WP-Safety

Norse Rune Oracle Plugin Security & Risk Analysis

wordpress.org/plugins/norse-runes-oracle

The Norse Runes Oracle Plugin allows you to interpret single runes or do rune castings.

60 active installs v1.4.4 PHP + WP 3.5.1+ Updated Apr 1, 2025
oraclephsychicrunesself-helptarot
91
A · Safe
CVEs total2
Unpatched0
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is Norse Rune Oracle Plugin Safe to Use in 2026?

Generally Safe

Score 91/100

Norse Rune Oracle Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Apr 1, 2025Updated 1yr ago
Risk Assessment

The plugin 'norse-runes-oracle' v1.4.4 exhibits a generally good security posture based on static analysis, with no identified critical or high severity taint flows and a high percentage of properly escaped output. The plugin demonstrates a commitment to secure coding practices by exclusively using prepared statements for SQL queries and including a nonce check. Furthermore, the absence of external HTTP requests and file operations minimizes common attack vectors. However, the vulnerability history is a significant concern, with two previously disclosed medium severity vulnerabilities, specifically Cross-site Scripting (XSS) and Cross-Site Request Forgery (CSRF). While currently unpatched CVEs are zero, the past occurrence of these vulnerability types suggests potential for future similar weaknesses if not addressed proactively. The presence of 8 shortcodes, although not directly flagged as unprotected, represents a notable attack surface that, combined with past vulnerabilities, warrants careful monitoring.

Key Concerns

  • Two medium severity CVEs in vulnerability history
  • 8 shortcodes present, increasing attack surface
Vulnerabilities
2 published

Norse Rune Oracle Plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-31884medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Norse Rune Oracle Plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025 Patched in 1.4.4 (9d)
CVE-2025-22556medium · 6.1Cross-Site Request Forgery (CSRF)

Norse Rune Oracle Plugin <= 1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.4.3 (8d)
Version History

Norse Rune Oracle Plugin Release Timeline

v1.32 CVEs
CVE-2025-31884 CVE-2025-22556
v1.22 CVEs
CVE-2025-31884 CVE-2025-22556
v1.12 CVEs
CVE-2025-31884 CVE-2025-22556
v1.02 CVEs
CVE-2025-31884 CVE-2025-22556
Code Analysis
Analyzed Apr 16, 2026

Norse Rune Oracle Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
32 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

89% escaped36 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<NorseRunesAdmin> (NorseRunesAdmin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Norse Rune Oracle Plugin Attack Surface

Entry Points8
Unprotected0

Shortcodes 8

[showrune] NorseRunes.php:100
[definerune] NorseRunes.php:121
[showallrunes] NorseRunes.php:145
[showsinglerune] NorseRunes.php:157
[norsecustom] NorseRunes.php:179
[odinsrune] NorseRunes.php:189
[threerune] NorseRunes.php:200
[celticcross] NorseRunes.php:210
WordPress Hooks 4
actionadmin_menuNorseRunes.php:63
filterwp_headNorseRunes.php:235
filterquery_varsNorseRunes.php:249
actioninitNorseRunes.php:271
Maintenance & Trust

Norse Rune Oracle Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedApr 1, 2025
PHP min version
Downloads5K

Community Trust

Rating94/100
Number of ratings6
Active installs60
Alternatives

Norse Rune Oracle Plugin Alternatives

Tarot Card Oracle

Tarot Card Oracle

card-oracle

A
100

Create tarot, oracle, cartouche, and rune readings on your WordPress site using your own decks, spreads, and meanings.

100 No CVEs
Tarot, Oracle cards, Tarot readings, Tarokina

Tarot, Oracle cards, Tarot readings, Tarokina

tarokina-free

A
100

The best tarot plugin for wordpress. Intuitive and easy to use. Provides accurate tarot readings.

300 No CVEs
Oracle Cards Lite – Interactive Card Deck Plugin for WordPress

Oracle Cards Lite – Interactive Card Deck Plugin for WordPress

oracle-cards

A
99

Interactive Card Deck Plugin for WordPress

300 1 CVE
EZ Horoscope Professional

EZ Horoscope Professional

ez-horoscope

A
100

Astrologically accurate horoscopes with cosmic insights, advice, birth charts, and AI voice agents for chatting about readings.

200 No CVEs
Divine Astro

Divine Astro

horoscope-and-tarot

A
91

Divineapi.com is a leading API platform for services like Daily Horoscope, Tarot reading, Kundali, Panchang, Natal Chart, Fortune Cookie, Coffee Cup r &hellip;

100 1 CVE
Developer Profile

Norse Rune Oracle Plugin Developer Profile

WP CMS Ninja

5 plugins · 740 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect Norse Rune Oracle Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Norse Rune Oracle Plugin