WP-Safety

ND Shortcodes Security & Risk Analysis

wordpress.org/plugins/nd-shortcodes

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …

20K active installs v7.8 PHP + WP 4.5+ Updated Mar 18, 2025
componentselementorelementor-libraryshortcodeswp-bakery-page-builder
89
A · Safe
CVEs total5
Unpatched0
Last CVEMay 24, 2024
Plugin page Download
Safety Verdict

Is ND Shortcodes Safe to Use in 2026?

Generally Safe

Score 89/100

ND Shortcodes has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: May 24, 2024Updated 1yr ago
Risk Assessment

The static analysis of nd-shortcodes v7.8 indicates a generally strong security posture. The plugin demonstrates excellent practices by having 100% of its SQL queries use prepared statements and 100% of its output properly escaped. Furthermore, there are no observed dangerous functions, file operations, or external HTTP requests, which significantly reduces the attack surface. The limited number of AJAX handlers and REST API routes, all appearing to have authentication checks, also contributes positively. Taint analysis revealing no unsanitized paths is a significant strength.

However, the vulnerability history presents a notable concern. The plugin has a history of 5 known CVEs, all classified as medium severity. The common vulnerability types identified (PHP Remote File Inclusion, Cross-site Scripting, and Improper Privilege Management) are serious and indicate recurring issues with input validation and privilege handling in past versions. While there are currently no unpatched vulnerabilities, this history suggests a potential for these types of flaws to reappear. The presence of only 3 nonce checks and 2 capability checks across 41 entry points is also a weakness that could be exploited if new vulnerabilities are introduced.

In conclusion, nd-shortcodes v7.8 benefits from robust code-level security practices in its current version, particularly concerning SQL and output handling. The absence of critical or high-severity issues in taint analysis and code signals is reassuring. Nevertheless, the significant history of medium-severity vulnerabilities in the past, especially those related to RFI, XSS, and privilege management, coupled with a limited number of explicit security checks (nonces and capabilities) on its entry points, warrants caution. A thorough review of past vulnerability fixes and ongoing monitoring are recommended.

Key Concerns

  • History of 5 medium severity CVEs
  • Limited nonce checks on entry points
  • Limited capability checks on entry points
Vulnerabilities
5 published

ND Shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2022
2022
2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2024-5220medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting

May 24, 2024 Patched in 7.6 (7d)
CVE-2022-4623medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ND Shortcodes <= 6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jun 12, 2023 Patched in 7.0 (225d)
CVE-2023-1273medium · 6.4Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion

Jun 12, 2023 Patched in 7.0 (225d)
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodesmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ND Shortcodes <= 6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 1, 2022 Patched in 6.6 (571d)
CVE-2019-15771medium · 6.1Improper Privilege Management

ND Shortcodes <= 5.9.1 - Unauthenticated WordPress Options Update

Jul 31, 2019 Patched in 6.0 (1637d)
Version History

ND Shortcodes Release Timeline

v7.8Current
v7.7
v7.6
v7.51 CVE
CVE-2024-5220
v7.41 CVE
CVE-2024-5220
v7.31 CVE
CVE-2024-5220
v7.21 CVE
CVE-2024-5220
v7.11 CVE
CVE-2024-5220
v7.01 CVE
CVE-2024-5220
v6.93 CVEs
CVE-2024-5220 CVE-2022-4623 CVE-2023-1273
v6.83 CVEs
CVE-2024-5220 CVE-2022-4623 CVE-2023-1273
v6.73 CVEs
CVE-2024-5220 CVE-2022-4623 CVE-2023-1273
v6.63 CVEs
CVE-2024-5220 CVE-2022-4623 CVE-2023-1273
v6.54 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +1 more
v6.44 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +1 more
v6.34 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +1 more
v6.24 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +1 more
v6.14 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +1 more
v6.04 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +1 more
v5.9.15 CVEs
WF-037882e8-4d66-47b9-8ca5-3fa3866b9125-nd-shortcodes CVE-2024-5220 CVE-2022-4623 +2 more
Code Analysis
Analyzed Mar 16, 2026

