Does Forget About Shortcode Buttons have any unpatched vulnerabilities?

No. All known vulnerabilities in Forget About Shortcode Buttons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Forget About Shortcode Buttons compatible with WordPress 6.7.5?

According to WordPress.org data, Forget About Shortcode Buttons 2.1.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Forget About Shortcode Buttons updated?

Forget About Shortcode Buttons was last updated on Nov 4, 2024. Frequent updates are generally a positive security signal.

What is Forget About Shortcode Buttons's security score?

Forget About Shortcode Buttons has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Forget About Shortcode Buttons Security & Risk Analysis

wordpress.org/plugins/forget-about-shortcode-buttons

A visual way to add CSS buttons in the rich text editor and to your themes.

30K active installs v2.1.3 PHP + WP 4.2+ Updated Nov 4, 2024

buttoncsseditshortcodevisual-editor

A · Safe

CVEs total2

Unpatched0

Last CVEMay 11, 2023

Plugin page Download

Safety Verdict

Is Forget About Shortcode Buttons Safe to Use in 2026?

Generally Safe

Score 91/100

Forget About Shortcode Buttons has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 11, 2023Updated 1yr ago

Risk Assessment

The plugin "forget-about-shortcode-buttons" v2.1.3 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events. Crucially, this single AJAX handler appears to be protected by a nonce check, which is a good practice. The code also demonstrates a commitment to secure database interaction with 100% of SQL queries using prepared statements and no file operations or external HTTP requests, further reducing potential attack vectors. However, a significant concern arises from the low percentage of properly escaped output (17%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where untrusted input could be rendered directly into the user's browser, leading to malicious code execution.

Key Concerns

Low output escaping rate
Two medium severity historical CVEs

Vulnerabilities

Forget About Shortcode Buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-32579medium · 4.3Missing Authorization

Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons

May 11, 2023 Patched in 2.1.3 (257d)

CVE-2016-1000133medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forget About Shortcode Buttons <= 1.1.1 - Reflected Cross-Site Scripting

Feb 29, 2016 Patched in 1.1.2 (2885d)

Code Analysis

Analyzed Mar 16, 2026

Forget About Shortcode Buttons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

17% escaped6 total outputs

Attack Surface

Forget About Shortcode Buttons Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_fasc_buttonsadmin\class-forget-about-shortcode-buttons-admin.php:59

WordPress Hooks 7

actionplugins_loadedincludes\class-forget-about-shortcode-buttons.php:140

actionadmin_enqueue_scriptsincludes\class-forget-about-shortcode-buttons.php:157

actionadmin_footerincludes\class-forget-about-shortcode-buttons.php:158

actionadmin_footerincludes\class-forget-about-shortcode-buttons.php:159

actionadmin_initincludes\class-forget-about-shortcode-buttons.php:168

actionwp_enqueue_scriptsincludes\class-forget-about-shortcode-buttons.php:182

actionwp_enqueue_scriptsincludes\class-forget-about-shortcode-buttons.php:183

Maintenance & Trust

Forget About Shortcode Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 4, 2024

PHP min version

Downloads398K

Community Trust

Rating94/100

Number of ratings69

Active installs30K

Alternatives

Forget About Shortcode Buttons Alternatives

Microthemer Lite – Visual Editor to Customize CSS

microthemer

100

A visual editor to customize the CSS styling of anything on your site - from Google fonts to responsive layouts.

10K No CVEs

Visual Editor Custom Buttons

visual-editor-custom-buttons

Visual Editor Custom Buttons lets you add custom buttons to the Wordpress Visual Editor.

4K No CVEs

Manage TinyMCE Editor

manage-tinymce-editor

Add buttons to TinyMCE, WordPress' default visual editor.

200 No CVEs

Safer Email Link

safer-email-link

Adds a button to the TinyMCE to wrap an email address with a shortcode using the WordPress antispambot function.

200 No CVEs

Crazy Pills

crazy-pills

Build buttons, boxes, beautiful lists, and highlight text right from your editor, with live preview.

100 No CVEs

Developer Profile

Forget About Shortcode Buttons Developer Profile

Code Amp

4 plugins · 84K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

594 days

View full developer profile

Detection Fingerprints

How We Detect Forget About Shortcode Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/forget-about-shortcode-buttons/admin/css/forget-about-shortcode-buttons-admin.css

Version Parameters

forget-about-shortcode-buttons-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

button_fasc_insert_button

Data Attributes

fasc-buttons

JS Globals

fasc_buttonsfasc_save

REST Endpoints

/wp-json/fasc_buttons

FAQ