Does Drop Shadow Boxes have any unpatched vulnerabilities?

No. All known vulnerabilities in Drop Shadow Boxes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Drop Shadow Boxes compatible with WordPress 6.7.5?

According to WordPress.org data, Drop Shadow Boxes 1.7.15 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Drop Shadow Boxes updated?

Drop Shadow Boxes was last updated on Nov 29, 2024. Frequent updates are generally a positive security signal.

What is Drop Shadow Boxes's security score?

Drop Shadow Boxes has a WP-Safety security score of 88/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Drop Shadow Boxes Security & Risk Analysis

wordpress.org/plugins/drop-shadow-boxes

Highlight important content on your posts and pages inside a box with a drop shadow.

4K active installs v1.7.15 PHP + WP 3.0+ Updated Nov 29, 2024

box-shadowdrop-shadowshadows

A · Safe

CVEs total4

Unpatched0

Last CVENov 15, 2024

Plugin page Download

Safety Verdict

Is Drop Shadow Boxes Safe to Use in 2026?

Generally Safe

Score 88/100

Drop Shadow Boxes has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Nov 15, 2024Updated 1yr ago

Risk Assessment

The "drop-shadow-boxes" plugin exhibits a mixed security posture. While the static analysis shows promising signs like 100% prepared SQL statements and a high percentage of properly escaped output, the absence of nonce checks on AJAX handlers and a single capability check for all entry points are significant concerns. The lack of any taint analysis results is also noteworthy, though it could indicate clean code or insufficient analysis scope.

The vulnerability history is a major red flag. With four known CVEs, including one high and three medium severity issues, and a recent vulnerability identified in late 2024, the plugin has a history of insecure coding practices. The common vulnerability types like Code Injection, Cross-site Scripting, and Missing Authorization are particularly worrying as they can lead to serious compromise. The fact that none of the historical vulnerabilities are currently unpatched is a positive, but it doesn't negate the historical risk.

In conclusion, while the plugin has made some strides in secure coding practices, its past vulnerability history and the identified security gaps in its current static analysis (lack of nonce checks, limited capability checks) present a considerable risk. Users should exercise caution and ensure the plugin is updated to the latest version, though vigilance is still recommended due to past issues.

Key Concerns

Missing nonce checks on AJAX handlers
Limited capability checks across entry points
Bundled Freemius v1.0 library
One high severity CVE historically
Three medium severity CVEs historically

Vulnerabilities

Drop Shadow Boxes Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

2 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-10262medium · 6.3Improper Control of Generation of Code ('Code Injection')

Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Nov 15, 2024 Patched in 1.7.15 (19d)

CVE-2023-5469medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Drop Shadow Boxes <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Nov 20, 2023 Patched in 1.7.14 (64d)

CVE-2023-23833medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Drop Shadow Boxes <= 1.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 15, 2023 Patched in 1.7.11 (253d)

WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-drop-shadow-boxeshigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 1.7.2 (1793d)

Code Analysis

Analyzed Mar 16, 2026

Drop Shadow Boxes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

110 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

96% escaped114 total outputs

Attack Surface

Drop Shadow Boxes Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 1

authwp_ajax_dropshadowboxes_ajax_get_previewdropshadowboxes.php:111

Shortcodes 2

[dropshadowbox] dropshadowboxes.php:129

[dropshadowboxes] dropshadowboxes.php:130

WordPress Hooks 10

actionenqueue_block_assetsblock\init.php:33

actionenqueue_block_editor_assetsblock\init.php:71

actioninitdropshadowboxes.php:77

actionadmin_enqueue_scriptsdropshadowboxes.php:101

actionadmin_enqueue_scriptsdropshadowboxes.php:102

actionmedia_buttonsdropshadowboxes.php:106

actionadmin_footerdropshadowboxes.php:107

actionadmin_enqueue_scriptsdropshadowboxes.php:108

filterthe_postsdropshadowboxes.php:119

actionwidgets_initwidget.php:2

Maintenance & Trust

Drop Shadow Boxes Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 29, 2024

PHP min version

Downloads196K

Community Trust

Rating100/100

Number of ratings77

Active installs4K

Alternatives

Drop Shadow Boxes Alternatives

Auglio Try-on Mirror

auglio-try-on-mirror

The Virtual mirror allows the shoppers to experience all decorative cosmetics, sunglasses, contact lenses, jewelry, clothing and apparel using their …

50 No CVEs

Auglio Try-on Mirror

virtooal-try-on-mirror

The Virtual mirror allows the shoppers to experience all decorative cosmetics, sunglasses, contact lenses, jewelry, and accessories using their own p …

30 No CVEs

Notification Box Pro

notification-box-pro

100

Drop Shadow Notice Box with Scroll / Time Triggered. Fade in alert boxes to promote your important content on your website.

20 No CVEs

Developer Profile

Drop Shadow Boxes Developer Profile

Steve Henty

1 plugin · 4K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

532 days

View full developer profile

Detection Fingerprints

How We Detect Drop Shadow Boxes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/drop-shadow-boxes/css/dropshadowboxes.css

Version Parameters

drop-shadow-boxes/css/dropshadowboxes.css?ver=1.7.14

HTML / DOM Fingerprints

CSS Classes

dropshadowboxes-leftdropshadowboxes-rightdropshadowboxes-centerdropshadowboxes-rounded-cornersdropshadowboxes-inside-and-outside-shadowdropshadowboxes-inside-shadowdropshadowboxes-outside-shadow

Data Attributes

data-effectdata-effect-shadow-colordata-background-colordata-border-colordata-border-widthdata-rounded-corners+4 more

JS Globals

sh_dsb_fs

Shortcode Output

[dropshadowbox[dropshadowboxes

FAQ

Drop Shadow Boxes Security & Risk Analysis

Is Drop Shadow Boxes Safe to Use in 2026?

Generally Safe

Key Concerns

Drop Shadow Boxes Security Vulnerabilities

CVEs by Year

Severity Breakdown

Drop Shadow Boxes Code Analysis

Bundled Libraries

Output Escaping

Drop Shadow Boxes Attack Surface

AJAX Handlers 1

Shortcodes 2

Drop Shadow Boxes Maintenance & Trust

Maintenance Signals

Community Trust

Drop Shadow Boxes Alternatives

Auglio Try-on Mirror

Auglio Try-on Mirror

Notification Box Pro

Drop Shadow Boxes Developer Profile

How We Detect Drop Shadow Boxes

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Drop Shadow Boxes