Does Effect Maker have any unpatched vulnerabilities?

Yes — Effect Maker currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Effect Maker compatible with WordPress 4.3.34?

According to WordPress.org data, Effect Maker 1.2.1 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Effect Maker updated?

Effect Maker was last updated on Nov 13, 2015. Frequent updates are generally a positive security signal.

What is Effect Maker's security score?

Effect Maker has a WP-Safety security score of 41/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Effect Maker Security & Risk Analysis

wordpress.org/plugins/effect-maker

Extend Wordpress with this JavaScript web effect creation system.

80 active installs v1.2.1 PHP + WP 3.9.1+ Updated Nov 13, 2015

announcementreelscrollscrollertext-scroll

D · High Risk

CVEs total2

Unpatched2

Last CVEDec 31, 2025

Plugin page Download

Safety Verdict

Is Effect Maker Safe to Use in 2026?

High Risk

Score 41/100

Effect Maker carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Dec 31, 2025Updated 10yr ago

Risk Assessment

The "effect-maker" plugin v1.2.1 exhibits a concerning security posture, largely due to significant vulnerabilities identified in the static analysis and its history. The plugin presents a substantial attack surface with 7 unprotected AJAX handlers, indicating a high potential for unauthorized actions. The taint analysis reveals 3 high-severity flows with unsanitized paths, directly correlating with known cross-site scripting (XSS) and authorization bypass vulnerabilities. Furthermore, the vulnerability history shows 2 unpatched medium-severity CVEs, both stemming from improper input neutralization (XSS) and missing authorization, reinforcing the findings from the code analysis. While the absence of dangerous functions, external HTTP requests, and bundled libraries are positive aspects, they are overshadowed by the critical lack of input validation and authorization controls. The plugin's reliance on unescaped output across all identified outputs is a major red flag, significantly increasing the risk of XSS attacks. In conclusion, the plugin is currently in a high-risk state due to numerous exploitable vulnerabilities and a lack of fundamental security practices.

Key Concerns

Unpatched CVEs: 2 medium
High severity taint flows: 3
AJAX handlers without auth checks: 7
Output escaping: 0% properly escaped
SQL queries not using prepared statements: 80%
Missing nonce checks on AJAX
Missing capability checks on AJAX

Vulnerabilities

Effect Maker Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-68867medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Effect Maker <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Dec 31, 2025Unpatched

CVE-2025-62914medium · 4.3Missing Authorization

Effect Maker <= 1.2.1 - Missing Authorization

Sep 30, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Effect Maker Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

20% prepared10 total queries

Output Escaping

0% escaped43 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

store_parameter_callback (effect-maker.php:318)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Effect Maker Attack Surface

Entry Points7

Unprotected7

AJAX Handlers 7

authwp_ajax_load_effect_dataeffect-maker.php:189

authwp_ajax_load_parameterseffect-maker.php:190

authwp_ajax_load_user_configurationeffect-maker.php:191

authwp_ajax_load_user_workspaceeffect-maker.php:192

authwp_ajax_store_parametereffect-maker.php:193

authwp_ajax_store_user_configurationeffect-maker.php:194

authwp_ajax_delete_user_configurationeffect-maker.php:195

WordPress Hooks 4

actionadmin_menueffect-maker.php:13

actionwp_enqueue_scriptseffect-maker.php:18

actionmedia_buttons_contexteffect-maker.php:53

actionwp_headeffect-maker.php:160

Maintenance & Trust

Effect Maker Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedNov 13, 2015

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings1

Active installs80

Alternatives

Effect Maker Alternatives

Information Reel

information-reel

This plugin scroll the entered title, image, and description in your word press website. This is best way to announce your messages to user.

300 1 CVE

Announcement ticker highlighter scroller

announcement-ticker-highlighter-scroller

This plugin will display the announcement with highlighter scroller. It gradually reveals each message into view from bottom to top.

100 No CVEs

ScrollTick

scrolltick

100

This is the simple way to create scrolling text in your website.

40 No CVEs

Job manager feed scroller

job-manager-feed-scroller

Get jobs added by plugin Job Manager and display them as scrolling text.

10 No CVEs

Text Scroller

text-scroller

Set Scrolling Message for website

10 No CVEs

Developer Profile

Effect Maker Developer Profile

anibalwainstein

1 plugin · 80 total installs

trust score

Avg Security Score

41/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Effect Maker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/effect-maker/effectrunner.js/wp-content/plugins/effect-maker/css/jquery-ui-1.10.3.custom.min.css/wp-content/plugins/effect-maker/css/colpick.css/wp-content/plugins/effect-maker/css/App.css/wp-content/plugins/effect-maker/js/colpick.js/wp-content/plugins/effect-maker/js/script-bundle.min.js/wp-content/plugins/effect-maker/App.js/wp-content/plugins/effect-maker/images/AppIcon.png+5 more

Script Paths

/wp-content/plugins/effect-maker/effectrunner.js/wp-content/plugins/effect-maker/js/colpick.js/wp-content/plugins/effect-maker/js/script-bundle.min.js/wp-content/plugins/effect-maker/App.js

Version Parameters

effect-maker/effectrunner.js?ver=effect-maker/css/jquery-ui-1.10.3.custom.min.css?ver=effect-maker/css/colpick.css?ver=effect-maker/css/App.css?ver=effect-maker/js/colpick.js?ver=effect-maker/js/script-bundle.min.js?ver=effect-maker/App.js?ver=

HTML / DOM Fingerprints

CSS Classes

effectmaker_icontabs-mintabs-nohdr

Data Attributes

id="effectmaker_configurations"id="effectmaker_container"id="initmessage"id="initializationmessage"id="mainscreen"id="galleryflipper2"+8 more

JS Globals

runnerModeEM_environmentpluginsUrluploadsURLuserImageFolderloadConfiguration+1 more

Shortcode Output

<img class="effectmaker_icon"<SELECT id="effectmaker_configurations"><a title='Add an effect from Effect Maker'tinymce.activeEditor.insertContent('

FAQ