F13 Movies Security & Risk Analysis
wordpress.org/plugins/f13-movie-shortcodeDo you blog about movies? It can be tedious adding movie information manually, now you can add movie information with shortcode using an IMDB ID.
Is F13 Movies Safe to Use in 2026?
Generally Safe
Score 85/100F13 Movies has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "f13-movie-shortcode" plugin version 2.1.4 demonstrates a generally good security posture with several positive indicators. The static analysis reveals a lack of dangerous functions, all SQL queries are properly prepared, and a very high percentage of output is correctly escaped. Furthermore, there are no recorded vulnerabilities (CVEs) in its history, suggesting a history of stable and secure development. The plugin also has a minimal attack surface consisting only of two shortcodes, with no identified unprotected entry points.
However, there are notable areas for concern. The complete absence of nonce checks and capability checks across all entry points represents a significant security weakness. This means that any user, regardless of their role or authentication status, can trigger the functionality associated with the shortcodes. While the current static analysis did not reveal critical taint flows or unsanitized paths, the lack of authorization checks opens the door for potential exploitation if malicious data were to be processed by the shortcode's functionality. The plugin's reliance on external HTTP requests without explicit security analysis also warrants caution, as these could potentially be points of compromise if not handled securely.
In conclusion, the plugin has a strong foundation in terms of coding practices for SQL and output handling, and a clean vulnerability history. Nevertheless, the critical oversight in implementing any form of authorization or nonce validation on its shortcodes is a major security flaw that significantly elevates the risk profile. This lack of protection makes the plugin susceptible to unauthorized actions by any user interacting with it.
Key Concerns
- Missing nonce checks on all entry points
- Missing capability checks on all entry points
- External HTTP requests without explicit security analysis
F13 Movies Security Vulnerabilities
F13 Movies Code Analysis
SQL Query Safety
Output Escaping
F13 Movies Attack Surface
Shortcodes 2
WordPress Hooks 3
Maintenance & Trust
F13 Movies Maintenance & Trust
Maintenance Signals
Community Trust
F13 Movies Alternatives
Advanced iFrame
advanced-iframe
Include content the way YOU like in an iframe that can hide and modify elements, does auto-height, forward parameters and does many, many more...
Insert Pages
insert-pages
Insert Pages lets you embed any WordPress content (e.g., pages, posts, custom post types) into other WordPress content using the Shortcode API.
Spreaker Shortcode
spreaker-shortcode
A simple and easy way to embed Spreaker player into your WordPress blog.
Simple YouTube Responsive
simple-youtube-responsive
Easily embed responsive YouTube videos using a simple shortcode. Lazy load included.
MAS Videos
masvideos
MAS Videos is a free plugin that allows you to to create and list movies, videos and TV shows.
F13 Movies Developer Profile
8 plugins · 90 total installs
How We Detect F13 Movies
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/f13-movie-shortcode/css/f13-movies.cssf13-movies.css?ver=HTML / DOM Fingerprints
f13-movies-errorF13_MOVIES_DEVF13_MOVIES<div class="f13-movies-error"><script>console.log("Building actor information from transient:<script>console.log("Building actor information from API, setting:<script>console.log("Building movie information from transient: