Does Shortcode Lister have any unpatched vulnerabilities?

No. All known vulnerabilities in Shortcode Lister have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shortcode Lister compatible with WordPress 6.2.9?

According to WordPress.org data, Shortcode Lister 2.1.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is Shortcode Lister updated?

Shortcode Lister was last updated on May 3, 2023. Frequent updates are generally a positive security signal.

What is Shortcode Lister's security score?

Shortcode Lister has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shortcode Lister Security & Risk Analysis

wordpress.org/plugins/shortcode-lister

A plugin to display a drop down list of all the shortcodes available for use above the editor.

100 active installs v2.1.1 PHP + WP 2.7.0+ Updated May 3, 2023

listshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Shortcode Lister Safe to Use in 2026?

Generally Safe

Score 85/100

Shortcode Lister has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The shortcode-lister plugin, version 2.1.1, presents an excellent security posture based on the provided static analysis and vulnerability history. The absence of any dangerous functions, SQL queries not using prepared statements, and all output being properly escaped indicates strong adherence to secure coding practices. Furthermore, the plugin has no recorded vulnerabilities, CVEs, or even past security issues, which suggests a history of diligent maintenance and security awareness from its developers.

The static analysis reveals a negligible attack surface with zero entry points identified as unprotected. This is a significant strength, as it minimizes the potential for attackers to interact with the plugin in unintended ways. The lack of file operations and external HTTP requests further reduces the plugin's exposure to common attack vectors. The absence of taint flows with unsanitized paths is also a very positive sign, indicating that the plugin is likely not susceptible to injection-based vulnerabilities.

Overall, this plugin appears to be very secure. Its strengths lie in its minimal attack surface, robust code sanitization, and a clean vulnerability history. The only minor observation is the absence of explicit capability checks and nonce checks, which, given the zero attack surface, are not currently an immediate concern. However, as the plugin evolves or its functionality expands, these checks might become more relevant to maintain the highest level of security.

Key Concerns

No explicit capability checks observed
No explicit nonce checks observed

Vulnerabilities

None known

Shortcode Lister Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Shortcode Lister Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped12 total outputs

Attack Surface

Shortcode Lister Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionmedia_buttonsincludes\get-shortcodes.php:11

actionadmin_enqueue_scriptsincludes\scripts-styles.php:11

actionadmin_menuincludes\shortcode-lister-settings.php:19

actionshortcode_lister_settings_tabincludes\shortcode-lister-settings.php:53

actionshortcode_lister_settings_contentincludes\shortcode-lister-settings.php:66

actionadmin_initincludes\shortcode-lister-settings.php:107

actionplugins_loadedshortcode-lister.php:27

Maintenance & Trust

Shortcode Lister Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMay 3, 2023

PHP min version

Downloads8K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Shortcode Lister Alternatives

WP Shortcode by MyThemeShop

wp-shortcode

WP Shortcode is a premium WP plugin for free, that provides easy to use over 24 shortcodes. You can easily add buttons, alerts, videos and more.

10K 1 CVE

List Pages Shortcode

list-pages-shortcode

Introduces the [list-pages], [sibling-pages] and [child-pages] shortcodes for easily displaying a list of pages within a post or page.

5K 1 CVE

Etsy Shop

etsy-shop

Plugin that allow you to insert Etsy Shop sections in pages or posts using the bracket/shortcode method.

4K 3 CVEs

W4 Post List

w4-post-list

W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.

3K 5 CVEs

Post Content Shortcodes

post-content-shortcodes

Adds shortcodes to display the content of a post or a list of posts.

2K No CVEs

Developer Profile

Shortcode Lister Developer Profile

AMP-MODE

15 plugins · 13K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Shortcode Lister

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shortcode-lister/includes/js/shortcode-lister.js

Script Paths