WP-Safety

FOUNDATION LIVE SHORTCODES Security & Risk Analysis

wordpress.org/plugins/foundation-live-shortcodes

Add to your content the elements of Zurb Foundation Framework. This plugin is compatible with all themes.

10 active installs v1.0 PHP + WP 4.0+ Updated Jan 21, 2015
visual-editorwordpress-foundation-shortcodewordpress-shortcodeswordpress-zurb-foundationzurb-foundation
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FOUNDATION LIVE SHORTCODES Safe to Use in 2026?

Generally Safe

Score 85/100

FOUNDATION LIVE SHORTCODES has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "foundation-live-shortcodes" plugin v1.0 exhibits a generally positive security posture based on the static analysis. There are no identified dangerous functions, SQL queries are all prepared, and there are no external HTTP requests or file operations. The absence of any taint analysis findings, known CVEs, or past vulnerabilities is also a strong indicator of good development practices. The plugin relies heavily on its shortcode functionality as its primary attack surface, with 29 entry points identified. However, the analysis indicates that none of these shortcodes are directly exposed without authentication checks, which is a significant strength. A primary concern is the lack of nonce and capability checks across its entry points. While the attack surface is not directly "unprotected" in terms of raw access, the absence of these fundamental WordPress security mechanisms means that if any vulnerabilities were to be introduced, they could potentially be exploited more easily by authenticated users. The output escaping is also not perfect, with 30% of outputs not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped data is user-controlled or comes from an untrusted source.

Despite the absence of critical vulnerabilities in the current analysis and history, the lack of nonce and capability checks represents a notable weakness. This implies that the plugin trusts its authenticated users implicitly, which is a risky assumption. Future development or changes to the shortcodes could inadvertently introduce vulnerabilities that are then easier to exploit due to these missing security layers. The fact that there are no past vulnerabilities is encouraging, but it doesn't negate the need for robust security measures for all entry points, especially when dealing with a substantial number of shortcodes. The plugin has a good foundation with prepared SQL and no dangerous functions, but shoring up its authentication and authorization checks on all its shortcode entry points is crucial for a truly secure implementation.

Key Concerns

  • No nonce checks found
  • No capability checks found
  • Output escaping not fully implemented (30% unescaped)
Vulnerabilities
None known

FOUNDATION LIVE SHORTCODES Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

FOUNDATION LIVE SHORTCODES Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

70% escaped10 total outputs
Attack Surface

FOUNDATION LIVE SHORTCODES Attack Surface

Entry Points29
Unprotected0

Shortcodes 29

[epc_columnsblock] frontend.php:70
[epc_column] frontend.php:71
[epc_columnsblock] frontend.php:73
[epc_column] frontend.php:74
[epc_heading] frontend.php:95
[epc_list] frontend.php:105
[epc_listitem] frontend.php:114
[epc_alert] frontend.php:131
[epc_quote] frontend.php:152
[epc_label] frontend.php:164
[epc_panel] frontend.php:174
[epc_pricing] frontend.php:191
[epc_priceitem] frontend.php:200
[epc_progress] frontend.php:213
[epc_definition] frontend.php:223
[epc_button] frontend.php:250
[epc_buttonsplit] frontend.php:277
[buttonsplit_link] frontend.php:289
[epc_buttondrop] frontend.php:316
[buttondrop_link] frontend.php:328
[epc_image] frontend.php:353
[epc_lightbox] frontend.php:373
[epc_video] frontend.php:385
[epc_vcard] frontend.php:400
[epc_accordions] frontend.php:410
[epc_accordion] frontend.php:422
[epc_inlinelist] frontend.php:432
[inline_link] frontend.php:444
[epc_keyboard] frontend.php:454
WordPress Hooks 8
actionadmin_initadminpage.php:20
actionadmin_initadminpage.php:22
actionadmin_menuadminpage.php:24
filteradmin_enqueue_scriptsengine.php:22
actionmedia_buttons_contextengine.php:24
actionadmin_footerengine.php:31
actionadmin_footerengine.php:51
actionwp_enqueue_scriptsfrontend.php:30
Maintenance & Trust

FOUNDATION LIVE SHORTCODES Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedJan 21, 2015
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

FOUNDATION LIVE SHORTCODES Alternatives

WP Foundation Shortcodes

WP Foundation Shortcodes

wp-foundation-shortcodes

A
85

WP Foundation Shortcodes Plugin makes your ZURB Foundation website to the most powerful framework by styling your content with shortcodes

100 No CVEs
Page Builder by SiteOrigin

Page Builder by SiteOrigin

siteorigin-panels

A
88

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs
Brizy – Page Builder

Brizy – Page Builder

brizy

B
81

A page builder that is fast & easy, Brizy is a next-gen website builder that anyone can use. No designer or developer skills required.

70K 29 CVEs
Forget About Shortcode Buttons

Forget About Shortcode Buttons

forget-about-shortcode-buttons

A
91

A visual way to add CSS buttons in the rich text editor and to your themes.

30K 2 CVEs
Nimble Page Builder

Nimble Page Builder

nimble-builder

A
92

Simple and smart companion that allows you to insert sections into any existing page, create landing pages or entire websites including header and foo …

30K 1 CVE
Developer Profile

FOUNDATION LIVE SHORTCODES Developer Profile

epicadesign

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FOUNDATION LIVE SHORTCODES

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/foundation-live-shortcodes/assets/css/sc-backstyle.css
Version Parameters
sc-backstyle

HTML / DOM Fingerprints

CSS Classes
addfield-blocksc-adminpagehead-infozurb-herogeneral-info
Data Attributes
id="plugin_settings"id="sc-adminpage"id="promobox"
Shortcode Output
<div id="sc-adminpage"><div class="head-info">Foundation Live Shortcodes</div><img class="zurb-hero" src="http://epicadesign.fr/cdn-themes/global/images/zurb-hero.svg" /><div class="general-info"><strong>Based on :</strong><ul><li>ZURB Foundation Framework - v 5.5.0</li><li>Foundation Icon Fonts 3</li><li><a href="http://foundation.zurb.com/" target="_blank">Go ZURB Foundation website</a></li></ul></div><div class="general-info"><strong>Developed by :</strong><ul><li>Epica design</li><li>Website: <a href="http://epicadesign.fr" target="_blank">http://epicadesign.fr</a></li><li>Contact: contact@epicadesign.fr</li></ul></div></div><div id="promobox" style="margin:30px 0"><div class="panel callout radius"><h4>You want more shortcodes !!!</h4><p><strong>Purchase the <span style="color:#f1592a">PRO version</span> for <span style="color:#f1592a">only 12 €uros</span></strong>. <a style="float:right" class="button radius warning" href="http://epicadesign.fr/shop/foundation-live-shortcodes-pro/" target="_blank">Purchase Pro Version</a></p><p>PRO version add Slider shortcode - Modal Box shortcode - Tabs shortcode - Tooltip shortcode <br />and Dropdown Button shortcode.</p></div>
FAQ

Frequently Asked Questions about FOUNDATION LIVE SHORTCODES