Does Pym.js Embeds have any unpatched vulnerabilities?

No. All known vulnerabilities in Pym.js Embeds have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pym.js Embeds compatible with WordPress 5.4.19?

According to WordPress.org data, Pym.js Embeds 1.3.2.4 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is Pym.js Embeds compatible with PHP 5.3+?

Pym.js Embeds requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pym.js Embeds updated?

Pym.js Embeds was last updated on Mar 26, 2020. Frequent updates are generally a positive security signal.

What is Pym.js Embeds's security score?

Pym.js Embeds has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pym.js Embeds Security & Risk Analysis

wordpress.org/plugins/pym-shortcode

A WordPress block and shortcode for embedding iframes that are responsive horizontally and vertically, using the NPR Visuals Team's Pym.js.

90 active installs v1.3.2.4 PHP 5.3+ WP 3.0.1+ Updated Mar 26, 2020

embedsiframejavascriptresponsiveshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pym.js Embeds Safe to Use in 2026?

Generally Safe

Score 85/100

Pym.js Embeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The pym-shortcode plugin version 1.3.2.4 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history suggests a consistent focus on security by the developers. The code analysis indicates good practices, with all SQL queries using prepared statements and a high percentage of output being properly escaped. There are no dangerous functions, file operations, or external HTTP requests, further limiting potential attack vectors. The plugin also demonstrates a low attack surface, with only one shortcode and no AJAX handlers or REST API routes that are exposed without authentication. However, the complete lack of nonce checks and the single capability check on its sole entry point (the shortcode) present a notable concern. While the taint analysis did not reveal any immediate issues, the absence of comprehensive checks could still allow for vulnerabilities if input is not handled carefully within the shortcode's processing, especially if it were to interact with user-supplied data in the future or if new entry points were added without proper security. This plugin is strong in many areas but has a potential weakness in input validation and authorization for its shortcode functionality.

Key Concerns

Missing nonce checks on shortcode
Only one capability check for shortcode

Vulnerabilities

None known

Pym.js Embeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Pym.js Embeds Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped36 total outputs

Attack Surface

Pym.js Embeds Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[pym] inc\shortcode.php:104

WordPress Hooks 8

actionrender_blockinc\amp.php:39

actiondo_shortcode_taginc\amp.php:61

actioninitinc\block.php:73

actionwp_footerinc\class-pymsrc-output.php:41

actionadmin_menuinc\info-page.php:27

actionadmin_menuinc\settings-page.php:66

actionadmin_initinc\settings-page.php:142

actionwp_footerinc\shortcode.php:136

Maintenance & Trust

Pym.js Embeds Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedMar 26, 2020

PHP min version5.3

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

Pym.js Embeds Alternatives

Shortcoder — Create Shortcodes for Anything

shortcoder

Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets

100K 2 CVEs

Advanced iFrame

advanced-iframe

Include content the way YOU like in an iframe that can hide and modify elements, does auto-height, forward parameters and does many, many more...

40K 1 unpatched

BJ Lazy Load

bj-lazy-load

Lazy loading for images and iframes makes your site load faster and saves bandwidth. Uses no external JS libraries and degrades gracefully for non-js …

20K 1 CVE

Team Members

team-members

A responsive and clean way to display your team. Create members, add their positions, bios (and more...) and copy-paste the shortcode anywhere.

20K 5 CVEs

Tabby Responsive Tabs

tabby-responsive-tabs

100

Create responsive tabs inside your posts, pages or custom post content by adding simple shortcodes inside the post editor.

10K No CVEs

Developer Profile

Pym.js Embeds Developer Profile

Automattic

213 plugins · 19.2M total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1384 days

View full developer profile

Detection Fingerprints

How We Detect Pym.js Embeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pym-shortcode/js/pym.min.js/wp-content/plugins/pym-shortcode/css/shortcode.css

Script Paths

/wp-content/plugins/pym-shortcode/js/pym.min.js

Version Parameters

pym-shortcode/js/pym.min.js?ver=pym-shortcode/css/shortcode.css?ver=

HTML / DOM Fingerprints

CSS Classes

pym

Data Attributes

data-pym-iddata-pym-src

JS Globals

pym_idPymsrc_Output

Shortcode Output

<div id="" class="pym"></div>

FAQ