Does iframe Wrapper have any unpatched vulnerabilities?

No. All known vulnerabilities in iframe Wrapper have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is iframe Wrapper compatible with WordPress 3.0.5?

According to WordPress.org data, iframe Wrapper 0.1.1 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is iframe Wrapper updated?

iframe Wrapper was last updated on Mar 24, 2012. Frequent updates are generally a positive security signal.

What is iframe Wrapper's security score?

iframe Wrapper has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iframe Wrapper Security & Risk Analysis

wordpress.org/plugins/iframe-wrapper

A small little plugin to embed an auto resizing iframe into a WordPress page or post.

500 active installs v0.1.1 PHP + WP 2.6+ Updated Mar 24, 2012

embedframeiframewrapwrapper

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is iframe Wrapper Safe to Use in 2026?

Generally Safe

Score 85/100

iframe Wrapper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "iframe-wrapper" plugin version 0.1.1 exhibits a generally strong security posture based on the provided static analysis. The code appears to follow good practices by not utilizing dangerous functions, employing prepared statements for all SQL queries, and ensuring all output is properly escaped. Furthermore, the absence of file operations, external HTTP requests, and any recorded vulnerability history suggests a well-developed and secure plugin. The limited attack surface, consisting of a single shortcode and no unprotected entry points, further reinforces this positive assessment.

Despite the strong code-level security, there are no explicit nonce or capability checks identified in the static analysis. While the limited attack surface and absence of known vulnerabilities reduce the immediate risk, the lack of these fundamental WordPress security mechanisms represents a potential weakness. If the shortcode were to process user-supplied data in the future, or if the plugin's functionality evolved to include more sensitive operations, the absence of proper authorization and validation could become a concern. The current version, however, appears safe due to its minimal functionality and clean code.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

iframe Wrapper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

iframe Wrapper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

iframe Wrapper Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[iframeWrapper] iframe-wrapper.php:12

WordPress Hooks 1

actionwp_enqueue_scriptsiframe-wrapper.php:14

Maintenance & Trust

iframe Wrapper Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedMar 24, 2012

PHP min version

Downloads14K

Community Trust

Rating0/100

Number of ratings0

Active installs500

Alternatives

iframe Wrapper Alternatives

WP Wrapper

wp-wrapper

Wrapper for WordPress pages using iFrame. Various options in admin panel

700 No CVEs

HostFact bestelformulier integratie

hostfact-bestelformulier-integratie

Eenvoudige manier om het bestelformulier van HostFact in de Wordpress website te integreren.

200 1 CVE

iframe

[iframe src="http://www.youtube.com/embed/7_nAZQt9qu0" width="100%" height="500"] shortcode

70K 6 CVEs

Advanced iFrame

advanced-iframe

Include content the way YOU like in an iframe that can hide and modify elements, does auto-height, forward parameters and does many, many more...

40K 12 CVEs

Embed Privacy

embed-privacy

100

Embed Privacy prevents the loading of embedded external content and allows your site visitors to opt-in.

10K 1 CVE

Developer Profile

iframe Wrapper Developer Profile

Aelora

4 plugins · 550 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iframe Wrapper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/iframe-wrapper/iframe-wrapper.js

Script Paths

/wp-content/plugins/iframe-wrapper/iframe-wrapper.js

Version Parameters

iframe-wrapper.js?ver=

HTML / DOM Fingerprints

CSS Classes

iframe-wrapper

HTML Comments

Shortcode Output

<iframe scrolling="no" class="iframe-wrapper" style="width:100%;border:0;overflow-y:hidden;" src="

FAQ