Does Quotes Shortcode and Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Quotes Shortcode and Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quotes Shortcode and Widget compatible with WordPress 5.9.13?

According to WordPress.org data, Quotes Shortcode and Widget 1.14 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Quotes Shortcode and Widget updated?

Quotes Shortcode and Widget was last updated on Apr 1, 2022. Frequent updates are generally a positive security signal.

What is Quotes Shortcode and Widget's security score?

Quotes Shortcode and Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quotes Shortcode and Widget Security & Risk Analysis

wordpress.org/plugins/quotes-shortcode-and-widget

Create Quotes. Nice and easy interface. Insert anywhere in your site - page/post editor, sidebars, template files.

200 active installs v1.14 PHP + WP 3.6+ Updated Apr 1, 2022

buttonquotequotesshortcodewidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Quotes Shortcode and Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Quotes Shortcode and Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "quotes-shortcode-and-widget" plugin version 1.14 presents a concerning security posture due to a significant number of unprotected entry points. All six identified AJAX handlers lack authentication checks, creating a broad attack surface that could be exploited by unauthenticated users. While there are no known historical vulnerabilities, the static analysis reveals several critical areas of concern. The presence of the `unserialize` function, coupled with three high-severity taint flows involving unsanitized paths, indicates a substantial risk of arbitrary object injection or code execution if user-supplied data is not properly validated before being unserialized.

Despite these critical issues, the plugin does demonstrate some positive security practices. All SQL queries utilize prepared statements, which is a strong defense against SQL injection. File operations and external HTTP requests are limited, and nonce checks are present on some entry points. The plugin also bundles well-known libraries like Select2 and TinyMCE, although their specific versions and potential vulnerabilities within them are not detailed here. In conclusion, while the plugin avoids historical vulnerabilities and uses prepared statements for SQL, the unprotected AJAX handlers and critical taint flows, especially involving `unserialize`, significantly outweigh these strengths, demanding immediate attention.

Key Concerns

AJAX handlers without auth checks
High severity taint flows (unsanitized paths)
Dangerous function: unserialize
Low percentage of properly escaped output
Missing capability checks on entry points

Vulnerabilities

None known

Quotes Shortcode and Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Quotes Shortcode and Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize( urldecode( $value ) );include\otw_components\otw_functions\otw_functions.php:596

Bundled Libraries

Select2TinyMCE

Output Escaping

41% escaped80 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

otw_get (include\otw_components\otw_functions\otw_functions.php:558)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Quotes Shortcode and Widget Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_otw_shortcode_editor_dialoginclude\otw_components\otw_shortcode\otw_shortcode.class.php:166

authwp_ajax_otw_shortcode_get_codeinclude\otw_components\otw_shortcode\otw_shortcode.class.php:167

authwp_ajax_otw_shortcode_live_previewinclude\otw_components\otw_shortcode\otw_shortcode.class.php:168

authwp_ajax_otw_shortcode_live_reloadinclude\otw_components\otw_shortcode\otw_shortcode.class.php:169

authwp_ajax_otw_shortcode_preview_shortcodesinclude\otw_components\otw_shortcode\otw_shortcode.class.php:170

authwp_ajax_otw_shortcode_preview_front_shortcodesinclude\otw_components\otw_shortcode\otw_shortcode.class.php:171

WordPress Hooks 17

actionadmin_menuinclude\otw_components\otw_factory\otw_factory.class.php:34

actionadmin_print_stylesinclude\otw_components\otw_factory\otw_factory.class.php:36

actionadmin_noticesinclude\otw_components\otw_factory\otw_factory.class.php:38

filterpre_set_site_transient_update_pluginsinclude\otw_components\otw_factory\otw_factory.class.php:40

filterplugins_apiinclude\otw_components\otw_factory\otw_factory.class.php:42

actionwp_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:90

actionadmin_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:94

actionadmin_footerinclude\otw_components\otw_shortcode\otw_shortcode.class.php:164

