last"><div class="clear"></div><div class="two_thirds">
FAQ

Frequently Asked Questions about DeMomentSomTres Shortcodes