Does Rescue Shortcodes have any unpatched vulnerabilities?

No. All known vulnerabilities in Rescue Shortcodes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rescue Shortcodes compatible with WordPress 6.8.5?

According to WordPress.org data, Rescue Shortcodes 3.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Rescue Shortcodes updated?

Rescue Shortcodes was last updated on Dec 19, 2025. Frequent updates are generally a positive security signal.

What is Rescue Shortcodes's security score?

Rescue Shortcodes has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rescue Shortcodes Security & Risk Analysis

wordpress.org/plugins/rescue-shortcodes

A lightweight WordPress shortcodes plugin.

1K active installs v3.4 PHP + WP 4.0+ Updated Dec 19, 2025

animationsbuttonscolumnsshortcodestabs

A · Safe

CVEs total4

Unpatched0

Last CVEApr 16, 2025

Plugin page Download

Safety Verdict

Is Rescue Shortcodes Safe to Use in 2026?

Generally Safe

Score 96/100

Rescue Shortcodes has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 16, 2025Updated 3mo ago

Risk Assessment

The plugin "rescue-shortcodes" v3.4 exhibits a generally good security posture in its static code analysis, with no critical or high-severity vulnerabilities found in taint analysis, no dangerous functions, and robust handling of SQL queries and output escaping. The attack surface, while consisting of 14 shortcodes, has no identified unprotected entry points from the static analysis perspective.

However, the plugin's vulnerability history is a significant concern. The presence of 4 known medium-severity CVEs, all of which were Cross-site Scripting (XSS) vulnerabilities, indicates a recurring pattern of insecure input handling. While the most recent vulnerability was patched in April 2025, this history suggests that even with good static analysis practices, past issues point to potential weaknesses that could re-emerge or be introduced in future updates if not meticulously addressed.

In conclusion, while the current version's static analysis is promising, the historical pattern of XSS vulnerabilities necessitates a cautious approach. Users should remain vigilant and ensure timely updates, as past trends suggest a susceptibility to input manipulation. The lack of detected unescaped output or unprotected entry points in the static analysis is a strength, but it is overshadowed by the historical context of security flaws.

Key Concerns

Recurring medium-severity XSS vulnerabilities
Lack of nonce checks
Lack of capability checks

Vulnerabilities

Rescue Shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-39528medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rescue Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2025 Patched in 3.3 (178d)

CVE-2024-11199medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rescue Shortcodes <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rescue_progressbar Shortcode

Nov 22, 2024 Patched in 3.0 (1d)

CVE-2024-9696medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rescue Shortcodes <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 11, 2024 Patched in 2.9 (1d)

CVE-2023-41728medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2023 Patched in 2.6 (242d)

Code Analysis

Analyzed Mar 16, 2026

Rescue Shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

94 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped96 total outputs

Attack Surface

Rescue Shortcodes Attack Surface

Entry Points14

Unprotected0

Shortcodes 14

[rescue_clear_floats] includes\shortcode-functions.php:31

[rescue_spacing] includes\shortcode-functions.php:49

[rescue_highlight] includes\shortcode-functions.php:72

[rescue_button] includes\shortcode-functions.php:145

[rescue_box] includes\shortcode-functions.php:189

[rescue_column] includes\shortcode-functions.php:213

[rescue_toggle] includes\shortcode-functions.php:237

[rescue_tabgroup] includes\shortcode-functions.php:278

[rescue_tab] includes\shortcode-functions.php:297

[rescue_donation_tabgroup] includes\shortcode-functions.php:339

[rescue_donation_tab] includes\shortcode-functions.php:358

[rescue_progressbar] includes\shortcode-functions.php:397

[icon] includes\shortcode-functions.php:441

[rescue_animate] includes\shortcode-functions.php:521

WordPress Hooks 7

actionwp_enqueue_scriptsincludes\scripts.php:30

actionadmin_enqueue_scriptsincludes\scripts.php:36

filterwidget_textincludes\shortcode-functions.php:6

filterthe_contentincludes\shortcode-functions.php:21

actionmedia_buttonsincludes\shortcodes-button.php:5

actionadmin_footerincludes\shortcodes-button.php:29

actionplugins_loadedrescue-shortcodes.php:50

Maintenance & Trust

Rescue Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 19, 2025

PHP min version

Downloads66K

Community Trust

Rating100/100

Number of ratings2

Active installs1K

Alternatives

Rescue Shortcodes Alternatives

PixCodes

pixcodes

PixCodes offers you a nice interface to add shortcodes into editor.

