Does Woo Framework Shortcodes have any unpatched vulnerabilities?

No. All known vulnerabilities in Woo Framework Shortcodes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Woo Framework Shortcodes compatible with WordPress 4.4.34?

According to WordPress.org data, Woo Framework Shortcodes 1.0.0 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Woo Framework Shortcodes updated?

Woo Framework Shortcodes was last updated on Feb 28, 2016. Frequent updates are generally a positive security signal.

What is Woo Framework Shortcodes's security score?

Woo Framework Shortcodes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Woo Framework Shortcodes Security & Risk Analysis

wordpress.org/plugins/woo-framework-shortcodes

WooThemes uses WooFramework which comes with loads of shortcodes, if you have used the theme for a while you may have used the

80 active installs v1.0.0 PHP + WP 3.9.0+ Updated Feb 28, 2016

shortcodeswoo-framework

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Woo Framework Shortcodes Safe to Use in 2026?

Generally Safe

Score 85/100

Woo Framework Shortcodes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "woo-framework-shortcodes" plugin exhibits a generally good security posture with several positive indicators. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and file operations are strong points. The high percentage of properly escaped output further reduces the risk of cross-site scripting (XSS) vulnerabilities. The plugin's vulnerability history being clean is also a positive sign, suggesting a well-maintained codebase or infrequent targeting.

However, a significant concern lies within the attack surface. Two AJAX handlers are present without any authentication checks. This means that any user, even unauthenticated ones, could potentially trigger these handlers, leading to unintended actions or information disclosure depending on their functionality. While the taint analysis did not reveal critical or high severity issues, the single flow with unsanitized paths is a potential area of concern that warrants investigation into its exact nature and impact. The presence of only one nonce check across the entire plugin is also a weakness, as it suggests a limited reliance on nonce verification for critical operations, particularly in conjunction with the unprotected AJAX handlers.

In conclusion, while the plugin demonstrates good practices in critical areas like SQL and output escaping, the unprotected AJAX endpoints represent a notable vulnerability. The clean vulnerability history is encouraging, but it does not negate the immediate risks identified in the static analysis. Addressing the unprotected AJAX handlers and understanding the unsanitized path flow are paramount to improving the plugin's security.

Key Concerns

Unprotected AJAX handlers
Flow with unsanitized paths
Limited nonce checks

Vulnerabilities

None known

Woo Framework Shortcodes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Woo Framework Shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

171 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped187 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<admin-shortcodes> (functions\admin-shortcodes.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Woo Framework Shortcodes Attack Surface

