Does Foundation Columns have any unpatched vulnerabilities?

Yes — Foundation Columns currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Foundation Columns compatible with WordPress 4.7.32?

According to WordPress.org data, Foundation Columns 0.8 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Foundation Columns updated?

Foundation Columns was last updated on May 8, 2015. Frequent updates are generally a positive security signal.

What is Foundation Columns's security score?

Foundation Columns has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Foundation Columns Security & Risk Analysis

wordpress.org/plugins/foundation-columns

Use the Zurb Foundation-grid and block grid in all your posts, pages and custom post types.

40 active installs v0.8 PHP + WP 3.7+ Updated May 8, 2015

columnsfoundationgridzurb

C · Use Caution

CVEs total1

Unpatched1

Last CVEJan 14, 2025

Plugin page Download

Safety Verdict

Is Foundation Columns Safe to Use in 2026?

Use With Caution

Score 64/100

Foundation Columns has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 14, 2025Updated 10yr ago

Risk Assessment

The foundation-columns plugin v0.8 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no direct SQL queries, and a high percentage of properly escaped output. It also avoids file operations and external HTTP requests, which are common vectors for vulnerabilities. However, several concerns warrant attention. The plugin has a known unpatched medium severity vulnerability related to Cross-site Scripting, which is a significant risk that must be addressed. Additionally, the absence of nonce checks across its entry points, despite having capability checks, presents a potential weakness that could be exploited if an attacker can manipulate requests to these shortcodes without proper validation.

Key Concerns

Unpatched medium severity CVE
Missing nonce checks on entry points

Vulnerabilities

Foundation Columns Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-22747medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Foundation Columns <= 0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 14, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Foundation Columns Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped15 total outputs

Attack Surface

Foundation Columns Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[fc] foundation-columns.php:126

[fc_grid] foundation-columns.php:127

[fc_item] foundation-columns.php:128

WordPress Hooks 12

actionplugins_loadedfoundation-columns.php:123

filterpost_classfoundation-columns.php:131

filterthe_contentfoundation-columns.php:134

filterthe_contentfoundation-columns.php:136

filterthe_contentfoundation-columns.php:137

actionadmin_enqueue_scriptsfoundation-columns.php:140

actioninitfoundation-columns.php:143

actionadmin_headfoundation-columns.php:146

filtermce_external_languagesfoundation-columns.php:149

actionadmin_noticesfoundation-columns.php:153

filtermce_external_pluginsfoundation-columns.php:348

filtermce_buttonsfoundation-columns.php:349

Maintenance & Trust

Foundation Columns Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedMay 8, 2015

PHP min version

Downloads4K

Community Trust

Rating90/100

Number of ratings2

Active installs40

Alternatives

Foundation Columns Alternatives

Lightweight Grid Columns

lightweight-grid-columns

Easily add desktop, tablet and mobile friendly columns to your content using an easy to use shortcode.

10K No CVEs

Grid Shortcodes

grid-shortcodes

100

A responsive and easy-to-use tool for dividing your content in your posts/pages. This ultra-lightweight plugin allows you to put your content in colum …

2K 1 CVE

Block Editor Bootstrap Blocks

block-editor-bootstrap-blocks

Fully responsive Bootstrap 5 blocks, components and extends for Gutenberg

900 1 CVE

WEN Responsive Columns

wen-responsive-columns

Easily display columnized content in your pages or posts.

900 1 CVE

DivUp Content

divup-content

Wrap divs around classic editor content using divup shortcodes. Also works for Gutenberg, but you may prefer to use the group block.

300 No CVEs

Developer Profile

Foundation Columns Developer Profile

tormorten

6 plugins · 100 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Foundation Columns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/foundation-columns/js/foundation-columns.js/wp-content/plugins/foundation-columns/css/foundation-columns.css

Script Paths

/wp-content/plugins/foundation-columns/js/foundation-columns.js

Version Parameters

foundation-columns.css?ver=foundation-columns.js?ver=

HTML / DOM Fingerprints

CSS Classes

columnshas-foundation-columns

JS Globals

FoundationColumns

Shortcode Output

<div class=" columns"><ul class=""><li>

FAQ