filtermce_external_pluginsinclude\otw_components\otw_shortcode\otw_shortcode.class.php:175

filtermce_buttonsinclude\otw_components\otw_shortcode\otw_shortcode.class.php:176

actionwp_footerinclude\otw_components\otw_shortcode\otw_shortcode.class.php:185

actionadmin_menuinclude\otw_qtsw_functions.php:42

actionadmin_print_stylesinclude\otw_qtsw_functions.php:44

actionadmin_enqueue_scriptsinclude\otw_qtsw_functions.php:46

filterotwfcr_noticeinclude\otw_qtsw_functions.php:48

actioninitotw_content_manager.php:72

actionwidgets_initotw_content_manager.php:73

Maintenance & Trust

Quotes Shortcode and Widget Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedApr 1, 2022

PHP min version

Downloads15K

Community Trust

Rating80/100

Number of ratings2

Active installs200

Alternatives

Quotes Shortcode and Widget Alternatives

One-liners

one-liners

Custom post type for short oneliners, including a widget and shortcode.

10 No CVEs

R12Themes Quotes

r12themes-quotes

It displays random qoutes on your sidebar or on your page depending where you want to be shown.

10 No CVEs

YITH Request a Quote for WooCommerce

yith-woocommerce-request-a-quote

The YITH Request a Quote for WooCommerce plugin lets your customers ask for an estimate of a list of products they are interested into.

10K 3 CVEs

ELEX WooCommerce Request a Quote

elex-request-a-quote

ELEX Request a Quote plugin allows your customers to add products to a quote list, fill out a form, and request a custom price.

2K 1 unpatched

Easy Random Quotes

easy-random-quotes

Insert quotes and pull them randomly into your pages and posts (via shortcodes) or your template (via template tags).

500 No CVEs

Developer Profile

Quotes Shortcode and Widget Developer Profile

OTWthemes

12 plugins · 6K total installs

trust score

Avg Security Score

66/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quotes Shortcode and Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_form/css/otw-form.css/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_form/css/otw-form-element.css/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_form/js/otw-form.js/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_shortcode/css/otw-shortcode.css/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_shortcode/css/otw-shortcode-element.css/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_shortcode/js/otw-shortcode.js/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_validator/css/otw-validator.css/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_validator/js/otw-validator.js+2 more

Script Paths

/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_form/js/otw-form.js/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_shortcode/js/otw-shortcode.js/wp-content/plugins/quotes-shortcode-and-widget/include/otw_components/otw_validator/js/otw-validator.js/wp-content/plugins/quotes-shortcode-and-widget/js/otw_qtsw_scripts.js

Version Parameters

quotes-shortcode-and-widget/css/otw_qtsw_style.css?ver=quotes-shortcode-and-widget/js/otw_qtsw_scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

otw-shortcode-wrapperotw-quote-containerotw-quote-authorotw-quote-titleotw-quote-contentotw-shortcode-elementotw-shortcode-itemotw-form-element-wrapper

HTML Comments

+4 more

Data Attributes

data-otw-shortcode-iddata-otw-shortcode-type

JS Globals

OTW_QTSWotw_shortcode

Shortcode Output

[otw_shortcode][/otw_shortcode]

FAQ

Quotes Shortcode and Widget Security & Risk Analysis

Is Quotes Shortcode and Widget Safe to Use in 2026?

Generally Safe

Key Concerns

Quotes Shortcode and Widget Security Vulnerabilities

Quotes Shortcode and Widget Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Quotes Shortcode and Widget Attack Surface

AJAX Handlers 6

Quotes Shortcode and Widget Maintenance & Trust

Maintenance Signals

Community Trust

Quotes Shortcode and Widget Alternatives

One-liners

R12Themes Quotes

YITH Request a Quote for WooCommerce

ELEX WooCommerce Request a Quote

Easy Random Quotes

Quotes Shortcode and Widget Developer Profile

How We Detect Quotes Shortcode and Widget

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Quotes Shortcode and Widget