Entry Points62

Unprotected2

AJAX Handlers 2

authwp_ajax_woo_check_url_actionfunctions\admin-shortcode-generator.php:24

authwp_ajax_woo_shortcodes_noncefunctions\admin-shortcode-generator.php:25

Shortcodes 60

[dropcap] functions\admin-shortcodes.php:137

[box] functions\admin-shortcodes.php:188

[button] functions\admin-shortcodes.php:263

[related_posts] functions\admin-shortcodes.php:389

[tweetmeme] functions\admin-shortcodes.php:442

[twitter] functions\admin-shortcodes.php:511

[digg] functions\admin-shortcodes.php:571

[fblike] functions\admin-shortcodes.php:653

[twocol_one] functions\admin-shortcodes.php:674

[twocol_one_last] functions\admin-shortcodes.php:679

[threecol_one] functions\admin-shortcodes.php:687

[threecol_one_last] functions\admin-shortcodes.php:692

[threecol_two] functions\admin-shortcodes.php:697

[threecol_two_last] functions\admin-shortcodes.php:702

[fourcol_one] functions\admin-shortcodes.php:709

[fourcol_one_last] functions\admin-shortcodes.php:714

[fourcol_two] functions\admin-shortcodes.php:719

[fourcol_two_last] functions\admin-shortcodes.php:724

[fourcol_three] functions\admin-shortcodes.php:729

[fourcol_three_last] functions\admin-shortcodes.php:734

[fivecol_one] functions\admin-shortcodes.php:741

[fivecol_one_last] functions\admin-shortcodes.php:746

[fivecol_two] functions\admin-shortcodes.php:751

[fivecol_two_last] functions\admin-shortcodes.php:756

[fivecol_three] functions\admin-shortcodes.php:761

[fivecol_three_last] functions\admin-shortcodes.php:766

[fivecol_four] functions\admin-shortcodes.php:771

[fivecol_four_last] functions\admin-shortcodes.php:776

[sixcol_one] functions\admin-shortcodes.php:784

[sixcol_one_last] functions\admin-shortcodes.php:789

[sixcol_two] functions\admin-shortcodes.php:794

[sixcol_two_last] functions\admin-shortcodes.php:799

[sixcol_three] functions\admin-shortcodes.php:804

[sixcol_three_last] functions\admin-shortcodes.php:809

[sixcol_four] functions\admin-shortcodes.php:814

[sixcol_four_last] functions\admin-shortcodes.php:819

[sixcol_five] functions\admin-shortcodes.php:824

[sixcol_five_last] functions\admin-shortcodes.php:829

[hr] functions\admin-shortcodes.php:841

[divider] functions\admin-shortcodes.php:846

[divider_flat] functions\admin-shortcodes.php:851

[quote] functions\admin-shortcodes.php:875

[ilink] functions\admin-shortcodes.php:902

[toggle] functions\admin-shortcodes.php:983

[fbshare] functions\admin-shortcodes.php:1011

[contact_form] functions\admin-shortcodes.php:1630

[tabs] functions\admin-shortcodes.php:1676

[tab] functions\admin-shortcodes.php:1696

[dropcap] functions\admin-shortcodes.php:1710

[highlight] functions\admin-shortcodes.php:1724

[abbr] functions\admin-shortcodes.php:1738

[typography] functions\admin-shortcodes.php:1803

[unordered_list] functions\admin-shortcodes.php:1851

[ordered_list] functions\admin-shortcodes.php:1865

[social_icon] functions\admin-shortcodes.php:1991

[linkedin_share] functions\admin-shortcodes.php:2026

[google_plusone] functions\admin-shortcodes.php:2150

[twitter_follow] functions\admin-shortcodes.php:2233

[stumbleupon] functions\admin-shortcodes.php:2287

[pinterest] functions\admin-shortcodes.php:2352

WordPress Hooks 18

actionadmin_initfunctions\admin-shortcode-generator.php:21

actionadmin_footerfunctions\admin-shortcode-generator.php:40

filtermce_buttonsfunctions\admin-shortcode-generator.php:43

filtermce_external_pluginsfunctions\admin-shortcode-generator.php:44

filterwidget_textfunctions\admin-shortcodes.php:53

actionwp_print_scriptsfunctions\admin-shortcodes.php:77

actionwp_footerfunctions\admin-shortcodes.php:83

actionloop_startfunctions\admin-shortcodes.php:109

filterget_the_excerptfunctions\admin-shortcodes.php:117

actionloop_endfunctions\admin-shortcodes.php:119

filterget_the_excerptfunctions\admin-shortcodes.php:145

actionwp_footerfunctions\admin-shortcodes.php:1007

actionwp_headfunctions\admin-shortcodes.php:1805

actionwp_footerfunctions\admin-shortcodes.php:2020

actionwoo_shortcode_generator_preview_footerfunctions\admin-shortcodes.php:2021

actionwp_footerfunctions\admin-shortcodes.php:2346

actionwoo_shortcode_generator_preview_footerfunctions\admin-shortcodes.php:2347

actionwp_headwoo-framework-shortcodes.php:19

Maintenance & Trust

Woo Framework Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedFeb 28, 2016

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs80

Alternatives

Woo Framework Shortcodes Alternatives

Column Shortcodes

column-shortcodes

Adds shortcodes to easily create columns in your posts or pages.

60K No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Futurio Extra

futurio-extra

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs

ND Shortcodes

nd-shortcodes

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …

20K 5 CVEs

Contact Form 7 Shortcode Enabler

contact-form-7-shortcode-enabler

This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.

10K No CVEs

Developer Profile

Woo Framework Shortcodes Developer Profile

Anand Shah

1 plugin · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Woo Framework Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-framework-shortcodes/functions/css/colorpicker.css/wp-content/plugins/woo-framework-shortcodes/functions/css/shortcode-generator.css/wp-content/plugins/woo-framework-shortcodes/functions/css/shortcode-icon.css/wp-content/plugins/woo-framework-shortcodes/functions/js/colorpicker.js/wp-content/plugins/woo-framework-shortcodes/functions/js/shortcode-generator/editor_plugin.js/wp-content/plugins/woo-framework-shortcodes/functions/js/shortcode-generator/editor_plugin_39.js/wp-content/plugins/woo-framework-shortcodes/functions/js/shortcode-generator/dialog-js.php/wp-content/plugins/woo-framework-shortcodes/functions/js/shortcode-generator/column-control.js+1 more

Script Paths

functions/js/colorpicker.jsfunctions/css/colorpicker.cssfunctions/css/shortcode-icon.cssfunctions/css/shortcode-generator.cssfunctions/js/shortcode-generator/editor_plugin.jsfunctions/js/shortcode-generator/editor_plugin_39.js+3 more

HTML / DOM Fingerprints

CSS Classes

woo-dialogwoo-options-buttonswoo-btn-cancelwoo-btn-insertwoo-optionswoo-options-table

HTML Comments

Data Attributes

id="woo-dialog"id="woo-options-buttons"id="woo-btn-cancel"id="woo-btn-insert"id="woo-options"id="woo-options-table"+3 more

JS Globals

woo_shortcode_stylesheet

FAQ