WP-Safety

Space Boxes Security & Risk Analysis

wordpress.org/plugins/space-boxes

Generate unlimited boxes with multiple layouts and optional lightbox, solely from a Wordpress media gallery.

30 active installs v1.1.1 PHP + WP 3.5+ Updated Dec 13, 2013
content-boxesgalleriesgridinfo-boxesshortcodes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Space Boxes Safe to Use in 2026?

Generally Safe

Score 85/100

Space Boxes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "space-boxes" plugin version 1.1.1 presents a mixed security posture. On the positive side, it boasts a limited attack surface with no exposed AJAX handlers or REST API routes without authentication. The absence of known historical vulnerabilities (CVEs) and the consistent use of prepared statements for SQL queries are strong indicators of good development practices in these areas. Furthermore, the lack of file operations and external HTTP requests reduces potential attack vectors. However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a notable red flag, as it can be a vector for code injection if not handled with extreme care. Additionally, a substantial portion of output (76%) is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the presence of shortcodes which are often used to display user-generated or dynamically generated content. The complete absence of nonce checks and capability checks on the identified entry points further exacerbates the XSS risk, allowing unauthenticated users to potentially trigger script execution.

Key Concerns

  • Dangerous function usage (create_function)
  • Insufficient output escaping (24% properly escaped)
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
Vulnerabilities
None known

Space Boxes Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Space Boxes Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
25
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');inc\class.settings-api.php:113

Bundled Libraries

Select2

Output Escaping

24% escaped33 total outputs
Attack Surface

Space Boxes Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[spaceboxes] inc\shortcode.php:22
[spaceboxes_archive] inc\shortcode.php:23
WordPress Hooks 14
actionadmin_enqueue_scriptsinc\class.settings-api.php:35
filtermanage_spaceboxes_posts_columnsinc\columns.php:6
actionmanage_spaceboxes_posts_custom_columninc\columns.php:7
filterattachment_fields_to_editinc\galleryfield.php:6
filterattachment_fields_to_saveinc\galleryfield.php:7
actionadmin_initinc\settings.php:25
actionadmin_menuinc\settings.php:26
actioninitinc\shortcode.php:20
actionwp_enqueue_scriptsinc\shortcode.php:21
filtercmb_meta_boxesinc\spacebox-meta.php:13
actioninitinc\type.php:20
actioninitinc\type.php:21
actioninitspaceboxes.php:26
actioninitspaceboxes.php:27
Maintenance & Trust

Space Boxes Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedDec 13, 2013
PHP min version
Downloads18K

Community Trust

Rating100/100
Number of ratings7
Active installs30
Alternatives

Space Boxes Alternatives

Elements For Elementor

Elements For Elementor

nd-elements

A
90

The plugin adds some useful elements to the Elementor Page Builder Plugin. All components are full responsive and retina ready.

10K 2 CVEs
Bootstrap Shortcodes

Bootstrap Shortcodes

bootstrap-shortcodes

B
79

Wordpress plugin to add shortcodes for Twitter Bootstrap 3.3

5K 1 unpatched
Grid Shortcodes

Grid Shortcodes

grid-shortcodes

A
100

A responsive and easy-to-use tool for dividing your content in your posts/pages. This ultra-lightweight plugin allows you to put your content in colum …

2K 1 CVE
Font Awesome Box Shortcode

Font Awesome Box Shortcode

fa-box-shortcode

A
85

The Font Awesome box shortcode plugin adds slim information box style shortcodes to your WordPress site which support displaying any of the Font Aweso …

70 No CVEs
TW Shortcodes

TW Shortcodes

tw-shortcodes

A
85

TW Shortcodes enables you to easily add "flat design" buttons, icons, pricing tables and more without modifying CSS, HTML or PHP.

10 No CVEs
Developer Profile

Space Boxes Developer Profile

Nick Haskins

4 plugins · 280 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Space Boxes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/space-boxes/inc/css/spacebox-admin.css/wp-content/plugins/space-boxes/inc/css/spacebox-frontend.css/wp-content/plugins/space-boxes/inc/js/spacebox-admin.js/wp-content/plugins/space-boxes/inc/js/spacebox-frontend.js
Version Parameters
space-boxes/inc/css/spacebox-admin.css?ver=space-boxes/inc/css/spacebox-frontend.css?ver=space-boxes/inc/js/spacebox-admin.js?ver=space-boxes/inc/js/spacebox-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
spacebox-galleryspacebox-wrapspacebox-itemspacebox-caption
Data Attributes
data-spacebox-id
JS Globals
spacebox_frontend_params
Shortcode Output
[spacebox-gallery]
FAQ

Frequently Asked Questions about Space Boxes