ND Shortcodes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
3236 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped3236 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
nicdark_import_demo (inc\settings\import-elementor\index.php:152)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ND Shortcodes Attack Surface

Entry Points41
Unprotected0

AJAX Handlers 4

authwp_ajax_nd_options_import_demo_php_functioninc\settings\import-demo\index.php:306
authwp_ajax_nd_options_import_plugin_functioninc\settings\import-export\index.php:289
authwp_ajax_nd_options_get_search_results_php_functionshortcodes\custom\post-search\index.php:322
noprivwp_ajax_nd_options_get_search_results_php_functionshortcodes\custom\post-search\index.php:323

Shortcodes 37

[nd_alert] addons\customizer\shortcodes\alert\index.php:102
[nd_alert_message] addons\customizer\shortcodes\alert\index.php:186
[nd_login] addons\customizer\shortcodes\login\index.php:62
[nd_social] addons\customizer\shortcodes\social\index.php:37
[nd_icon_text] addons\customizer\shortcodes\top-header\index.php:115
[nd_options_eventscalendar_post_grid] addons\eventscalendar\vc\index.php:5
[nd_options_woo_post_grid] addons\woocommerce\vc\index.php:5
[nd_options_badge] shortcodes\custom\badge\index.php:4
[nd_options_beforeafter] shortcodes\custom\beforeafter\index.php:4
[nd_options_button] shortcodes\custom\button\index.php:4
[nd_options_cf7] shortcodes\custom\cf7\index.php:4
[nd_column] shortcodes\custom\column\index.php:28
[nd_options_countdown] shortcodes\custom\countdown\index.php:4
[nd_options_counter] shortcodes\custom\counter\index.php:4
[nd_options_divider] shortcodes\custom\divider\index.php:4
[nd_options_focus_number] shortcodes\custom\focus-number\index.php:4
[nd_options_image] shortcodes\custom\image\index.php:4
[nd_options_list] shortcodes\custom\list\index.php:4
[nd_options_magic_popup] shortcodes\custom\magic-popup\index.php:4
[nd_options_menu] shortcodes\custom\menu\index.php:29
[nd_options_open_sidebar] shortcodes\custom\open-sidebar\index.php:4
[nd_options_post_grid] shortcodes\custom\post-grid\index.php:5
[nd_options_post_search] shortcodes\custom\post-search\index.php:4
[nd_options_prices] shortcodes\custom\price\index.php:4
[nd_price_row] shortcodes\custom\price\index.php:323
[nd_options_services] shortcodes\custom\service\index.php:4
[nd_options_service_pro] shortcodes\custom\service-pro\index.php:4
[nd_options_spacer] shortcodes\custom\spacer\index.php:4
[nd_options_text] shortcodes\custom\text\index.php:5
[nd_options_toogle] shortcodes\custom\toogle\index.php:4
[nd_options_typewriter] shortcodes\custom\typewriter\index.php:4
[nd_options_focus] shortcodes\focus\index.php:4
[nd_options_price] shortcodes\price\index.php:4
[nd_options_progress] shortcodes\progress\index.php:4
[nd_options_service] shortcodes\service\index.php:4
[nd_options_team] shortcodes\team\index.php:4
[nd_options_testimonial] shortcodes\testimonial\index.php:4
WordPress Hooks 161
actionnd_learning_end_header_img_single_course_hookaddons\breadcrumb\index.php:11
actionnd_learning_end_header_img_archive_courses_hookaddons\breadcrumb\index.php:12
actionnd_learning_end_header_img_single_teacher_hookaddons\breadcrumb\index.php:13
actionnd_learning_end_header_img_archive_teachers_hookaddons\breadcrumb\index.php:14
actionnd_options_end_header_img_page_hookaddons\breadcrumb\index.php:17
actionnd_options_end_header_img_post_hookaddons\breadcrumb\index.php:18
actionnd_options_end_header_img_search_hookaddons\breadcrumb\index.php:19
actionnd_options_end_header_img_archive_hookaddons\breadcrumb\index.php:20
actioncustomize_registeraddons\customizer\archives\archives\index.php:4
actioncustomize_registeraddons\customizer\archives\index.php:4
actioncustomize_registeraddons\customizer\archives\search\index.php:4
actioncustomize_registeraddons\customizer\examples\examples.php:5
actioncustomize_registeraddons\customizer\fonts\index.php:5
actionwp_enqueue_scriptsaddons\customizer\fonts\index.php:247
actionwp_headaddons\customizer\fonts\index.php:354
filterbody_classaddons\customizer\fonts\index.php:359
actioncustomize_registeraddons\customizer\footer\footer-1\index.php:3
actioncustomize_registeraddons\customizer\footer\footer-2\index.php:3
actioncustomize_registeraddons\customizer\footer\footer-3\index.php:3
