WP Scribe Box Security & Risk Analysis
wordpress.org/plugins/wp-scribe-boxDisplay the Scribe affiliate marketing box on your website using shortcodes or PHP.
Is WP Scribe Box Safe to Use in 2026?
Generally Safe
Score 100/100WP Scribe Box has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-scribe-box plugin v0.2.3 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of known CVEs, coupled with the fact that all SQL queries utilize prepared statements, indicates a strong foundation in secure coding practices. The limited attack surface, consisting of a single shortcode with no immediately apparent unprotected entry points, further contributes to its safety. However, a significant concern arises from the low percentage of properly escaped output (15%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected through user-supplied data that is then displayed on the frontend without adequate sanitization. While taint analysis shows no critical or high severity unsanitized flows, this is in the context of zero flows being analyzed, which is itself a weakness as it implies incomplete testing. The plugin also lacks nonce checks, which, while not a direct vulnerability in this case due to the limited attack surface, is a missed opportunity for an additional layer of security, especially if the plugin were to evolve with more complex functionalities.
Key Concerns
- Low output escaping percentage
- Zero taint flows analyzed
- Lack of nonce checks
WP Scribe Box Security Vulnerabilities
WP Scribe Box Code Analysis
Output Escaping
WP Scribe Box Attack Surface
Shortcodes 1
WordPress Hooks 8
Maintenance & Trust
WP Scribe Box Maintenance & Trust
Maintenance Signals
Community Trust
WP Scribe Box Alternatives
WP Genesis Box
wp-genesis-box
Display the Genesis framework affiliate marketing box on your website using shortcodes or PHP.
Creative Mail – Easier WordPress & WooCommerce Email Marketing
creative-mail-by-constant-contact
Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution
fluent-crm
The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages
convertkit
Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).
WP Scribe Box Developer Profile
14 plugins · 1K total installs
How We Detect WP Scribe Box
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-scribe-box/css/wp-scribe-box-style.css/wp-content/plugins/wp-scribe-box/js/wp-scribe-box-admin.js/wp-content/plugins/wp-scribe-box/js/wp-scribe-box.js/wp-content/plugins/wp-scribe-box/js/wp-scribe-box-admin.js/wp-content/plugins/wp-scribe-box/js/wp-scribe-box.jswp-scribe-box/css/wp-scribe-box-style.css?ver=wp-scribe-box/js/wp-scribe-box-admin.js?ver=wp-scribe-box/js/wp-scribe-box.js?ver=HTML / DOM Fingerprints
wp-scribe-box-contentwp-scribe-box-image<!-- Scribe Box Start --><!-- Scribe Box End -->data-scribe-affurldata-scribe-imgdata-scribe-nofollowdata-scribe-roundedWPSB_OPTIONS_NAMEWPSB_SLUG<div class="wp-scribe-box-content"><img class="wp-scribe-box-image"