WP-Safety

Storyficator Security & Risk Analysis

wordpress.org/plugins/storyficator

Storyficator" is a dynamic WordPress plugin designed to enhance user engagement and storytelling on websites.

0 active installs v1.0.0 PHP 7.0+ WP 5.2+ Updated Jun 25, 2024
banner-carouselcarouselinsta-storystoriesstory-carousel
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Storyficator Safe to Use in 2026?

Generally Safe

Score 92/100

Storyficator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The static analysis of the "storyficator" v1.0.0 plugin reveals a generally positive security posture, with no dangerous functions, file operations, or external HTTP requests identified. All SQL queries utilize prepared statements, and all output is properly escaped. This indicates good coding practices in these critical areas.

However, a significant concern arises from the complete lack of nonce and capability checks across all identified entry points, which include one shortcode. While the attack surface is currently small and has no publicly known vulnerabilities, this absence of standard security measures leaves the plugin susceptible to potential Cross-Site Request Forgery (CSRF) and unauthorized action attacks if any of its functionality were to be exploited.

The vulnerability history further reinforces the lack of known issues, which is a positive sign. Nevertheless, the absence of checks, especially on the shortcode, presents a potential weakness that could be exploited by attackers. Therefore, while the plugin is currently free of known flaws and exhibits good practices in data handling, the lack of authentication and authorization checks on its entry points represents a notable security risk that should be addressed.

Key Concerns

  • Missing nonce checks on shortcode
  • Missing capability checks on shortcode
Vulnerabilities
None known

Storyficator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Storyficator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped10 total outputs
Attack Surface

Storyficator Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[storyfi_shortcode] inc\functions.php:59
WordPress Hooks 7
actiontransition_post_statusinc\functions.php:62
actioncmb2_render_post_id_fieldinc\metaboxes\metaboxes.php:12
filtercmb2_admin_initinc\metaboxes\metaboxes.php:14
actioninitinc\post-types\post-types.php:42
actionwp_enqueue_scriptsstoryficator.php:37
actionadmin_enqueue_scriptsstoryficator.php:53
actionplugins_loadedstoryficator.php:65
Maintenance & Trust

Storyficator Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedJun 25, 2024
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Storyficator Alternatives

Storify Stories Slider

Storify Stories Slider

storify-stories-slider

A
85

Short code that allows you to easily add a slider displaying the last 20 stories/liked stories of a Storify user in a horizontal or vertical slider.

10 No CVEs
Smart Slider 3

Smart Slider 3

smart-slider-3

A
91

Responsive slider plugin to create sliders in visual editor easily. Build beautiful image slider, layer slider, video slider, post slider, and more.

800K 7 CVEs
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

ml-slider

A
94

Slider, gallery, carousel plugin for WordPress. Build your image slider, video slider, post slider, YouTube slider, or WooCommerce product slider.

500K 12 CVEs
WP Shortcodes Plugin — Shortcodes Ultimate

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A
88

A comprehensive collection of visual components for your site

400K 32 CVEs
Depicter — Popup & Slider Builder

Depicter — Popup & Slider Builder

depicter

A
89

Build Stunning Slider and Popup. Exit intent Popup, Image slider carousel, video slider carousel, post slider carousel, product slider, promote popup

90K 14 CVEs
Developer Profile

Storyficator Developer Profile

Cristian Stan

2 plugins · 2K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Storyficator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/storyficator/assets/css/storyfi-frontend-custom.css/wp-content/plugins/storyficator/assets/css/flickity.min.css/wp-content/plugins/storyficator/assets/js/storyfi-custom.js/wp-content/plugins/storyficator/assets/js/flickity.pkgd.js/wp-content/plugins/storyficator/assets/css/storyfi-admin-style.css/wp-content/plugins/storyficator/assets/js/storyfi-admin.js
Script Paths
/wp-content/plugins/storyficator/assets/js/storyfi-custom.js/wp-content/plugins/storyficator/assets/js/flickity.pkgd.js/wp-content/plugins/storyficator/assets/js/storyfi-admin.js
Version Parameters
storyficator/assets/js/storyfi-admin.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes
story-bubblesstory-itemstoryfi-carousel-groupstoryfi_carousel_itemstoryfi_carousel_titlestoryfi_carousel_imgstoryfi_carousel_itemstoryfi_carousel_title+11 more
HTML Comments
||-> Function: storyfi_enqueue_admin_scripts()||-> Function: LOAD PLUGIN TEXTDOMAIN||-> Metaboxes: For CPT - [storyfi]||-> CPT - [storyfi]
Data Attributes
data-flickityid="storyfi-modal"
JS Globals
window.jQuery
Shortcode Output
[storyfi_shortcode post_name=[storyfi_shortcode post_id=
FAQ

Frequently Asked Questions about Storyficator