actioncustomize_registeraddons\customizer\footer\footer-4\index.php:3
actionwidgets_initaddons\customizer\footer\footer-4\index.php:238
actioncustomize_registeraddons\customizer\footer\footer-5\index.php:3
actioncustomize_registeraddons\customizer\footer\footer-6\index.php:3
actioncustomize_registeraddons\customizer\footer\index.php:4
actionnicdark_footer_ndaddons\customizer\footer\index.php:65
actioncustomize_registeraddons\customizer\forms\errors\index.php:4
actionwp_headaddons\customizer\forms\errors\index.php:266
actioncustomize_registeraddons\customizer\forms\fields\index.php:4
actionwp_headaddons\customizer\forms\fields\index.php:267
actioncustomize_registeraddons\customizer\forms\index.php:4
filterbody_classaddons\customizer\forms\index.php:32
actioncustomize_registeraddons\customizer\forms\submit\index.php:4
actionwp_headaddons\customizer\forms\submit\index.php:223
actioncustomize_registeraddons\customizer\general\index.php:4
actioncustomize_registeraddons\customizer\general\rtl\index.php:4
actionwp_enqueue_scriptsaddons\customizer\general\rtl\index.php:50
actionwp_headaddons\customizer\general\rtl\index.php:52
actioncustomize_registeraddons\customizer\header\header-1\index.php:4
actioncustomize_registeraddons\customizer\header\header-2\index.php:4
actioncustomize_registeraddons\customizer\header\header-3\index.php:4
actioncustomize_registeraddons\customizer\header\header-4\index.php:4
actioncustomize_registeraddons\customizer\header\header-5\index.php:4
actionwidgets_initaddons\customizer\header\header-5\index.php:87
actioncustomize_registeraddons\customizer\header\header-6\index.php:4
actioncustomize_registeraddons\customizer\header\index.php:4
actionnicdark_header_ndaddons\customizer\header\index.php:65
actionwp_headaddons\customizer\header\index.php:90
actioncustomize_registeraddons\customizer\header\labels\index.php:4
actionwp_headaddons\customizer\header\labels\index.php:155
actioncustomize_registeraddons\customizer\header\logo\index.php:4
actionnd_options_hook_start_navigationaddons\customizer\header\search\content.php:4
actionnd_options_hook_icons_navigationaddons\customizer\header\search\content.php:81
actionwp_headaddons\customizer\header\search\content.php:143
actioncustomize_registeraddons\customizer\header\search\index.php:4
actioncustomize_registeraddons\eventscalendar\customizer\header-img\index.php:4
actioncustomize_registeraddons\eventscalendar\customizer\index.php:4
actioncustomize_registeraddons\eventscalendar\customizer\styles\index.php:4
actionwp_headaddons\eventscalendar\customizer\styles\index.php:62
actionadd_meta_boxesaddons\eventscalendar\metabox\index.php:5
actionsave_postaddons\eventscalendar\metabox\index.php:54
actionnicdark_header_after_navigationaddons\eventscalendar\template\index.php:82
actionvc_before_initaddons\eventscalendar\vc\index.php:72
actioncustomize_registeraddons\give\customizer\index.php:4
actioncustomize_registeraddons\give\customizer\plugin-colors\index.php:4
actionwp_headaddons\give\customizer\plugin-colors\index.php:90
actioninitaddons\locations\cpt\index.php:22
actionadd_meta_boxesaddons\locations\metabox\index.php:5
actionsave_postaddons\locations\metabox\index.php:56
actionnd_options_admin_navigation_hookaddons\locations\settings\index.php:4
actionnd_options_create_new_admin_setting_pageaddons\locations\settings\index.php:30
actionadmin_menuaddons\locations\settings\index.php:35
actionadmin_initaddons\locations\settings\index.php:40
actionadd_meta_boxesaddons\metabox\page\index.php:5
actionsave_postaddons\metabox\page\index.php:82
actionadd_meta_boxesaddons\metabox\page\index.php:116
actionsave_postaddons\metabox\page\index.php:224
actionadd_meta_boxesaddons\metabox\post\index.php:5
actionsave_postaddons\metabox\post\index.php:82
actionadd_meta_boxesaddons\metabox\post\index.php:115
actionsave_postaddons\metabox\post\index.php:152
actionadd_meta_boxesaddons\metabox\post\index.php:171
actionsave_postaddons\metabox\post\index.php:281
actionadd_meta_boxesaddons\metabox\post\index.php:311
actionsave_postaddons\metabox\post\index.php:345
actionadd_meta_boxesaddons\metabox\post\index.php:371
actionsave_postaddons\metabox\post\index.php:405
actionadd_meta_boxesaddons\metabox\post\index.php:432
actionsave_postaddons\metabox\post\index.php:475
