WP-Safety

Ad Rakuten Security & Risk Analysis

wordpress.org/plugins/add-rakuten

With this plugin you can add Rakuten products in your website.

40 active installs v0.0.11 PHP 5.2.4+ WP 4.0+ Updated Jul 6, 2018
%e3%82%a6%e3%82%a7%e3%83%96%e3%82%b5%e3%83%bc%e3%83%93%e3%82%b9rakutenshortcodewebservice%e6%a5%bd%e5%a4%a9
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ad Rakuten Safe to Use in 2026?

Generally Safe

Score 85/100

Ad Rakuten has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The add-rakuten plugin v0.0.11 exhibits a generally positive security posture with several good practices implemented. Notably, there are no known vulnerabilities (CVEs) associated with this plugin, and all SQL queries are executed using prepared statements, significantly reducing the risk of SQL injection. The presence of nonce and capability checks on the limited entry points further strengthens its defenses. However, the static analysis reveals a significant concern regarding output escaping, with nearly half of the outputs not being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed to other users. Additionally, the taint analysis indicates two flows with unsanitized paths, which warrants further investigation to understand their potential impact. While the attack surface is small, the presence of these potential XSS vectors and unsanitized paths detracts from an otherwise solid security foundation. The lack of vulnerability history is a positive sign, suggesting a history of secure development or a low profile that has not attracted attackers. Overall, the plugin has strengths in its handling of database interactions and authentication on entry points, but weaknesses in output sanitization and potential unsanitized data flows require attention.

Key Concerns

  • Significant portion of outputs not properly escaped
  • Taint analysis shows unsanitized paths
Vulnerabilities
None known

Ad Rakuten Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Ad Rakuten Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Ad Rakuten Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
40
37 escaped
Nonce Checks
1
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

48% escaped77 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
<bookmark> (sdk\sample\bookmark.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ad Rakuten Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[rakuten] ad-rakuten.php:129
WordPress Hooks 10
actioninitad-rakuten.php:31
actionadmin_menuad-rakuten.php:61
filtermce_external_pluginsad-rakuten.php:64
filtermce_buttonsad-rakuten.php:65
actionadmin_footerad-rakuten.php:69
actionadmin_print_scriptsad-rakuten.php:70
actionadmin_noticesad-rakuten.php:125
actioncustomize_registerad-rakuten.php:212
actionwp_enqueue_scriptsad-rakuten.php:462
actionplugins_loadedad-rakuten.php:468
Maintenance & Trust

Ad Rakuten Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJul 6, 2018
PHP min version5.2.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

Ad Rakuten Alternatives

WP Shortcodes Plugin — Shortcodes Ultimate

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A
88

A comprehensive collection of visual components for your site

400K 35 CVEs
MW WP Form

MW WP Form

mw-wp-form

B
84

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, &hellip;

200K 6 CVEs
Shortcoder — Create Shortcodes for Anything

Shortcoder — Create Shortcodes for Anything

shortcoder

A
98

Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets

100K 2 CVEs
Display Posts – Easy lists, grids, navigation, and more

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

A
92

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs
WP Show Posts

WP Show Posts

wp-show-posts

A
90

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs
Developer Profile

Ad Rakuten Developer Profile

Jonathan FALEME

3 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ad Rakuten

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/add-rakuten/assets/js/rakuten-plugin.js
Script Paths
/wp-content/plugins/add-rakuten/assets/js/rakuten-plugin.js
Version Parameters
add-rakuten/style.css?ver=add-rakuten/assets/js/rakuten-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes
rakuten_item_thumbnailrakuten_item_namerakuten_item_price
HTML Comments
SDK: https://webservice.rakuten.co.jp/sdk/ https://github.com/rakuten-ws/rws-php-sdk Create a buttons: https://code.tutsplus.com/tutorials/guide-to-creating-your-own-wordpress-editor-buttons--wp-30182 http://demo.wp-affiliate-store.com/
Data Attributes
rakuten_item_bgcolorrakuten_item_max_widthrakuten_item_price_colorrakuten_item_price_size
JS Globals
rakuten_tinymce
Shortcode Output
<a href='{item.url}' target='_blank'> <div class='img-container'> <img class='rakuten_item_thumbnail' src='{item.thumbnail}' /> </div> <dl> <dt class='rakuten_item_name'>{item.name}</dt> <dd class='rakuten_item_price'>{item.price} 円</dd> </dl> </a>
FAQ

Frequently Asked Questions about Ad Rakuten