Suffusion Shortcodes Security & Risk Analysis
wordpress.org/plugins/suffusion-shortcodesThe Suffusion theme used to be armed with a bunch of shortcodes prior to version 4.4.8.
Is Suffusion Shortcodes Safe to Use in 2026?
Generally Safe
Score 85/100Suffusion Shortcodes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "suffusion-shortcodes" plugin v1.05 exhibits a mixed security posture. While the absence of known CVEs and a clean taint analysis are positive indicators, several code analysis findings raise concerns. The fact that 50% of output is not properly escaped presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the 16 shortcodes that can serve as entry points for user-supplied data. Furthermore, the complete lack of nonce checks and capability checks across all identified entry points, including shortcodes, means that any user, regardless of their role or authentication status, could potentially trigger shortcode functionality. This lack of authorization and validation is a major weakness.
Key Concerns
- 50% of output unescaped
- No nonce checks on entry points
- No capability checks on entry points
Suffusion Shortcodes Security Vulnerabilities
Suffusion Shortcodes Release Timeline
Suffusion Shortcodes Code Analysis
Output Escaping
Suffusion Shortcodes Attack Surface
Shortcodes 16
WordPress Hooks 6
Maintenance & Trust
Suffusion Shortcodes Maintenance & Trust
Maintenance Signals
Community Trust
Suffusion Shortcodes Alternatives
Column Shortcodes
column-shortcodes
Adds shortcodes to easily create columns in your posts or pages.
Apollo13 Framework Extensions
apollo13-framework-extensions
Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.
Futurio Extra
futurio-extra
Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.
ND Shortcodes
nd-shortcodes
The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …
Contact Form 7 Shortcode Enabler
contact-form-7-shortcode-enabler
This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.
Suffusion Shortcodes Developer Profile
5 plugins · 10K total installs
How We Detect Suffusion Shortcodes
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/suffusion-shortcodes/include/css/admin.csssuffusion-shortcodes/include/css/admin.css?ver=http://fonts.googleapis.com/css?family=Dosis?ver=HTML / DOM Fingerprints
suf-ip-wrappersip-return-messagesuf-widgetsuf-widget-1csuf-widget-2csuf-widget-3csuf-widget-4csuf-widget-5c<!-- widget start --><!-- widget end -->name="suffusion_shortcode_options[enable_audio_shortcode]"name="suffusion_shortcode_options[adhoc_wareas]"name="suffusion_shortcode_options[adhoc_column_counts][value="suffusion_shortcode_options[suffusion-categories][suffusion-the-year][suffusion-site-link][suffusion-the-author]