actionnicdark_archive_ndaddons\templates\archive\index.php:5
actioncustomize_registeraddons\templates\comment\customizer.php:4
actionnicdark_comments_ndaddons\templates\comment\index.php:8
actioncustomize_registeraddons\templates\page\customizer.php:4
actionnicdark_page_ndaddons\templates\page\index.php:19
actionwp_headaddons\templates\page\layout\sidebar\layout-1.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-2.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-3.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-4.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-5.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-6.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-7.php:4
actionwp_headaddons\templates\page\layout\sidebar\layout-8.php:4
actioncustomize_registeraddons\templates\post\customizer.php:4
actionnicdark_single_ndaddons\templates\post\index.php:9
actionnicdark_search_ndaddons\templates\search\index.php:5
actionadmin_menuaddons\themes\index.php:4
actionadmin_enqueue_scriptsaddons\themes\index.php:19
actioncustomize_registeraddons\woocommerce\customizer\archive-products\index.php:4
actioncustomize_registeraddons\woocommerce\customizer\index.php:4
actioncustomize_registeraddons\woocommerce\customizer\plugin-colors\index.php:4
actioncustomize_registeraddons\woocommerce\customizer\single-product\index.php:4
actioncustomize_registeraddons\woocommerce\customizer\styles\index.php:4
actionwp_headaddons\woocommerce\customizer\styles\index.php:69
actionwidgets_initaddons\woocommerce\index.php:32
actionadd_meta_boxesaddons\woocommerce\metabox\index.php:5
actionsave_postaddons\woocommerce\metabox\index.php:54
actionadd_meta_boxesaddons\woocommerce\metabox\index.php:75
actionsave_postaddons\woocommerce\metabox\index.php:183
actionnicdark_woocommerce_ndaddons\woocommerce\template\index.php:5
actionvc_before_initaddons\woocommerce\vc\index.php:73
actionadmin_menuinc\settings\import-demo\index.php:4
actionnicdark_import_demo_nav_ndinc\settings\import-elementor\index.php:5
actionnicdark_import_demo_ndinc\settings\import-elementor\index.php:151
actionadmin_menuinc\settings\import-export\index.php:4
actionadmin_enqueue_scriptsinc\settings\index.php:12
actionadmin_menuinc\settings\index.php:41
actionadmin_initinc\settings\index.php:46
actionplugins_loadednd-shortcodes.php:19
actionwp_enqueue_scriptsnd-shortcodes.php:32
filterwidget_textnd-shortcodes.php:58
actionafter_switch_themend-shortcodes.php:65
actionvc_before_initshortcodes\custom\badge\index.php:67
actionvc_before_initshortcodes\custom\beforeafter\index.php:61
actionvc_before_initshortcodes\custom\button\index.php:102
actionvc_before_initshortcodes\custom\cf7\index.php:146
filterwpcf7_form_elementsshortcodes\custom\cf7\index.php:264
actionvc_before_initshortcodes\custom\countdown\index.php:97
actionvc_before_initshortcodes\custom\counter\index.php:80
actionvc_before_initshortcodes\custom\divider\index.php:48
actionvc_before_initshortcodes\custom\focus-number\index.php:61
actionvc_before_initshortcodes\custom\image\index.php:42
actionvc_before_initshortcodes\custom\list\index.php:80
actionvc_before_initshortcodes\custom\magic-popup\index.php:100
actionvc_before_initshortcodes\custom\menu\index.php:190
actionvc_before_initshortcodes\custom\open-sidebar\index.php:160
actionvc_before_initshortcodes\custom\post-grid\index.php:85
actionadd_meta_boxesshortcodes\custom\post-grid\metabox.php:4
actionsave_postshortcodes\custom\post-grid\metabox.php:41
actionvc_before_initshortcodes\custom\post-search\index.php:124
actionvc_before_initshortcodes\custom\price\index.php:81
actionvc_before_initshortcodes\custom\service\index.php:78
actionvc_before_initshortcodes\custom\service-pro\index.php:125
actionvc_before_initshortcodes\custom\spacer\index.php:35
actionvc_before_initshortcodes\custom\text\index.php:83
actionvc_before_initshortcodes\custom\toogle\index.php:92
actionvc_before_initshortcodes\custom\typewriter\index.php:117
actionvc_before_initshortcodes\focus\index.php:72
actionvc_before_initshortcodes\price\index.php:107
actionvc_before_initshortcodes\progress\index.php:50
actionvc_before_initshortcodes\service\index.php:65
actionvc_before_initshortcodes\team\index.php:100
actionvc_before_initshortcodes\testimonial\index.php:84
Maintenance & Trust

