My Email Shortcode Security & Risk Analysis

wordpress.org/plugins/my-email-shortcode

If you often display your email address on your blog, this plugin is for you. If you change your address, it will apply the change in all places.

10 active installs v0.91 PHP + WP 3.0+ Updated Sep 25, 2010
authoremailprofileshortcode
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 26, 2026
Safety Verdict

Is My Email Shortcode Safe to Use in 2026?

Use With Caution

Score 63/100

My Email Shortcode has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 26, 2026Updated 15yr ago
Risk Assessment

The 'my-email-shortcode' plugin version 0.91 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The code appears to adhere to good practices, with no dangerous functions, all SQL queries using prepared statements, and all outputs properly escaped. Furthermore, there are no file operations or external HTTP requests, and no known vulnerabilities have been recorded for this plugin. This lack of historical issues and adherence to secure coding principles in the current version is a positive indicator.

However, the absence of nonce and capability checks on the single identified shortcode entry point, while currently not a direct risk due to zero unprotected entry points and zero taint flows, represents a potential weakness. If the functionality within this shortcode were to be extended or if new entry points were introduced in future versions without proper authentication and authorization checks, it could expose the plugin to security risks. Therefore, while the current version is secure, a proactive approach to implementing these checks would further harden the plugin.

Key Concerns

  • Missing nonce checks on entry points
  • Missing capability checks on entry points
Vulnerabilities
1 published

My Email Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8048medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Email Shortcode <= 0.91 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

May 26, 2026Unpatched
Version History

My Email Shortcode Release Timeline

v0.91Current1 CVE
v0.901 CVE
Code Analysis
Analyzed Mar 17, 2026

My Email Shortcode Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

My Email Shortcode Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[my-email] my-email-shortcode.php:43
Maintenance & Trust

My Email Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedSep 25, 2010
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

My Email Shortcode Developer Profile

paulpela

3 plugins · 50 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect My Email Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
my-email-shortcode
Shortcode Output
<a href="mailto:" class="my-email-shortcode"> Error. Please set your email address in Users->Your profile.
FAQ

Frequently Asked Questions about My Email Shortcode