Does Uix Shortcodes have any unpatched vulnerabilities?

No. All known vulnerabilities in Uix Shortcodes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Uix Shortcodes compatible with WordPress 6.8.5?

According to WordPress.org data, Uix Shortcodes 2.0.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Uix Shortcodes compatible with PHP 5.6+?

Uix Shortcodes requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Uix Shortcodes updated?

Uix Shortcodes was last updated on Apr 24, 2025. Frequent updates are generally a positive security signal.

What is Uix Shortcodes's security score?

Uix Shortcodes has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Uix Shortcodes Security & Risk Analysis

wordpress.org/plugins/uix-shortcodes

Uix Shortcodes brings an amazing set of beautiful and useful elements to your site that lets you do nifty things with very little effort.

400 active installs v2.0.5 PHP 5.6+ WP 4.2+ Updated Apr 24, 2025

blocksgutenbergshort-codeshortcodeshortcodes

A · Safe

CVEs total3

Unpatched0

Last CVEApr 16, 2025

Plugin page Download

Safety Verdict

Is Uix Shortcodes Safe to Use in 2026?

Generally Safe

Score 94/100

Uix Shortcodes has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 16, 2025Updated 11mo ago

Risk Assessment

The uix-shortcodes plugin, version 2.0.5, presents a mixed security profile. On the positive side, the plugin demonstrates good practices by implementing capability checks on a significant number of entry points and appears to have no directly unprotected AJAX handlers or REST API routes. The taint analysis shows no critical or high-severity unsanitized flows, and the majority of output is properly escaped, indicating a conscious effort to prevent common web vulnerabilities. However, the historical vulnerability data is a significant concern. The presence of three known CVEs, with two classified as high severity and one as medium, suggests a history of exploitable security flaws, even if they are currently patched. The common types of past vulnerabilities, Cross-site Scripting and Code Injection, are serious and can lead to full site compromise.

Key Concerns

High severity vulnerabilities in history (2)
Medium severity vulnerabilities in history (1)
SQL queries not using prepared statements (2)
Bundled library (TinyMCE)

Vulnerabilities

Uix Shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-39574medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Uix Shortcodes <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2025 Patched in 2.0.5 (7d)

CVE-2025-22677high · 7.3Improper Control of Generation of Code ('Code Injection')

Uix Shortcodes <= 2.0.3 - Unauthenticated Arbitrary Shortcode Execution

Feb 3, 2025 Patched in 2.0.4 (10d)

CVE-2024-9772high · 7.3Improper Control of Generation of Code ('Code Injection')

Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution

Oct 25, 2024 Patched in 2.0.0 (48d)

Code Analysis

Analyzed Mar 16, 2026

Uix Shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

604 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared2 total queries

Output Escaping

86% escaped702 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

<custom-css> (helper\tabs\custom-css.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Uix Shortcodes Attack Surface

