Does IF AS Shortcode have any unpatched vulnerabilities?

Yes — IF AS Shortcode currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is IF AS Shortcode compatible with WordPress 6.6.5?

According to WordPress.org data, IF AS Shortcode 1.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is IF AS Shortcode compatible with PHP 5.6+?

IF AS Shortcode requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is IF AS Shortcode updated?

IF AS Shortcode was last updated on Aug 9, 2024. Frequent updates are generally a positive security signal.

What is IF AS Shortcode's security score?

IF AS Shortcode has a WP-Safety security score of 67/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IF AS Shortcode Security & Risk Analysis

wordpress.org/plugins/if-as-shortcode

You can use if statement as shortcode everywhere you want!

10 active installs v1.2 PHP 5.6+ WP 4.0+ Updated Aug 9, 2024

conditionsifif_statementpage_templete_conditionspost_templete_conditions

C · Use Caution

CVEs total1

Unpatched1

Last CVEDec 25, 2025

Plugin page Download

Safety Verdict

Is IF AS Shortcode Safe to Use in 2026?

Use With Caution

Score 67/100

IF AS Shortcode has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 25, 2025Updated 1yr ago

Risk Assessment

The "if-as-shortcode" v1.2 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and implementing nonce and capability checks on its entry points, significant concerns arise from its output escaping. The static analysis reveals that 100% of outputs are not properly escaped, which presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This is a critical oversight that could allow malicious scripts to be injected and executed within the WordPress environment. The vulnerability history, including a recent high-severity CVE related to code injection, further exacerbates these concerns. The fact that this vulnerability is currently unpatched suggests a lack of timely security patching by the developers, or a critical flaw that remains exposed. Therefore, despite some positive security implementations, the combination of unescaped output and an unpatched critical vulnerability makes this plugin a significant security risk.

Key Concerns

Unescaped output in 100% of outputs
Currently unpatched high severity CVE
Previous CVE type: Code Injection

Vulnerabilities

1 published

IF AS Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-68897high · 8.8Improper Control of Generation of Code ('Code Injection')

IF AS Shortcode <= 1.2 - Authenticated (Contributor+) Remote Code Execution

Dec 25, 2025Unpatched

Version History

IF AS Shortcode Release Timeline

v1.2Current1 CVE

CVE-2025-68897

v1.11 CVE

CVE-2025-68897

v1.01 CVE

CVE-2025-68897

Code Analysis

Analyzed Mar 17, 2026

IF AS Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped47 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

description_hack (include\shortcode_menu.php:220)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

IF AS Shortcode Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 2

authwp_ajax_gs_sim_description_hackinclude\shortcode_menu.php:30

authwp_ajax_add-menu-iteminclude\shortcode_menu.php:38

Shortcodes 3

[if] if_as_shortcode.php:80

[PHP_CODE] if_as_shortcode.php:89

[gs_test_shortcode] include\shortcode_menu.php:15

WordPress Hooks 16

actionplugins_loadedif_as_shortcode.php:19

actioninitif_as_shortcode.php:56

filtermce_external_pluginsif_as_shortcode.php:103

filtermce_buttonsif_as_shortcode.php:104

actioninitif_as_shortcode.php:120

actionadmin_noticesif_as_shortcode.php:131

actionadmin_noticesif_as_shortcode.php:141

actionadmin_initif_as_shortcode.php:151

actionwidgets_initinclude\restricted-content.php:5

actionadmin_initinclude\shortcode_menu.php:18

filterwalker_nav_menu_start_elinclude\shortcode_menu.php:21

filterwp_setup_nav_menu_iteminclude\shortcode_menu.php:24

actionadmin_enqueue_scriptsinclude\shortcode_menu.php:27

actionwp_loadedinclude\shortcode_menu.php:33

filterclean_urlinclude\shortcode_menu.php:36

filterclean_urlinclude\shortcode_menu.php:267

Maintenance & Trust

IF AS Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 9, 2024

PHP min version5.6

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

IF AS Shortcode Alternatives

Conditions for Texts (Dynamic Content)

conditions-for-texts

MAKE YOUR CONTENT DYNAMIC! Use if statements with variables to display text blocks only under certain conditions. For example: Publish other text bloc …

10 No CVEs

WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups

wp-terms-popup

Use WP Terms Popup to ask visitors to agree to your terms and conditions or privacy policy before they are allowed to view your site.

3K 2 CVEs

Additional Terms for WooCommerce

woo-additional-terms

100

Improve your checkout process by adding an extra checkbox for terms and conditions. Keep track of acceptance to ensure transparency and security.

2K No CVEs

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

100

Optimize images in 1‑click: compress, resize & convert to WebP/AVIF - free up to 20MB/month. Enjoy the easiest WordPress image optimizer to set up.

1.0M No CVEs

Developer Profile

IF AS Shortcode Developer Profile

Mohammad I. Okfie

3 plugins · 2K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IF AS Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/if-as-shortcode/include/editor_plugin.js

Script Paths

/wp-content/plugins/if-as-shortcode/include/editor_plugin.js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-mce-placeholder

JS Globals

if_statement_text_domain

Shortcode Output

[else]

FAQ

IF AS Shortcode Security & Risk Analysis

Is IF AS Shortcode Safe to Use in 2026?

Use With Caution

Key Concerns

IF AS Shortcode Security Vulnerabilities

CVEs by Year

Severity Breakdown

IF AS Shortcode Release Timeline

IF AS Shortcode Code Analysis

Output Escaping

Data Flow Analysis

IF AS Shortcode Attack Surface

AJAX Handlers 2

Shortcodes 3

IF AS Shortcode Maintenance & Trust

Maintenance Signals

Community Trust

IF AS Shortcode Alternatives

Conditions for Texts (Dynamic Content)

WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups

Additional Terms for WooCommerce

Image Optimizer – Optimize Images and Convert to WebP or AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

IF AS Shortcode Developer Profile

How We Detect IF AS Shortcode

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about IF AS Shortcode