Does Visual Shortcodes have any unpatched vulnerabilities?

No. All known vulnerabilities in Visual Shortcodes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Visual Shortcodes compatible with WordPress 3.5.2?

According to WordPress.org data, Visual Shortcodes 0.1 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Visual Shortcodes updated?

Visual Shortcodes was last updated on Jan 12, 2013. Frequent updates are generally a positive security signal.

What is Visual Shortcodes's security score?

Visual Shortcodes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Visual Shortcodes Security & Risk Analysis

wordpress.org/plugins/visual-shortcodes

This is a utility plugin that will allow other plugins and themes to swap out shortcodes with custom images, in the same way that WordPress' nati …

100 active installs v0.1 PHP + WP 3.2.1+ Updated Jan 12, 2013

editorshortcodesvisual-editor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Visual Shortcodes Safe to Use in 2026?

Generally Safe

Score 85/100

Visual Shortcodes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The static analysis of the 'visual-shortcodes' plugin v0.1 indicates an exceptionally clean codebase, with no detected vulnerabilities, dangerous functions, or potential attack vectors from AJAX handlers, REST API routes, shortcodes, or cron events. The complete absence of SQL queries, file operations, external HTTP requests, and the perfect score for output escaping and prepared statements are strong indicators of secure coding practices. Taint analysis also shows no identified risks.

The vulnerability history further reinforces this positive assessment, with zero recorded CVEs of any severity. This lack of historical vulnerabilities, coupled with the clean static analysis, suggests a plugin that is either very new, extremely simple, or has been rigorously maintained and secured. There are no immediate security concerns apparent from the provided data.

However, it's important to note that the plugin's attack surface is reported as zero, which is highly unusual for a plugin that likely offers some functionality. If this is accurate, it implies the plugin might be dormant or purely informational. If it does indeed provide features, the lack of any reported entry points is a potential anomaly that warrants further investigation. In the absence of any identified weaknesses, the current risk assessment is very low.

Key Concerns

No nonce checks on entry points
No capability checks on entry points
Extremely low attack surface may indicate dormant plugin

Vulnerabilities

None known

Visual Shortcodes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Visual Shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Visual Shortcodes Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filtermce_external_pluginsvisual-shortcodes.php:44

filtermce_external_languagesvisual-shortcodes.php:45

actionadmin_print_stylesvisual-shortcodes.php:46

Maintenance & Trust

Visual Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJan 12, 2013

PHP min version

Downloads3K

Community Trust

Rating50/100

Number of ratings2

Active installs100

Alternatives

Visual Shortcodes Alternatives

FOUNDATION LIVE SHORTCODES

foundation-live-shortcodes

Add to your content the elements of Zurb Foundation Framework. This plugin is compatible with all themes.

10 No CVEs

Page Builder by SiteOrigin

siteorigin-panels

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs

Brizy – Page Builder

brizy

A page builder that is fast & easy, Brizy is a next-gen website builder that anyone can use. No designer or developer skills required.

70K 29 CVEs

Forget About Shortcode Buttons

forget-about-shortcode-buttons

A visual way to add CSS buttons in the rich text editor and to your themes.

30K 2 CVEs

Nimble Page Builder

nimble-builder

Simple and smart companion that allows you to insert sections into any existing page, create landing pages or entire websites including header and foo …

30K 1 CVE

Developer Profile

Visual Shortcodes Developer Profile

J B

2 plugins · 7K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Visual Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/visual-shortcodes/buttons.css/wp-content/plugins/visual-shortcodes/visualshortcodes/editor_plugin.js/wp-content/plugins/visual-shortcodes/visualshortcodes/langs.php

Script Paths

/wp-content/plugins/visual-shortcodes/visualshortcodes/editor_plugin.js

HTML / DOM Fingerprints

CSS Classes

jpb_visualshortcodes

FAQ