Zoomify embed for WP Security & Risk Analysis
wordpress.org/plugins/zoom-image-shortcodeThis plugin offers an easy way to embed zoomify .zif files in your WordPress website.
Is Zoomify embed for WP Safe to Use in 2026?
Use With Caution
Score 63/100Zoomify embed for WP has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "zoom-image-shortcode" plugin v1.5.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding external HTTP requests. It also has a limited attack surface with only one entry point (a shortcode) and no identified AJAX handlers or REST API routes that are unprotected. Furthermore, the static analysis revealed no critical or high-severity taint flows and no dangerous function usage. However, significant concerns arise from the complete lack of output escaping and the absence of any nonce or capability checks. This means that any output generated by the plugin's shortcode could potentially be vulnerable to cross-site scripting (XSS) attacks, as user-supplied data is not being sanitized before being displayed. The vulnerability history further exacerbates these concerns, with one medium-severity XSS vulnerability recorded and currently unpatched. This indicates a recurring pattern of insecure handling of user input that could lead to harmful code injection.
Key Concerns
- Unpatched medium severity CVE
- 0% output escaping
- 0 capability checks
- 0 nonce checks
Zoomify embed for WP Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Zoomify embed for WP <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Zoomify embed for WP Code Analysis
Output Escaping
Zoomify embed for WP Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Zoomify embed for WP Maintenance & Trust
Maintenance Signals
Community Trust
Zoomify embed for WP Alternatives
Random Images
random-images
The [random_images] shortcode displays random attached images.
story|ftw
storyftw
story|ftw is a full screen, mobile first storytelling plugin. It can do text, images, gifs, video backgrounds plus a whole lot more.
YD Zoomify
yd-zoomify
Allows for simple insertion of a Zoomify zoomable web image in a post content, page or template.
BCorp Slider
bcorp-slider
Powerful transitional slider shortcode for the BCorp Shortcode collection and BCorp Visual Editor.
downloadable gallery
downloadable-gallery
A shortcode which shows an gallery of downloadeble images
Zoomify embed for WP Developer Profile
2 plugins · 90 total installs
How We Detect Zoomify embed for WP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/zoom-image-shortcode/assets/js/ZoomifyImageViewerExpress-min.js/wp-content/plugins/zoom-image-shortcode/assets/css/zoomify-styles.css/wp-content/plugins/zoom-image-shortcode/assets/Skins/Default//wp-content/plugins/zoom-image-shortcode/assets/Skins/Light//wp-content/plugins/zoom-image-shortcode/assets/Skins/Dark/zoomify-jsgh-zoomifyHTML / DOM Fingerprints
zoomify-wrapper<!-- code for header css and JS --><!-- Add support for uploading zif files --><!-- code for shortcode --><!-- Helper functions -->+2 morezskinpathzinitialzoomzinitialxzinitialyzminzoomzmaxzoom+9 moreZ.showImage<div id='zoomifyContainer-' class='zoomify-wrapper'></div>