Does WP Foundation Shortcodes have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Foundation Shortcodes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Foundation Shortcodes compatible with WordPress 4.5.33?

According to WordPress.org data, WP Foundation Shortcodes 0.8.5 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is WP Foundation Shortcodes updated?

WP Foundation Shortcodes was last updated on Jul 3, 2016. Frequent updates are generally a positive security signal.

What is WP Foundation Shortcodes's security score?

WP Foundation Shortcodes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Foundation Shortcodes Security & Risk Analysis

wordpress.org/plugins/wp-foundation-shortcodes

WP Foundation Shortcodes Plugin makes your ZURB Foundation website to the most powerful framework by styling your content with shortcodes

100 active installs v0.8.5 PHP + WP 4.0+ Updated Jul 3, 2016

wordpress-foundation-shortcodewordpress-shortcodeswordpress-zurb-foundationwp-foundation-shortcodeszurb-foundation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Foundation Shortcodes Safe to Use in 2026?

Generally Safe

Score 85/100

WP Foundation Shortcodes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The wp-foundation-shortcodes plugin exhibits a generally positive security posture with several good practices in place. The complete absence of critical or high-severity vulnerabilities in its history, along with the use of prepared statements for its single SQL query and a high percentage of properly escaped outputs, are strong indicators of a well-maintained codebase. The lack of file operations and external HTTP requests further reduces the potential for common attack vectors.

However, the plugin is not without its concerns. A significant area of risk lies in its attack surface. Two out of the 60 total entry points, specifically two AJAX handlers, lack authentication checks. This means that any user, regardless of their logged-in status or capabilities, could potentially trigger these AJAX actions, opening the door to unauthorized operations if these handlers perform sensitive actions. The absence of nonce checks across all entry points is also a notable weakness, as nonces are crucial for preventing Cross-Site Request Forgery (CSRF) attacks.

Overall, while the plugin has a clean vulnerability history and strong internal coding practices, the exposed AJAX handlers and lack of nonce protection represent clear security risks that should be addressed to enhance its overall security posture. The use of TinyMCE, while a common bundled library, could also introduce risks if it's an outdated version, though this is not explicitly stated in the provided data.

Key Concerns

2 AJAX handlers without auth checks
0 Nonce checks for entry points
82% output escaping (18% unescaped)

Vulnerabilities

None known

WP Foundation Shortcodes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Foundation Shortcodes Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

143 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared1 total queries

Output Escaping

82% escaped175 total outputs

Attack Surface

2 unprotected

WP Foundation Shortcodes Attack Surface

Entry Points60

Unprotected2

AJAX Handlers 2

authwp_ajax_wp_foundation_shortcodes_check_url_actionclass.foundation_TinyMCE_shortcodes.php:18

authwp_ajax_p_foundation_shortcodes_shortcodes_nonceclass.foundation_TinyMCE_shortcodes.php:19

