Does Markdown Shortcode have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Markdown Shortcode compatible with WordPress 6.7.5?

According to WordPress.org data, Markdown Shortcode 0.2.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Markdown Shortcode updated?

Markdown Shortcode was last updated on Sep 21, 2025. Frequent updates are generally a positive security signal.

What is Markdown Shortcode's security score?

Markdown Shortcode has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Markdown Shortcode Security & Risk Analysis

wordpress.org/plugins/markdown-shortcode

Damn simple markdown for wordpress via shortcode, uses parsedown (parsedown.org) and highlight.js (highlightjs.org).

70 active installs v0.2.3 PHP + WP + Updated Sep 21, 2025

highlight-jsmarkdownparsedownshortcode

A · Safe

CVEs total1

Unpatched0

Last CVESep 25, 2025

Download

Safety Verdict

Is Markdown Shortcode Safe to Use in 2026?

Generally Safe

Score 99/100

Markdown Shortcode has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Sep 25, 2025Updated 7mo ago

Risk Assessment

The 'markdown-shortcode' plugin v0.2.3 exhibits a generally positive security posture, with no identified critical or high severity vulnerabilities in the static and taint analysis. The code correctly utilizes prepared statements for SQL queries and properly escapes all identified output, demonstrating adherence to secure coding practices in these areas. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its robust security profile. However, a medium severity vulnerability was previously identified, specifically a Cross-Site Scripting (XSS) issue, which was reportedly patched. The fact that a vulnerability was present, even if patched, suggests potential areas where input sanitization might require ongoing vigilance. While the current analysis shows no immediate flaws, the historical medium vulnerability warrants a cautious approach. The plugin has a small attack surface consisting only of shortcodes, and all entry points are protected by capability checks (implied by '0 without auth checks' and '0 without permission callbacks' for other entry points).

Key Concerns

Previous medium severity XSS vulnerability
No nonce checks on entry points

Vulnerabilities

1 published

Markdown Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-10180medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 25, 2025 Patched in 0.2.3 (1d)

Version History

Markdown Shortcode Release Timeline

v0.2.3Current

Code Analysis

Analyzed Mar 16, 2026

Markdown Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped1 total outputs

Attack Surface

Markdown Shortcode Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[markdown] markdown-shortcode.php:31

[markdown] markdown-shortcode.php:76

WordPress Hooks 4

actionplugins_loadedmarkdown-shortcode.php:10

actioninitmarkdown-shortcode.php:26

actionwp_enqueue_scriptsmarkdown-shortcode.php:30

filterthe_contentmarkdown-shortcode.php:32

Maintenance & Trust

Markdown Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedSep 21, 2025

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs70

Alternatives

Markdown Shortcode Alternatives

Github README

github-readme

Easily embed GitHub READMEs in pages/posts.

20 No CVEs

Harrix MarkdownFile

harrix-markdownfile

Display Markdown files with syntax highlighting in Wordpress.

10 No CVEs

WP-Markdown-Syntax-Sugar

wp-markdown-syntax-sugar

WP Markdown Syntax Sugar is a simple plugin that works in conjunction with Markdown code blocks and highlight.js to properly format code.

10 No CVEs

{eac}Doojigger Readme Extension for WordPress

eacreadme

100

{eac}Readme loads and translates a WordPress markdown 'readme' file providing shortcodes and embedding URLs to access header lines and section blocks.

0 No CVEs

MetaParsedown

metaparsedown

Import markdown and markdown-extra documents to Wordpress posts and pages, output as HTML, parse and save YAML front matter to post_meta, tags, and (o …

0 No CVEs

Developer Profile

Markdown Shortcode Developer Profile

JHoppe

1 plugin · 70 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Markdown Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/markdown-shortcode/highlight/styles/github.css/wp-content/plugins/markdown-shortcode/highlight/highlight.min.js/wp-content/plugins/markdown-shortcode/init_highlight.js

Script Paths

/wp-content/plugins/markdown-shortcode/highlight/highlight.min.js/wp-content/plugins/markdown-shortcode/init_highlight.js

Version Parameters

markdown-shortcode/highlight/styles/github.css?ver=markdown-shortcode/highlight/highlight.min.js?ver=markdown-shortcode/init_highlight.js?ver=

HTML / DOM Fingerprints

CSS Classes

markdown

Shortcode Output

<div class="markdown"></div>

FAQ