Does Shortcake (Shortcode UI) have any unpatched vulnerabilities?

No. All known vulnerabilities in Shortcake (Shortcode UI) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shortcake (Shortcode UI) compatible with WordPress 5.0.25?

According to WordPress.org data, Shortcake (Shortcode UI) 0.7.4 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is Shortcake (Shortcode UI) updated?

Shortcake (Shortcode UI) was last updated on Jan 16, 2019. Frequent updates are generally a positive security signal.

What is Shortcake (Shortcode UI)'s security score?

Shortcake (Shortcode UI) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shortcake (Shortcode UI) Security & Risk Analysis

wordpress.org/plugins/shortcode-ui

Shortcake makes using WordPress shortcodes a piece of cake.

10K active installs v0.7.4 PHP + WP 4.5+ Updated Jan 16, 2019

shortcodes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Shortcake (Shortcode UI) Safe to Use in 2026?

Generally Safe

Score 85/100

Shortcake (Shortcode UI) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The 'shortcode-ui' plugin v0.7.4 exhibits a generally good security posture, with no known vulnerabilities or critical taint flows. The code analysis reveals a strong adherence to secure coding practices, such as the exclusive use of prepared statements for SQL queries and a high percentage of properly escaped output. Furthermore, the absence of file operations and external HTTP requests minimizes potential attack vectors. The plugin also incorporates nonces and capability checks for most of its entry points, which is a positive indicator of security awareness.

However, a primary concern is the presence of one AJAX handler that lacks authentication checks. This unprotected entry point could be a potential avenue for attackers to exploit if it performs sensitive actions or reveals information. While the taint analysis shows no immediate risks, the single unprotected AJAX handler represents a tangible security gap. The plugin's history of no recorded vulnerabilities is a positive sign, suggesting the developers are proactive or have historically maintained a secure codebase. Overall, 'shortcode-ui' v0.7.4 is relatively secure, but the unprotected AJAX handler warrants attention for improvement.

Key Concerns

AJAX handler without auth check

Vulnerabilities

None known

Shortcake (Shortcode UI) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Shortcake (Shortcode UI) Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

78% escaped27 total outputs

Attack Surface

1 unprotected

Shortcake (Shortcode UI) Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_bulk_do_shortcodeinc\class-shortcode-ui.php:80

authwp_ajax_shortcode_ui_post_fieldinc\fields\class-shortcode-ui-field-post-select.php:34

authwp_ajax_shortcode_ui_term_fieldinc\fields\class-shortcode-ui-field-term-select.php:36

authwp_ajax_shortcode_ui_user_fieldinc\fields\class-shortcode-ui-field-user-select.php:39

authwp_ajax_shortcode_ui_user_field_preselectinc\fields\class-shortcode-ui-field-user-select.php:40

WordPress Hooks 29

actionadmin_noticesinc\class-shortcode-ui.php:76

actionadmin_enqueue_scriptsinc\class-shortcode-ui.php:77

actionwp_enqueue_editorinc\class-shortcode-ui.php:78

actionmedia_buttonsinc\class-shortcode-ui.php:79

filterwp_editor_settingsinc\class-shortcode-ui.php:81

actionadmin_print_footer_scriptsinc\class-shortcode-ui.php:333

filtershortcode_ui_fieldsinc\fields\class-shortcode-ui-field-attachment.php:56

actionenqueue_shortcode_uiinc\fields\class-shortcode-ui-field-attachment.php:57

actionshortcode_ui_loaded_editorinc\fields\class-shortcode-ui-field-attachment.php:58

actionadmin_print_footer_scriptsinc\fields\class-shortcode-ui-field-attachment.php:91

filtershortcode_ui_fieldsinc\fields\class-shortcode-ui-field-color.php:56

actionshortcode_ui_loaded_editorinc\fields\class-shortcode-ui-field-color.php:57

actionadmin_print_footer_scriptsinc\fields\class-shortcode-ui-field-color.php:109

filtershortcode_ui_fieldsinc\fields\class-shortcode-ui-field-post-select.php:32

actionenqueue_shortcode_uiinc\fields\class-shortcode-ui-field-post-select.php:33

actionshortcode_ui_loaded_editorinc\fields\class-shortcode-ui-field-post-select.php:35

actionadmin_print_footer_scriptsinc\fields\class-shortcode-ui-field-post-select.php:60

filtershortcode_ui_fieldsinc\fields\class-shortcode-ui-field-term-select.php:34

actionenqueue_shortcode_uiinc\fields\class-shortcode-ui-field-term-select.php:35

actionshortcode_ui_loaded_editorinc\fields\class-shortcode-ui-field-term-select.php:37

actionadmin_print_footer_scriptsinc\fields\class-shortcode-ui-field-term-select.php:69

filtershortcode_ui_fieldsinc\fields\class-shortcode-ui-field-user-select.php:37

actionenqueue_shortcode_uiinc\fields\class-shortcode-ui-field-user-select.php:38

actionshortcode_ui_loaded_editorinc\fields\class-shortcode-ui-field-user-select.php:41

actionadmin_print_footer_scriptsinc\fields\class-shortcode-ui-field-user-select.php:75

actioninitinc\fields\class-shortcode-ui-fields.php:84

actionenqueue_shortcode_uiinc\fields\class-shortcode-ui-fields.php:85

actioninitshortcode-ui.php:32

actioninitshortcode-ui.php:34

Maintenance & Trust

Shortcake (Shortcode UI) Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedJan 16, 2019

PHP min version

Downloads414K

Community Trust

Rating82/100

Number of ratings24

Active installs10K

Alternatives

Shortcake (Shortcode UI) Alternatives

Column Shortcodes

column-shortcodes

Adds shortcodes to easily create columns in your posts or pages.

60K No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Futurio Extra

futurio-extra

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs

ND Shortcodes

nd-shortcodes

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …

20K 5 CVEs

Contact Form 7 Shortcode Enabler

contact-form-7-shortcode-enabler

This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.

10K No CVEs

Developer Profile

Shortcake (Shortcode UI) Developer Profile

Daniel Bachhuber

9 plugins · 51K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Shortcake (Shortcode UI)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shortcode-ui/shortcode-ui.css/wp-content/plugins/shortcode-ui/shortcode-ui.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-fields.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-attachment.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-color.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-post-select.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-term-select.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-user-select.js

Script Paths

/wp-content/plugins/shortcode-ui/shortcode-ui.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-fields.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-attachment.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-color.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-post-select.js/wp-content/plugins/shortcode-ui/inc/fields/shortcode-ui-field-term-select.js+1 more

Version Parameters

shortcode-ui.css?ver=shortcode-ui.js?ver=

HTML / DOM Fingerprints

CSS Classes

shortcode-ui-modalshortcode-ui-modal-contentshortcode-ui-modal-headershortcode-ui-modal-titleshortcode-ui-modal-closeshortcode-ui-modal-bodyshortcode-ui-modal-footershortcode-ui-fields-group+16 more

HTML Comments

<!DOCTYPE html>+7 more

Data Attributes

data-shortcode-ui-modaldata-shortcode-ui-field-typedata-shortcode-ui-field-namedata-shortcode-ui-field-labeldata-shortcode-ui-field-valuedata-shortcode-ui-field-required+9 more

JS Globals

Shortcode_UIShortcodeUIFieldsshortcode_ui_args

FAQ