Does Embed Chessboard have any unpatched vulnerabilities?

Yes — Embed Chessboard currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Embed Chessboard compatible with WordPress 7.0?

According to WordPress.org data, Embed Chessboard 3.08.00 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

How often is Embed Chessboard updated?

Embed Chessboard was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is Embed Chessboard's security score?

Embed Chessboard has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Embed Chessboard Security & Risk Analysis

wordpress.org/plugins/embed-chessboard

Allows for the insertion of a chessboard displaying chess games within wordpress articles.

600 active installs v3.08.00 PHP + WP 2.9+ Updated Feb 24, 2026

chesschessboardpgnpgn4web

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 4, 2025

Plugin page Download

Safety Verdict

Is Embed Chessboard Safe to Use in 2026?

Mostly Safe

Score 78/100

Embed Chessboard is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 4, 2025Updated 1mo ago

Risk Assessment

The embed-chessboard plugin v3.08.00 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding dangerous functions, file operations, and external HTTP requests, significant concerns exist. The complete lack of output escaping across all 15 identified outputs is a critical weakness, leaving the plugin highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a known, unpatched medium severity vulnerability related to XSS, with its last recorded vulnerability in April 2025. This historical pattern of XSS, coupled with the current lack of output escaping, strongly suggests a recurring security flaw. The plugin's attack surface is small and appears to be protected by capability checks, but the severe output escaping issue overshadows these strengths and demands immediate attention.

Key Concerns

100% of outputs are not properly escaped
1 unpatched medium severity CVE
No nonce checks found
No capability checks found

Vulnerabilities

Embed Chessboard Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32177medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Embed Chessboard <= 3.07.00 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Embed Chessboard Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped15 total outputs

Attack Surface

Embed Chessboard Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[pgn] embedchessboard.php:170

[pgn4web] embedchessboard.php:171

WordPress Hooks 4

actionplugins_loadedembedchessboard.php:334

filterno_texturize_shortcodesembedchessboard.php:345

actionadmin_menuembedchessboard.php:350

actionadmin_initembedchessboard.php:358

Maintenance & Trust

Embed Chessboard Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedFeb 24, 2026

PHP min version

Downloads46K

Community Trust

Rating80/100

Number of ratings3

Active installs600

Alternatives

Embed Chessboard Alternatives

RPB Chessboard

rpb-chessboard

100

This plugin allows you to typeset and display chess diagrams and PGN-encoded chess games.

1K No CVEs

Chessgame Shizzle

chessgame-shizzle

Chessgame Shizzle is a nice way to integrate chessgames into your WordPress website. Ideal for chess clubs, your chess blog, or any chess related webs …

100 1 CVE

Chess Game Viewer

chess-game-viewer-control-panel

The Chess Game Viewer Control Panel is the easiest way to add a customizable chess board to your blog.

30 No CVEs

PgnViewerJS

pgnviewerjs-wp

100

Integration of @mliebelt/pgn-viewer into WordPress (formarly named PGNViewerJS).

50 No CVEs

pgn-viewer-for-lichess

Integration of lichess-pgn-viewer into WordPress.

40 No CVEs

Developer Profile

Embed Chessboard Developer Profile

pgn4web

1 plugin · 600 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Embed Chessboard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embed-chessboard/js/pgn4web.min.js/wp-content/plugins/embed-chessboard/css/pgn4web.css/wp-content/plugins/embed-chessboard/js/embed-chessboard.js

Script Paths

js/pgn4web.min.jsjs/embed-chessboard.js

Version Parameters

embed-chessboard/css/pgn4web.css?ver=embed-chessboard/js/pgn4web.min.js?ver=embed-chessboard/js/embed-chessboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

pgn-chessboardpgn4webpgn-chessboard-wrapper

HTML Comments

Data Attributes

data-pgn-variantdata-pgn-autoplaydata-pgn-board-widthdata-pgn-theme

JS Globals

pgn4web_config

Shortcode Output

<div class="pgn-chessboard"></div><div id="pgn4web_container" class="pgn-chessboard-wrapper"></div>

FAQ