Does Essential Shortcodes have any unpatched vulnerabilities?

No. All known vulnerabilities in Essential Shortcodes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Essential Shortcodes compatible with WordPress 6.8.5?

According to WordPress.org data, Essential Shortcodes 1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Essential Shortcodes compatible with PHP 7.4+?

Essential Shortcodes requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Essential Shortcodes updated?

Essential Shortcodes was last updated on Jun 11, 2025. Frequent updates are generally a positive security signal.

What is Essential Shortcodes's security score?

Essential Shortcodes has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Essential Shortcodes Security & Risk Analysis

wordpress.org/plugins/essential-shortcodes

Display user information and date/time with easy-to-use shortcodes. Free version includes 8 essential shortcodes.

10 active installs v1.1 PHP 7.4+ WP 4.9+ Updated Jun 11, 2025

dateemailshortcodesuser-infousername

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Essential Shortcodes Safe to Use in 2026?

Generally Safe

Score 100/100

Essential Shortcodes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The plugin "essential-shortcodes" v1.1 presents a mixed security posture. On the positive side, the static analysis reveals no identified dangerous functions, no direct SQL queries (all use prepared statements), and no file operations or external HTTP requests, which significantly reduces common attack vectors. The absence of known CVEs and a clean vulnerability history also suggests a generally well-maintained codebase.

However, a critical concern emerges from the output escaping analysis: 0% of the 8 total outputs are properly escaped. This lack of proper output sanitization, especially within shortcodes which are a direct entry point, creates a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by these shortcodes that originates from user input or external sources could be exploited to inject malicious scripts into the user's browser.

The plugin's attack surface consists solely of 8 shortcodes, none of which are flagged as unprotected. While this is good, the complete lack of output escaping negates this benefit. The absence of taint analysis flows and non-critical code signals might indicate a simpler codebase or that the analysis tools were limited, but the output escaping issue is a concrete and severe vulnerability.

Key Concerns

0% of outputs properly escaped

Vulnerabilities

None known

Essential Shortcodes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Essential Shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Attack Surface

Essential Shortcodes Attack Surface

Entry Points8

Unprotected0

Shortcodes 8

[essesh_username] essential-shortcodes.php:200

[essesh_email] essential-shortcodes.php:210

[essesh_firstname] essential-shortcodes.php:220

[essesh_lastname] essential-shortcodes.php:230

[essesh_bio] essential-shortcodes.php:240

[essesh_avatar] essential-shortcodes.php:259

[essesh_date] essential-shortcodes.php:273

[essesh_time] essential-shortcodes.php:287

WordPress Hooks 2

actionadmin_menuessential-shortcodes.php:29

actionadmin_enqueue_scriptsessential-shortcodes.php:104

Maintenance & Trust

Essential Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 11, 2025

PHP min version7.4

Downloads270

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Essential Shortcodes Alternatives

Username Update

username-update

The "Username Update" plugin enhances the default username editing functionality in WordPress by providing an additional feature to send an …

0 No CVEs

Disable auto-update Email Notifications

disable-auto-update-email-notifications

This plugin performs a simple task of disabling email notifications that are sent by WordPress when a plugin or theme auto-updates.

30K No CVEs

Disable Theme and Plugin Auto-Update Emails

disable-theme-and-plugin-auto-update-emails

Disables the default notification emails sent by a site after an automatic theme and/or plugin update. Simply activate the plugin to disable these ema …

10K No CVEs

Easy Username Updater

username-updater

A plugin to change registered username and display name.

10K 1 CVE

WP Date and Time Shortcode

wp-date-and-time-shortcode

Shortcode to show any current, past, and future date or time. Display this, previous, or next year, month, day, etc.

10K 1 CVE

Developer Profile

Essential Shortcodes Developer Profile

haohunter

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Essential Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

essesh-copy-buttonessesh-shortcode-cell

Data Attributes

data-shortcode

JS Globals

esseshShowCopySuccess

Shortcode Output

[essesh_username][essesh_email][essesh_firstname][essesh_lastname]

FAQ