ND Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 18, 2025
PHP min version
Downloads414K

Community Trust

Rating66/100
Number of ratings13
Active installs20K
Alternatives

ND Shortcodes Alternatives

Elements For Elementor

Elements For Elementor

nd-elements

A
90

The plugin adds some useful elements to the Elementor Page Builder Plugin. All components are full responsive and retina ready.

10K 2 CVEs
Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Futurio Extra

Futurio Extra

futurio-extra

A
96

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs
Popularis Extra

Popularis Extra

popularis-extra

B
74

Popularis Extra add extra features to Popularis theme like demo import, widgets, shortcodes or Elementor widgets.

8K 1 unpatched
Shortcodes for Elementor

Shortcodes for Elementor

shortcode-elementor

A
99

"Shortcodes for Elementor"lets you effortlessly insert Elementor pages and sections templates anywhere using shortcodes.Create global elements easily!

5K 1 CVE
Developer Profile

ND Shortcodes Developer Profile

nicdark

4 plugins · 34K total installs

64
trust score
Avg Security Score
79/100
Avg Patch Time
461 days
View full developer profile
Detection Fingerprints

How We Detect ND Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nd-shortcodes/css/style.css
Version Parameters
nd-shortcodes/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
nd_options_first_fontnd_options_second_fontnd_options_third_font
FAQ

Frequently Asked Questions about ND Shortcodes