Does Shapely Companion have any unpatched vulnerabilities?

No. All known vulnerabilities in Shapely Companion have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shapely Companion compatible with WordPress 6.8.5?

According to WordPress.org data, Shapely Companion 1.2.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Shapely Companion updated?

Shapely Companion was last updated on Apr 30, 2025. Frequent updates are generally a positive security signal.

What is Shapely Companion's security score?

Shapely Companion has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shapely Companion Security & Risk Analysis

wordpress.org/plugins/shapely-companion

Shapely Companion is a companion plugin for Shapely WordPress theme by Colorlib.com.

10K active installs v1.2.10 PHP + WP 6.4+ Updated Apr 30, 2025

companiondemoone-pagewidgetswoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEMay 24, 2022

Plugin page Download

Safety Verdict

Is Shapely Companion Safe to Use in 2026?

Generally Safe

Score 100/100

Shapely Companion has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 24, 2022Updated 11mo ago

Risk Assessment

The shapely-companion plugin v1.2.10 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, a significant concern lies in its attack surface. With 5 AJAX handlers, 4 of which lack authentication checks, there's a substantial risk of unauthorized actions being performed by unauthenticated users.

The static analysis shows no critical or high-severity taint flows, and SQL queries are well-protected. However, the presence of 2 nonce checks and 3 capability checks, out of 5 total entry points, indicates a partial implementation of security measures. The vulnerability history shows one past medium-severity vulnerability related to missing authorization, and although none are currently unpatched, this pattern suggests a recurring weakness.

In conclusion, the plugin has strengths in its data handling and output sanitization. Nevertheless, the high number of unprotected AJAX handlers represents a significant security hole that attackers could exploit. The historical pattern of missing authorization vulnerabilities further reinforces this concern, warranting careful attention and remediation.

Key Concerns

Unprotected AJAX handlers
Past medium severity vulnerability (missing authorization)
Limited nonce checks for AJAX

Vulnerabilities

Shapely Companion Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-db8bebe2-c50c-4148-b232-04bcd808745e-shapely-companionmedium · 6.3Missing Authorization

Shapely Companion <= 1.2.6 - Unprotected AJAX Action to Content Import

May 24, 2022 Patched in 1.2.7 (609d)

Code Analysis

Analyzed Mar 16, 2026

Shapely Companion Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

120

775 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped895 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

start_el (inc\class-shapely-walker-nav-menu-edit.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Shapely Companion Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 5

authwp_ajax_shapely_companion_import_contentinc\shapely-demo-content.php:66

authwp_ajax_shapely_get_attachment_imageinc\shapely-helper.php:32

noprivwp_ajax_shapely_get_attachment_imageinc\shapely-helper.php:33

authwp_ajax_shapely_get_attachment_mediainc\shapely-helper.php:46

noprivwp_ajax_shapely_get_attachment_mediainc\shapely-helper.php:47

WordPress Hooks 29

actionwp_dashboard_setupinc\epsilon-dashboard\class-epsilon-dashboard.php:72

actionwp_network_dashboard_setupinc\epsilon-dashboard\class-epsilon-dashboard.php:73

actionadmin_enqueue_scriptsinc\shapely-enqueues.php:6

actioncustomize_preview_initinc\shapely-enqueues.php:34

filterkses_allowed_protocolsinc\shapely-helper.php:13

filteruser_contactmethodsinc\shapely-helper.php:30

actionload-post.phpinc\shapely-metabox.php:6

actionload-post-new.phpinc\shapely-metabox.php:7

actionadd_meta_boxesinc\shapely-metabox.php:13

actionsave_postinc\shapely-metabox.php:16

filterwp_edit_nav_menu_walkerinc\shapely-navmenu.php:7

actionadmin_head-nav-menus.phpinc\shapely-navmenu.php:17

actionwp_update_nav_menu_iteminc\shapely-navmenu.php:77

actionwidgets_initinc\shapely-widgets.php:10

actionadmin_initinc\widgets\class-shapely-categories.php:13

actioncustomize_controls_enqueue_scriptsinc\widgets\class-shapely-categories.php:14

