Does [凹凸曼]一键QQ登录 have any unpatched vulnerabilities?

No. All known vulnerabilities in [凹凸曼]一键QQ登录 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is [凹凸曼]一键QQ登录 compatible with WordPress 6.9.4?

According to WordPress.org data, [凹凸曼]一键QQ登录 1.9.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is [凹凸曼]一键QQ登录 compatible with PHP 7.4+?

[凹凸曼]一键QQ登录 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is [凹凸曼]一键QQ登录 updated?

[凹凸曼]一键QQ登录 was last updated on Jan 15, 2026. Frequent updates are generally a positive security signal.

What is [凹凸曼]一键QQ登录's security score?

[凹凸曼]一键QQ登录 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

[凹凸曼]一键QQ登录 Security & Risk Analysis

wordpress.org/plugins/apoyl-qq

这是一款实现QQ互联一键登录网站，让用户不在繁琐去注册用户，一键实现QQ登录，极大的方便用户登录网站.

10 active installs v1.9.2 PHP 7.4+ WP 6.0+ Updated Jan 15, 2026

%e7%99%bb%e5%bd%95%e9%80%9a%e8%a1%8c%e8%af%81oauth2qqqqlogin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is [凹凸曼]一键QQ登录 Safe to Use in 2026?

Generally Safe

Score 100/100

[凹凸曼]一键QQ登录 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "apoyl-qq" plugin v1.9.2 presents a moderate security risk primarily due to its unprotected AJAX handlers. While the plugin demonstrates good practices in some areas, such as the absence of dangerous functions, file operations, and external HTTP requests, and a reasonable percentage of SQL queries using prepared statements, the significant number of unprotected entry points is a major concern. All four identified AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these actions, leading to a wide attack surface.

The taint analysis indicates that while no critical or high-severity unsanitized flows were found, two flows with unsanitized paths were identified. This suggests a potential for injection-type vulnerabilities if the data processed by these paths is not properly validated and sanitized before use, though the severity was not deemed critical or high in this analysis. The plugin's history is clean, with no recorded CVEs, which is a positive sign. However, this lack of historical issues does not negate the immediate risks identified in the current static analysis.

In conclusion, the plugin has strengths in avoiding common pitfalls like dangerous functions and raw SQL, and its vulnerability history is excellent. Nevertheless, the unprotected AJAX handlers represent a significant weakness that attackers could exploit. Addressing these unprotected entry points should be the highest priority for improving the plugin's security posture.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths (non-critical)

Vulnerabilities

None known

[凹凸曼]一键QQ登录 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

[凹凸曼]一键QQ登录 Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

79% escaped19 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

qq_callback (api\qqapi\QqConnect.class.php:55)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

[凹凸曼]一键QQ登录 Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_apoyl_qq_ajaxincludes\qq.php:68

authwp_ajax_apoyl_qq_callbackincludes\qq.php:69

noprivwp_ajax_apoyl_qq_ajaxincludes\qq.php:71

noprivwp_ajax_apoyl_qq_callbackincludes\qq.php:72

WordPress Hooks 5

actionplugins_loadedincludes\qq.php:46

actionadmin_menuincludes\qq.php:52

actionwp_before_admin_bar_renderincludes\qq.php:53

filtersanitize_userincludes\qq.php:64

actionlogin_formincludes\qq.php:66

Maintenance & Trust

[凹凸曼]一键QQ登录 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 15, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

[凹凸曼]一键QQ登录 Alternatives

[凹凸曼]一键微信登录

apoyl-weixin

100

这是一款实现微信互联一键登录网站，让用户不在繁琐去注册用户，一键实现微信登录，可以让电脑版网站扫描登录和手机微信登录，多个公众号，甚至以后需要移动APP应用微信登录，统一用户账号的需求，极大的方便用户登录网站.

20 No CVEs

QQ登录

qqconnect

一个直接使用QQ登录的WP的插件

10 No CVEs

QQWorld通行证 / QQWorld Passport

qqworld-passport

QQWorld通行证，支持多种第三方登录，目前支持QQ，微信和微博。尤其是支持多个网站使用同一个微信服务号oauth2登录。

10 No CVEs

OpenID Connect Generic Client

daggerhart-openid-connect-generic

A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.

10K 2 CVEs

WP OAuth Server (OAuth Authentication)

oauth2-provider

Adds Authentication through OAuth 2. Provides the ability for Single Sign On for websites & Mobile Applications.

3K 7 CVEs

Developer Profile

[凹凸曼]一键QQ登录 Developer Profile

apoyl

27 plugins · 710 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect [凹凸曼]一键QQ登录

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/apoyl-qq/admin/css/admin.css/wp-content/plugins/apoyl-qq/admin/js/admin.js

Script Paths

/wp-content/plugins/apoyl-qq/admin/js/admin.js

Version Parameters

apoyl-qq/admin/css/admin.css?ver=apoyl-qq/admin/js/admin.js?ver=

HTML / DOM Fingerprints

FAQ