Entry Points42

Unprotected0

AJAX Handlers 2

noprivwp_ajax_uixscform_ajax_shortcodepreviewincludes\uixscform\init.php:37

authwp_ajax_uixscform_ajax_shortcodepreviewincludes\uixscform\init.php:38

Shortcodes 40

[uix_hello] shortcodes\templates\default\frontpage-init.php:70

[uix_hello2] shortcodes\templates\default\frontpage-init.php:92

[uix_container] shortcodes\templates\default\frontpage-init.php:161

[uix_progress_bar] shortcodes\templates\default\frontpage-init.php:222

[uix_icons] shortcodes\templates\default\frontpage-init.php:250

[uix_recent_posts] shortcodes\templates\default\frontpage-init.php:391

[uix_pricing] shortcodes\templates\default\frontpage-init.php:415

[uix_pricing_item] shortcodes\templates\default\frontpage-init.php:465

[uix_column_wrapper] shortcodes\templates\default\frontpage-init.php:493

[uix_column] shortcodes\templates\default\frontpage-init.php:518

[uix_button] shortcodes\templates\default\frontpage-init.php:568

[uix_share_buttons] shortcodes\templates\default\frontpage-init.php:636

[uix_toggle] shortcodes\templates\default\frontpage-init.php:691

[uix_toggle_item] shortcodes\templates\default\frontpage-init.php:730

[uix_toggle_item_content] shortcodes\templates\default\frontpage-init.php:756

[uix_toggle_group] shortcodes\templates\default\frontpage-init.php:774

[uix_video] shortcodes\templates\default\frontpage-init.php:803

[uix_audio] shortcodes\templates\default\frontpage-init.php:839

[uix_code] shortcodes\templates\default\frontpage-init.php:868

[uix_portfolio] shortcodes\templates\default\frontpage-init.php:932

[uix_portfolio_item] shortcodes\templates\default\frontpage-init.php:995

[uix_team] shortcodes\templates\default\frontpage-init.php:1054

[uix_team_item] shortcodes\templates\default\frontpage-init.php:1161

[uix_features] shortcodes\templates\default\frontpage-init.php:1213

[uix_features_item] shortcodes\templates\default\frontpage-init.php:1270

[uix_client] shortcodes\templates\default\frontpage-init.php:1295

[uix_client_item] shortcodes\templates\default\frontpage-init.php:1331

[uix_testimonials] shortcodes\templates\default\frontpage-init.php:1398

[uix_testimonials_item] shortcodes\templates\default\frontpage-init.php:1434

[uix_map] shortcodes\templates\default\frontpage-init.php:1465

[uix_heading] shortcodes\templates\default\frontpage-init.php:1524

[uix_heading_line] shortcodes\templates\default\frontpage-init.php:1547

[uix_heading_sub] shortcodes\templates\default\frontpage-init.php:1585

[uix_dividing_line] shortcodes\templates\default\frontpage-init.php:1629

[uix_contact_form] shortcodes\templates\default\frontpage-init.php:1672

[uix_authorcard] shortcodes\templates\default\frontpage-init.php:1742

[uix_imageslider] shortcodes\templates\default\frontpage-init.php:1820

[uix_imageslider_item] shortcodes\templates\default\frontpage-init.php:1863

[uix_timeline] shortcodes\templates\default\frontpage-init.php:1894

[uix_timeline_item] shortcodes\templates\default\frontpage-init.php:1927

WordPress Hooks 37

actionadmin_enqueue_scriptshelper\settings.php:23

actionadmin_enqueue_scriptsincludes\admin\block-init.php:12

actionadmin_footerincludes\admin\block-init.php:62

actionadd_meta_boxesincludes\admin\uix-custom-metaboxes\init.php:85

actionsave_postincludes\admin\uix-custom-metaboxes\init.php:89

actionadmin_enqueue_scriptsincludes\admin\uix-custom-metaboxes\init.php:93

actionadmin_initincludes\admin\uix-custom-metaboxes\init.php:134

filteradmin_body_classincludes\admin\uix-custom-metaboxes\init.php:137

actionwp_enqueue_scriptsincludes\uixscform\init.php:32

actionadmin_enqueue_scriptsincludes\uixscform\init.php:33

actionadmin_initincludes\uixscform\init.php:34

actionadmin_initincludes\uixscform\init.php:35

filtermce_cssincludes\uixscform\init.php:36

actioncustomize_controls_print_scriptsincludes\uixscform\init.php:50

actioncustomize_controls_print_scriptsincludes\uixscform\init.php:51

actionadmin_footerincludes\uixscform\init.php:53

actionadmin_footerincludes\uixscform\init.php:54

filtermce_buttonsshortcodes\backstage-init.php:18

filtermce_external_pluginsshortcodes\backstage-init.php:24

filtermce_buttonsshortcodes\backstage-init.php:57

actionadmin_footershortcodes\backstage-init.php:106

filtermce_external_languagesshortcodes\backstage-init.php:119

filterwidget_textshortcodes\templates\default\frontpage-init.php:7

filterthe_excerptshortcodes\templates\default\frontpage-init.php:8

actioninituix-shortcodes.php:41

actionadmin_enqueue_scriptsuix-shortcodes.php:43

actionadmin_enqueue_scriptsuix-shortcodes.php:44

actionwp_enqueue_scriptsuix-shortcodes.php:45

actionwp_enqueue_scriptsuix-shortcodes.php:46

actioncurrent_screenuix-shortcodes.php:47

actionadmin_inituix-shortcodes.php:48

actionadmin_inituix-shortcodes.php:49

actionadmin_menuuix-shortcodes.php:50

actioninituix-shortcodes.php:51

actionadmin_inituix-shortcodes.php:52

filterbody_classuix-shortcodes.php:53

actionplugins_loadeduix-shortcodes.php:1557

Maintenance & Trust

Uix Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 24, 2025

PHP min version5.6

Downloads43K

Community Trust

Rating100/100

Number of ratings4

Active installs400

Alternatives

Uix Shortcodes Alternatives

Saiy2k Nostr Components

saiy2k-nostr-components

100

Gutenberg blocks and shortcodes for Nostr web components. Display Nostr zap buttons, follow buttons, posts, profiles.

0 No CVEs

oik

Over 80 advanced, powerful shortcodes, and 9 blocks for displaying the content of your WordPress website.

2K 7 CVEs

Shortcode Preview Block

shortcode-with-preview-block

Shows preview of any shortcode on editor side. It renders shortcode in the editor side so editor does not need to visit front side.

1K No CVEs

Blocks to Shortcode – Use blocks everywhere: in page templates, Elementor, etc.

blocks-to-shortcode

100

Easily convert blocks into shortcodes and reuse them anywhere on your site - in posts, pages, widgets, templates, and page builders like Elementor.

300 No CVEs

Dev Content Blocks

dev-content-blocks

Content blocks for global content, with revisions. Use HTML without formatting being broken. Not only for devs.

300 No CVEs

Developer Profile

Uix Shortcodes Developer Profile

UIUX Lab

6 plugins · 540 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

32 days

View full developer profile

Detection Fingerprints

How We Detect Uix Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uix-shortcodes/assets/add-ons/piechart/jquery.easypiechart.min.js/wp-content/plugins/uix-shortcodes/assets/add-ons/prettyPhoto/jquery.prettyPhoto.js/wp-content/plugins/uix-shortcodes/assets/add-ons/prettyPhoto/jquery.prettyPhoto.css/wp-content/plugins/uix-shortcodes/assets/add-ons/muuri/muuri.min.js/wp-content/plugins/uix-shortcodes/css/shortcodes.min.css/wp-content/plugins/uix-shortcodes/css/shortcodes-rtl.min.css/wp-content/plugins/uix-shortcodes/js/shortcodes.min.js/wp-content/plugins/uix-shortcodes/shortcodes/editor/style.min.css

Script Paths

/wp-content/plugins/uix-shortcodes/js/shortcodes.min.js

Version Parameters

uix-shortcodes/css/shortcodes.min.css?ver=uix-shortcodes/css/shortcodes-rtl.min.css?ver=uix-shortcodes/js/shortcodes.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

uix_shortcodesuix-shortcodes-container

JS Globals

wp_plug_uixsc_root_path

Shortcode Output

[uix_shortcodes[uix_sc_module_container[uix_sc_module_pricing_col3[uix_sc_module_pricing_col4

FAQ