actioncustomize_preview_initinc\widgets\class-shapely-categories.php:15

actionadmin_initinc\widgets\class-shapely-home-contact.php:12

actioncustomize_controls_enqueue_scriptsinc\widgets\class-shapely-home-contact.php:13

actioncustomize_preview_initinc\widgets\class-shapely-home-contact.php:14

actionadmin_initinc\widgets\class-shapely-home-parallax.php:12

actioncustomize_controls_enqueue_scriptsinc\widgets\class-shapely-home-parallax.php:13

actioncustomize_preview_initinc\widgets\class-shapely-home-parallax.php:14

actioncustomize_controls_enqueue_scriptsinc\widgets\class-shapely-video.php:11

actioncustomize_preview_initinc\widgets\class-shapely-video.php:12

actionafter_setup_themeshapely-companion.php:35

actionwp_dashboard_setupshapely-companion.php:65

actionadmin_noticesshapely-companion.php:101

actioninitshapely-companion.php:111

Maintenance & Trust

Shapely Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 30, 2025

PHP min version

Downloads711K

Community Trust

Rating40/100

Number of ratings2

Active installs10K

Alternatives

Shapely Companion Alternatives

Blesk Companion

blesk-companion

Blesk Companion is a companion plugin for Blesk WordPress theme by Colorlib.com.

10 No CVEs

Mosh Companion

mosh-companion

Mosh Companion is a companion plugin for Companion WordPress theme by Colorlib.com.

10 No CVEs

Fashe Companion

fashe-companion

Fashe Companion is a companion plugin for Fashe WordPress theme by Colorlib.com.

0 No CVEs

Beni Demo

beni-demo

Beni demo is a companion plugin for MobeenRaheem's themes.

10 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Developer Profile

Shapely Companion Developer Profile

colorlibplugins

11 plugins · 420K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

747 days

View full developer profile

Detection Fingerprints

How We Detect Shapely Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shapely-companion/assets/css/admin.css/wp-content/plugins/shapely-companion/assets/js/admin.js/wp-content/plugins/shapely-companion/assets/js/vendor/jquery-cloneya.min.js/wp-content/plugins/shapely-companion/assets/js/widget.js/wp-content/plugins/shapely-companion/assets/js/nav-menu.js/wp-content/plugins/shapely-companion/assets/js/previewer.js

Script Paths

/wp-content/plugins/shapely-companion/assets/js/admin.js/wp-content/plugins/shapely-companion/assets/js/vendor/jquery-cloneya.min.js/wp-content/plugins/shapely-companion/assets/js/widget.js/wp-content/plugins/shapely-companion/assets/js/nav-menu.js/wp-content/plugins/shapely-companion/assets/js/previewer.js

Version Parameters

shapely-companion/assets/css/admin.css?ver=shapely-companion/assets/js/admin.js?ver=shapely-companion/assets/js/vendor/jquery-cloneya.min.js?ver=shapely-companion/assets/js/widget.js?ver=shapely-companion/assets/js/nav-menu.js?ver=shapely-companion/assets/js/previewer.js?ver=

HTML / DOM Fingerprints

CSS Classes

shapely-cats

JS Globals

shapelyCompanion

FAQ

Shapely Companion Security & Risk Analysis

Is Shapely Companion Safe to Use in 2026?

Generally Safe

Key Concerns

Shapely Companion Security Vulnerabilities

CVEs by Year

Severity Breakdown

Shapely Companion Code Analysis

Output Escaping

Data Flow Analysis

Shapely Companion Attack Surface

AJAX Handlers 5

Shapely Companion Maintenance & Trust

Maintenance Signals

Community Trust

Shapely Companion Alternatives

Blesk Companion

Mosh Companion

Fashe Companion

Beni Demo

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Shapely Companion Developer Profile

How We Detect Shapely Companion

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Shapely Companion