8K 1 CVE

Arconix Shortcodes

arconix-shortcodes

Arconix Shortcodes provides a number of useful design elements like buttons, boxes, tabs and toggles to help compliment any website.

4K 1 unpatched

Shortcode Revolution

shortcode-revolution

Shortcode everything. The low code / no code tool for WordPress developers, designers, and power users. /*** This program is free software: you can …

20 No CVEs

Kalimah Shortcodes

kalimah-shortcodes

A premium shortcodes plugin with 40 amazingly designed shortcodes for free!

10 No CVEs

Tipi Components

tipi-components

Tipi Components is a lightweight plugin to add some handy extra tools to your site.

10 No CVEs

Developer Profile

Rescue Shortcodes Developer Profile

Rescue Themes

5 plugins · 2K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

106 days

View full developer profile

Detection Fingerprints

How We Detect Rescue Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rescue-shortcodes/css/animate.min.css/wp-content/plugins/rescue-shortcodes/fonts/font-awesome.min.css/wp-content/plugins/rescue-shortcodes/css/rescue_shortcodes_styles.css/wp-content/plugins/rescue-shortcodes/js/wow.min.js/wp-content/plugins/rescue-shortcodes/js/rescue_wow.js/wp-content/plugins/rescue-shortcodes/js/rescue_tabs.js/wp-content/plugins/rescue-shortcodes/js/rescue_donation_tabs.js/wp-content/plugins/rescue-shortcodes/js/rescue_toggle.js+5 more

Script Paths

wp_enqueue_script( 'jquery' )wp_register_script('rescue_wow', plugin_dir_url( __FILE__ ) . 'js/wow.min.js'wp_register_script('rescue_wow_init', plugin_dir_url( __FILE__ ) . 'js/rescue_wow.js'wp_register_script('rescue_tabs', plugin_dir_url( __FILE__ ) . 'js/rescue_tabs.js'wp_register_script('rescue_donation_tabs', plugin_dir_url( __FILE__ ) . 'js/rescue_donation_tabs.js'wp_register_script('rescue_toggle', plugin_dir_url( __FILE__ ) . 'js/rescue_toggle.js'+5 more

Version Parameters

rescue-shortcodes/css/animate.min.css?ver=rescue-shortcodes/fonts/font-awesome.min.css?ver=rescue-shortcodes/css/rescue_shortcodes_styles.css?ver=rescue-shortcodes/js/wow.min.js?ver=rescue-shortcodes/js/rescue_wow.js?ver=rescue-shortcodes/js/rescue_tabs.js?ver=rescue-shortcodes/js/rescue_donation_tabs.js?ver=rescue-shortcodes/js/rescue_toggle.js?ver=rescue-shortcodes/js/rescue_accordion.js?ver=rescue-shortcodes/js/rescue_googlemap.js?ver=rescue-shortcodes/js/rescue_progressbar.js?ver=rescue-shortcodes/js/waypoints.min.js?ver=rescue-shortcodes/js/shortcode-buttons.js?ver=

HTML / DOM Fingerprints

CSS Classes

rescue-clear-floatsrescue-spacingrescue-highlightrescue-highlight-rescue-rescue-buttonrescue-social-iconrescue-social-icon-wrap+13 more

Data Attributes

data-hoverdelaydata-targetdata-tabdata-parentdata-icon

JS Globals

wowrescue_tabsrescue_donation_tabsrescue_togglerescue_accordionrescue_googlemap+3 more

Shortcode Output

<div class="rescue-clear-floats"></div><hr class="rescue-spacing<span class="rescue-highlight<a class="rescue-button

FAQ