WP Nutrition Facts Security & Risk Analysis
wordpress.org/plugins/wp-nutrition-factsInsert a Nutrition Facts Table to pages, posts and custom post type.
Is WP Nutrition Facts Safe to Use in 2026?
Generally Safe
Score 85/100WP Nutrition Facts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-nutrition-facts" v1.0.2 plugin presents a mixed security posture. On one hand, it demonstrates good practices by not making external HTTP requests, not performing file operations, and utilizing prepared statements for its SQL queries, which significantly reduces common web application vulnerabilities. The absence of known CVEs and a clean vulnerability history further contribute to a positive security outlook, suggesting that the plugin has historically been well-maintained or has not attracted significant security research.
However, several concerning code signals raise red flags. The presence of a `create_function` call is a critical security concern, as this function is deprecated and can lead to arbitrary code execution if not handled with extreme care, especially in older PHP versions. Furthermore, a very low percentage of properly escaped output (6%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks, despite having a single entry point via a shortcode, is also a significant weakness, potentially allowing for Cross-Site Request Forgery (CSRF) attacks.
In conclusion, while the plugin benefits from a clean vulnerability history and a limited attack surface, the identified code signals, particularly `create_function` and widespread unescaped output, present significant and exploitable security risks. These issues necessitate immediate attention and remediation to ensure the plugin's security.
Key Concerns
- Use of dangerous function: create_function
- Low percentage of properly escaped output
- Missing nonce checks on entry points
WP Nutrition Facts Security Vulnerabilities
WP Nutrition Facts Code Analysis
Dangerous Functions Found
Output Escaping
WP Nutrition Facts Attack Surface
Shortcodes 1
WordPress Hooks 14
Maintenance & Trust
WP Nutrition Facts Maintenance & Trust
Maintenance Signals
Community Trust
WP Nutrition Facts Alternatives
Nutrition Facts Vitamins
nutrition-facts-vitamins
Use this free WordPress plugin to create Nutrition Facts Labels with vitamins.
FoodParser
foodparser
This plugin allows you to add nutrition label to a post. Just click on the pear, and copy/paste the unformatted nutritional information from Calorie C …
Nutrition Facts Label
nutrition-facts-label
This plugin provides food bloggers with the ability to add nutrition facts label to their recipe post(s).
Cooked – Recipe Management
cooked
Cooked is the absolute best way to create & display recipes with WordPress. SEO optimized, galleries, timers, and much more.
Nutrition Facts
nutrition-facts
Display a label of nutrition facts of your recipe with automatic calculation of percent daily value.
WP Nutrition Facts Developer Profile
2 plugins · 150 total installs
How We Detect WP Nutrition Facts
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-nutrition-facts/css/wpnutrifacts.css/wp-content/plugins/wp-nutrition-facts/js/wpnutrifacts.js/wp-content/plugins/wp-nutrition-facts/js/wpnutrifacts.jswpnutrifacts.js?ver=wpnutrifacts.css?ver=HTML / DOM Fingerprints
wpnf-nutrition-facts-tablewpnf-label-titlewpnf-serving-sizewpnf-calorieswpnf-total-fatwpnf-saturated-fatwpnf-trans-fatwpnf-cholesterol+7 moreCopyright (C) 2012-2014 Kilukru MediaThis program is free softwareThis program is distributed in the hope that it will be usefulYou should have received a copy of the GNU General Public License+1 moredata-wpnf-nutrition-factsdata-serving-sizedata-caloriesdata-total-fatdata-saturated-fatdata-trans-fat+7 morewpnutrifacts_options[wpnf-label]