Display URL Params Security & Risk Analysis
wordpress.org/plugins/display-url-paramsA simple shortcode to get URL parameters from the Query String and display them as dynamic content on pages, posts and forms.
Is Display URL Params Safe to Use in 2026?
Generally Safe
Score 85/100Display URL Params has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'display-url-params' plugin version 1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries not using prepared statements, and all output being properly escaped are positive indicators. Furthermore, the plugin has no recorded vulnerability history, suggesting a good track record.
However, a key concern is the complete lack of any authorization or nonce checks across all entry points, including the identified shortcode. While there are no current vulnerabilities or taint flows detected, this absence of security checks represents a significant potential risk. If the shortcode were to process any user-supplied input without proper validation and authorization, it could lead to various vulnerabilities, especially if it interacts with other parts of the WordPress system or external resources. The plugin's small attack surface is a mitigating factor, but the lack of fundamental security checks is a notable weakness.
Key Concerns
- Missing capability checks on shortcode
- Missing nonce checks on shortcode
Display URL Params Security Vulnerabilities
Display URL Params Code Analysis
Output Escaping
Display URL Params Attack Surface
Shortcodes 1
Maintenance & Trust
Display URL Params Maintenance & Trust
Maintenance Signals
Community Trust
Display URL Params Alternatives
GET Params
get-params
Shortcodes allowing you to display GET parameters from the current URL in pages and posts, or show/hide content depending on GET param values
VI: Include Post By
vi-include-post-by
Shortcodes allowing you to display posts inside other posts/pages
Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress
contact-form-plugin
The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.
Apollo13 Framework Extensions
apollo13-framework-extensions
Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.
Kaya QR Code Generator
kaya-qr-code-generator
Generate QR Code through Widgets and Shortcodes, without any dependencies.
Display URL Params Developer Profile
1 plugin · 100 total installs
How We Detect Display URL Params
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/display-url-params/css/display-url-params.css/wp-content/plugins/display-url-params/js/display-url-params.js/wp-content/plugins/display-url-params/js/display-url-params.jsdisplay-url-params/css/display-url-params.css?ver=display-url-params/js/display-url-params.js?ver=HTML / DOM Fingerprints
esc_attr(esc_html($_GET[$param]))