Game of 15 Security & Risk Analysis
wordpress.org/plugins/game-of-15Shortcode to add Game of 15 on pages or posts
Is Game of 15 Safe to Use in 2026?
Generally Safe
Score 85/100Game of 15 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "game-of-15" v1.0 plugin exhibits a generally good security posture based on the static analysis provided. There are no identified dangerous functions, SQL queries are properly prepared, and there are no external HTTP requests or file operations that pose immediate risks. The absence of known vulnerabilities further reinforces this positive outlook. However, a significant concern is the lack of output escaping on all identified output points. This means that any data displayed to users, if it originates from an untrusted source or contains user-supplied content, could be vulnerable to Cross-Site Scripting (XSS) attacks. The lack of nonce and capability checks, while not tied to specific entry points in this analysis (as there are no unprotected AJAX or REST API routes), represents a potential weakness if the plugin's functionality were to expand or if existing entry points are not fully secured in practice. The zero taint analysis results are encouraging, indicating no obvious flows of unsanitized data within the analyzed code paths.
Overall, the plugin demonstrates a commitment to secure coding practices in several key areas, particularly concerning data handling for SQL queries. The primary risk identified is the universal lack of output escaping, which presents a clear vulnerability for XSS. While the plugin has a clean vulnerability history and no immediate critical flaws detected in static analysis, the missing output sanitization is a critical oversight that requires immediate attention to prevent potential security breaches.
Key Concerns
- All output is unescaped
- No nonce checks
- No capability checks
Game of 15 Security Vulnerabilities
Game of 15 Code Analysis
Output Escaping
Game of 15 Attack Surface
Shortcodes 1
Maintenance & Trust
Game of 15 Maintenance & Trust
Maintenance Signals
Community Trust
Game of 15 Alternatives
Shortcoder — Create Shortcodes for Anything
shortcoder
Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets
Dinosaur Game
dinosaur-game
Add the dinosaur game from Google Chrome to your site using the [dinosaur-game] shortcode.
Slideshow
slideshow
A shortcode for displaying a slideshow of image attachments for a post.
Hide Text Shortcode
hide-text-shortcode
Shortcode to hide text
Solitaire Card Game – Embed Klondike Solitaire for Free – Ad-free Solitaire Puzzle game
embed-solitaire-iframe
This plugin lets you embed an ad-free version of Solitaire for free using a shortcode. Easily embed Klondike Solitaire on your WordPress website, usin …
Game of 15 Developer Profile
4 plugins · 420 total installs
How We Detect Game of 15
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/game-of-15/gameof15.css/wp-content/plugins/game-of-15/gameof15.js/wp-content/plugins/game-of-15/gameof15.jsgame-of-15/gameof15.css?ver=game-of-15/gameof15.js?ver=HTML / DOM Fingerprints
InnerDivcontainer<!--
$testo = '<div class="container">';
$testo = '<h2>Gioco del 15</h2>';
$testo = '<div id="status">Numero mosse: <span></span></div>';
$testo = '<div id="game"></div>';
$testo = '<div id="controls"><button>New Game</button></div>';
$testo = '</div>';
// return $testo;
-->immaginecolor<div class="container">
<h1>Gioco del 15</h1>
<div id="status">Numero mosse: <span></span></div>
<div id="game"></div>
<div id="controls"><button>Nuovo Gioco</button></div>
</div>