Does FlipEm have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is FlipEm compatible with WordPress 6.9.4?

According to WordPress.org data, FlipEm 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is FlipEm compatible with PHP 7.0+?

FlipEm requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FlipEm updated?

FlipEm was last updated on Apr 14, 2026. Frequent updates are generally a positive security signal.

What is FlipEm's security score?

FlipEm has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FlipEm Security & Risk Analysis

wordpress.org/plugins/flipem

FlipEm adds CSS3 3D flipping cards to WordPress content and sidebars using shortcodes, a widget, and a live generator.

0 active installs v1.1.0 PHP 7.0+ WP 4.9+ Updated Apr 14, 2026

3d-transformcss3flip-cardshortcodewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is FlipEm Safe to Use in 2026?

Generally Safe

Score 100/100

FlipEm has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "flipem" v1.1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any critical or high-severity taint flows, dangerous functions, raw SQL queries, or file operations is a significant positive. Furthermore, the high percentage of properly escaped output indicates good practices in preventing cross-site scripting vulnerabilities. The plugin also correctly implements capability checks for its entry points, which is a crucial security measure.

However, the static analysis does reveal a potential area for concern: the lack of nonce checks on its entry points. While the plugin has no unprotected entry points (meaning capability checks are present), the absence of nonces on its 3 shortcodes leaves them susceptible to Cross-Site Request Forgery (CSRF) attacks. A malicious actor could potentially trick a logged-in user into executing actions defined by these shortcodes without their explicit consent. The plugin's vulnerability history is clean, which is excellent, but this silence can also mean it hasn't been subjected to extensive scrutiny or that past versions had issues that have since been resolved. The overall impression is a well-coded plugin with a minor but exploitable oversight regarding CSRF protection on its shortcodes.

Key Concerns

Missing nonce checks on shortcodes

Vulnerabilities

None known

FlipEm Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

FlipEm Release Timeline

v1.1.0Current

v1.0.21

Code Analysis

Analyzed Apr 16, 2026

FlipEm Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

344 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped350 total outputs

Attack Surface

FlipEm Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[flipem_card] flipem.php:378

[flipem_front] flipem.php:379

[flipem_back] flipem.php:380

WordPress Hooks 9

filterplugin_row_metaflipem.php:104

filtersafe_style_cssflipem.php:216

actionwp_enqueue_scriptsflipem.php:341

actionwp_footerflipem.php:360

actioninitflipem.php:382

actionadmin_menuincludes/flipem-admin-settings.php:32

actionadmin_initincludes/flipem-admin-settings.php:71

actionadmin_enqueue_scriptsincludes/flipem-admin-settings.php:122

actionwidgets_initincludes/flipem-widget.php:319

Maintenance & Trust

FlipEm Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 14, 2026

PHP min version7.0

Downloads96

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

FlipEm Alternatives

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 10 CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Kaya QR Code Generator

kaya-qr-code-generator

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs

Donations via PayPal

paypal-donations

100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE

Reusable Blocks Extended

reusable-blocks-extended

100

Extend Gutenberg Reusable Blocks feature with a complete admin panel, widgets, shortcodes and PHP functions.

20K 1 CVE

Developer Profile

FlipEm Developer Profile

Andrei Petcu

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FlipEm

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flipem/assets/js/flipem.js/wp-content/plugins/flipem/assets/css/flipem.css

Script Paths

/wp-content/plugins/flipem/assets/js/flipem.js

Version Parameters

flipem/assets/css/flipem.css?ver=flipem/assets/js/flipem.js?ver=

HTML / DOM Fingerprints

CSS Classes

flipem-cardflipem-card__faceflipem-card__face--frontflipem-card__face--backflipem-card--overflipem-card--topflipem-card--rightflipem-card--bottom+3 more

HTML Comments

FlipEm card frontFlipEm card back

Data Attributes

data-flipem-autoflipdata-flipem-autoflipstartdata-flipem-direction

JS Globals

flipem_init

Shortcode Output

[flipem]

FAQ