Does Shadows have any unpatched vulnerabilities?

No. All known vulnerabilities in Shadows have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shadows compatible with WordPress 2.9.2?

According to WordPress.org data, Shadows 0.3.5 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is Shadows updated?

Shadows was last updated on Jan 25, 2010. Frequent updates are generally a positive security signal.

What is Shadows's security score?

Shadows has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shadows Security & Risk Analysis

wordpress.org/plugins/shadows

This is a plugin to add a range of shadow types to a range of objects. Currently supported are images, divs and blockquotes.

200 active installs v0.3.5 PHP + WP 2.5+ Updated Jan 25, 2010

shadow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Shadows Safe to Use in 2026?

Generally Safe

Score 85/100

Shadows has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The plugin "shadows" v0.3.5 demonstrates a concerning lack of security best practices despite its clean vulnerability history. While the absence of known CVEs and the use of prepared statements for SQL are positive indicators, the analysis reveals significant weaknesses. Specifically, 100% of observed output is not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis shows flows with unsanitized paths, which could lead to unintended behavior or data exposure if an attacker can influence these paths. The complete lack of nonce and capability checks across all entry points is a critical oversight, leaving the plugin vulnerable to various attacks, including CSRF and unauthorized actions, even with a seemingly small attack surface.

Key Concerns

0% output escaping
Unsanitized paths in taint flows
0 capability checks
0 nonce checks

Vulnerabilities

None known

Shadows Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Shadows Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped5 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

shadows_plugin_options (options.php:3)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Shadows Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterthe_contentshadows.php:309

actionwp_headshadows.php:310

actionadmin_menushadows.php:313

Maintenance & Trust

Shadows Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedJan 25, 2010

PHP min version

Downloads16K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Shadows Alternatives

Drop Shadow Boxes

drop-shadow-boxes

Highlight important content on your posts and pages inside a box with a drop shadow.

4K 4 CVEs

Shadowbox JS

shadowbox-js

Shadowbox is an online media vieiwing application similar to Lightbox and Thickbox but with more functionality. Supports all types of media.

2K No CVEs

Product Image Hover Effects WOOC – WPSHARE247

product-image-hover-effects-wooc-wpshare247

Add effects when hovering over product Loop woocommerce, display more photo gallery, enlarge product photo gallery Thêm hiệu ứng khi hover sản phẩm L …

900 No CVEs

Add LightBox & Title

add-lightbox-title

This plugin for WordPress automatically add the rel="lightbox[ID-OF-THE-POST]" and recovers the image title.

300 No CVEs

RoundIt plugin

roundit

With RoundIt plugin you can set special effects to your pictures that you add in pages or posts. You can make your images Round, set Round Corners, ad …

200 No CVEs

Developer Profile

Shadows Developer Profile

aradke

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Shadows

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shadows/shadow_curl.png/wp-content/plugins/shadows/shadow_flat.png/wp-content/plugins/shadows/shadow_osx.png/wp-content/plugins/shadows/shadow_osx_small.png/wp-content/plugins/shadows/shadow_osx_top.png/wp-content/plugins/shadows/shadow_osx_small_top.png/wp-content/plugins/shadows/shadow_osx_left.png/wp-content/plugins/shadows/shadow_osx_right.png+1 more

HTML / DOM Fingerprints

CSS Classes

shadow_img

Data Attributes

shadow_curlshadow_flatshadow_osxshadow_osx_small

FAQ