Shortcodes 58

[posts_grid] class.foundation_shortcodes.php:15

[posts_list] class.foundation_shortcodes.php:16

[posts_lightbox] class.foundation_shortcodes.php:17

[posts_cycle] class.foundation_shortcodes.php:18

[button] class.foundation_shortcodes.php:21

[button_groups] class.foundation_shortcodes.php:22

[button_group] class.foundation_shortcodes.php:23

[split_button] class.foundation_shortcodes.php:24

[dropdown] class.foundation_shortcodes.php:25

[radio_button_groups] class.foundation_shortcodes.php:26

[radio_button_group] class.foundation_shortcodes.php:27

[button_option_groups] class.foundation_shortcodes.php:28

[button_option_group] class.foundation_shortcodes.php:29

[table] class.foundation_shortcodes.php:32

[tabs] class.foundation_shortcodes.php:33

[tab] class.foundation_shortcodes.php:34

[progressbar] class.foundation_shortcodes.php:35

[pricing_table] class.foundation_shortcodes.php:36

[equalizers] class.foundation_shortcodes.php:37

[equalizer] class.foundation_shortcodes.php:38

[label] class.foundation_shortcodes.php:39

[accordions] class.foundation_shortcodes.php:40

[accordion] class.foundation_shortcodes.php:41

[blockquote] class.foundation_shortcodes.php:42

[icon] class.foundation_shortcodes.php:43

[address] class.foundation_shortcodes.php:44

[clear] class.foundation_shortcodes.php:45

[span] class.foundation_shortcodes.php:46

[hr] class.foundation_shortcodes.php:47

[inline_list] class.foundation_shortcodes.php:48

[link] class.foundation_shortcodes.php:49

[keystroke] class.foundation_shortcodes.php:50

[alert_box] class.foundation_shortcodes.php:53

[panel] class.foundation_shortcodes.php:54

[tooltip] class.foundation_shortcodes.php:55

[banner] class.foundation_shortcodes.php:56

[service_box] class.foundation_shortcodes.php:57

[comments] class.foundation_shortcodes.php:58

[categories] class.foundation_shortcodes.php:59

[tags] class.foundation_shortcodes.php:60

[google_map] class.foundation_shortcodes.php:63

[product_card] class.foundation_shortcodes.php:64

[product_card_hover] class.foundation_shortcodes.php:65

[social_login_button] class.foundation_shortcodes.php:66

[row] class.foundation_shortcodes.php:69

[columns] class.foundation_shortcodes.php:70

[column] class.foundation_shortcodes.php:71

[blocks_grid] class.foundation_shortcodes.php:74

[block_grid] class.foundation_shortcodes.php:75

[orbit_sliders] class.foundation_shortcodes.php:78

[orbit_slider] class.foundation_shortcodes.php:79

[thumbnail] class.foundation_shortcodes.php:80

[clearing_thumbs] class.foundation_shortcodes.php:81

[clearing_thumb] class.foundation_shortcodes.php:82

[slick_sliders] class.foundation_shortcodes.php:83

[slick_slider] class.foundation_shortcodes.php:84

[range_slider] class.foundation_shortcodes.php:87

[switch] class.foundation_shortcodes.php:88

WordPress Hooks 12

actioninitclass.foundation_plugin.php:11

filterwidget_textclass.foundation_plugin.php:55

actioninitclass.foundation_plugin_admin.php:15

actionadmin_menuclass.foundation_plugin_admin.php:16

filterplugin_row_metaclass.foundation_plugin_admin.php:28

actionadmin_initclass.foundation_plugin_admin.php:43

actionadmin_initclass.foundation_TinyMCE_shortcodes.php:15

actionadmin_enqueue_scriptsclass.foundation_TinyMCE_shortcodes.php:21

actionadmin_footerclass.foundation_TinyMCE_shortcodes.php:24

filtermce_buttonsclass.foundation_TinyMCE_shortcodes.php:34

filtermce_external_pluginsclass.foundation_TinyMCE_shortcodes.php:35

actionplugins_loadedwp-foundation-shortcodes.php:53

Maintenance & Trust

WP Foundation Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedJul 3, 2016

PHP min version

Downloads6K

Community Trust

Rating86/100

Number of ratings6

Active installs100

Alternatives

WP Foundation Shortcodes Alternatives

FOUNDATION LIVE SHORTCODES

foundation-live-shortcodes

Add to your content the elements of Zurb Foundation Framework. This plugin is compatible with all themes.

10 No CVEs

Zurb Foundation 5 Clearing Gallery

zurb-foundation-5-clearing-gallery

Enhance Wordpress gallery shortcode content with the Zurb Foundation Clearing lightbox. Just enable and all gallery shortcodes will use Clearing.

80 No CVEs

Shortcodes

bkc-wp-shortcodes

Shortcodes plugin will helps to get option, post meta and other core data using shortcode.

10 No CVEs

Effortless Shortcode Insertion

effortless-shortcode-insertion

100

Easily manage and insert custom shortcodes in WordPress to display dynamic content.

0 No CVEs

UT WordPress Shortcodes

ut-wordpress-shortcodes

Plugin to create useful shortcodes for easy site management.

0 No CVEs

Developer Profile

WP Foundation Shortcodes Developer Profile

Adam Pery

2 plugins · 160 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Foundation Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-foundation-shortcodes/stylesheets/app.css/wp-content/plugins/wp-foundation-shortcodes/js/app.js/wp-content/plugins/wp-foundation-shortcodes/admin/css/tinymce-shortcodes.css

Script Paths

/wp-content/plugins/wp-foundation-shortcodes/admin/shortcodes/editor.js?v=0.2

Version Parameters

wp-foundation-shortcodes/stylesheets/app.css?ver=wp-foundation-shortcodes/js/app.js?ver=wp-foundation-shortcodes/admin/css/tinymce-shortcodes.css?ver=

HTML / DOM Fingerprints

JS Globals

wp_foundation_shortcodes_settings

REST Endpoints

/wp-json/wp-foundation-shortcodes/v1/check-url

FAQ