WP-Safety

Shortcode Revolution Security & Risk Analysis

wordpress.org/plugins/shortcode-revolution

Shortcode everything. The low code / no code tool for WordPress developers, designers, and power users. /*** This program is free software: you can …

20 active installs v0.4.3 PHP 7.4+ WP 4.2+ Updated Apr 12, 2023
buttonscarouselshortcodestablestabs
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Shortcode Revolution Safe to Use in 2026?

Generally Safe

Score 85/100

Shortcode Revolution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The shortcode-revolution plugin v0.4.3 presents a mixed security posture. While it demonstrates good practices in SQL query sanitization and output escaping, significant concerns arise from its attack surface. Two AJAX handlers lack authentication checks, creating a potential entry point for unauthorized actions. The presence of the `unserialize` function is a notable risk, as it can lead to deserialization vulnerabilities if user-supplied data is not rigorously sanitized before being passed to it. The taint analysis, though limited in scope, revealed one flow with unsanitized paths, which warrants attention despite not being classified as critical or high. The plugin's clean vulnerability history is a positive indicator, suggesting a generally stable codebase or active maintenance. However, the lack of past vulnerabilities does not negate the inherent risks identified in the static analysis, particularly the unprotected AJAX endpoints and the use of `unserialize`.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Flow with unsanitized paths (taint analysis)
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

Shortcode Revolution Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Shortcode Revolution Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
11 prepared
Unescaped Output
61
233 escaped
Nonce Checks
3
Capability Checks
2
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializeif(@unserialize($val[0]) !== false) $val[0] = unserialize($val[0]);controllers\data.php:46
unserializeif(@unserialize($val[0]) !== false) $val[0] = unserialize($val[0]);controllers\data.php:46

SQL Query Safety

92% prepared12 total queries

Output Escaping

79% escaped294 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
manage (controllers\custom.php:7)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Shortcode Revolution Attack Surface

Entry Points16
Unprotected2

AJAX Handlers 2

authwp_ajax_srevo_ajaxshortcode-revolution.php:44
noprivwp_ajax_srevo_ajaxshortcode-revolution.php:45

Shortcodes 14

[srevo-related-posts] models\main.php:40
[srevo-posts] models\main.php:41
[srevo-comments] models\main.php:42
[srevo-modal] models\main.php:45
[srevo-columns] models\main.php:48
[srevo-grid] models\main.php:49
[srevo-grid-item] models\main.php:50
[srevo-tabs] models\main.php:53
[srevo-tab] models\main.php:54
[srevo-button] models\main.php:57
[srevo-table] models\main.php:60
[srevo-flashcard] models\main.php:63
[srevo-profile] models\main.php:66
[srevo-shortcode] models\main.php:69
WordPress Hooks 5
actiontemplate_redirectmodels\main.php:36
actioninitshortcode-revolution.php:34
actionadmin_menushortcode-revolution.php:37
actionadmin_enqueue_scriptsshortcode-revolution.php:38
actionwp_enqueue_scriptsshortcode-revolution.php:41
Maintenance & Trust

Shortcode Revolution Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedApr 12, 2023
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Shortcode Revolution Alternatives

Arconix Shortcodes

Arconix Shortcodes

arconix-shortcodes

B
72

Arconix Shortcodes provides a number of useful design elements like buttons, boxes, tabs and toggles to help compliment any website.

4K 1 unpatched
Rescue Shortcodes

Rescue Shortcodes

rescue-shortcodes

A
96

A lightweight WordPress shortcodes plugin.

1K 4 CVEs
Meks Flexible Shortcodes

Meks Flexible Shortcodes

meks-flexible-shortcodes

A
97

Add some cool elements to your post/page content with flexible shortcodes.

10K 3 CVEs
WP Shortcode by MyThemeShop

WP Shortcode by MyThemeShop

wp-shortcode

A
85

WP Shortcode is a premium WP plugin for free, that provides easy to use over 24 shortcodes. You can easily add buttons, alerts, videos and more.

10K 1 CVE
PixCodes

PixCodes

pixcodes

A
85

PixCodes offers you a nice interface to add shortcodes into editor.

8K 1 CVE
Developer Profile

Shortcode Revolution Developer Profile

Bob

9 plugins · 5K total installs

66
trust score
Avg Security Score
81/100
Avg Patch Time
725 days
View full developer profile
Detection Fingerprints

How We Detect Shortcode Revolution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shortcode-revolution/lib/jquery.flip.min.js
Script Paths
/wp-content/plugins/shortcode-revolution/lib/jquery.flip.min.js

HTML / DOM Fingerprints

CSS Classes
srevo-flashcardsrevo-flashcard-frontsrevo-flashcard-back
HTML Comments
split
Data Attributes
data-srevo-columnsdata-srevo-column-gapdata-srevo-column-wrap
JS Globals
srevo_ajax_url
Shortcode Output
[srevo-modal[/srevo-modal][srevo-tabs[/srevo-tabs]
FAQ

Frequently Asked Questions about Shortcode Revolution