[凹凸曼]一键微信登录 Security & Risk Analysis
wordpress.org/plugins/apoyl-weixin这是一款实现微信互联一键登录网站,让用户不在繁琐去注册用户,一键实现微信登录,可以让电脑版网站扫描登录和手机微信登录,多个公众号,甚至以后需要移动APP应用微信登录,统一用户账号的需求,极大的方便用户登录网站.
Is [凹凸曼]一键微信登录 Safe to Use in 2026?
Generally Safe
Score 100/100[凹凸曼]一键微信登录 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'apoyl-weixin' plugin v2.4.0 presents a mixed security posture. While it shows strengths in avoiding dangerous functions, file operations, and has a clean vulnerability history, significant concerns arise from its attack surface and the lack of proper authentication. The plugin exposes four AJAX handlers, all of which lack authentication checks. This creates a substantial risk, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.
The static analysis also reveals some concerning taint analysis results, with two flows identified as having unsanitized paths. Although these are not categorized as critical or high severity, they still represent potential vulnerabilities where user-supplied data might not be adequately validated or escaped before being processed, potentially leading to XSS or other injection attacks.
The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting either a well-maintained codebase or a lack of past exploitation attempts. However, this should not overshadow the immediate risks identified in the static analysis. The plugin's strengths lie in its proper output escaping and use of prepared statements for most SQL queries. The main weakness is the unprotected AJAX endpoints, which is a critical security oversight that needs immediate attention.
Key Concerns
- AJAX handlers without auth checks
- Taint flows with unsanitized paths
- No capability checks on entry points
- SQL queries not fully using prepared statements
[凹凸曼]一键微信登录 Security Vulnerabilities
[凹凸曼]一键微信登录 Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
[凹凸曼]一键微信登录 Attack Surface
AJAX Handlers 4
WordPress Hooks 7
Maintenance & Trust
[凹凸曼]一键微信登录 Maintenance & Trust
Maintenance Signals
Community Trust
[凹凸曼]一键微信登录 Alternatives
Wenprise WeChatPay Payment Gateway For WooCommerce
wenprise-wechatpay-checkout-for-woocommerce
WeChat payment gateway for WooCommerce, WooCommerce 微信免费全功能支付网关。
WP Weixin
wp-weixin
WordPress WeChat integration
![[凹凸曼]微信分享有图-WeChat Page Sharing](https://ps.w.org/apoyl-weixinshare/assets/icon-128x128.png){kind=icon}
[凹凸曼]微信分享有图-WeChat Page Sharing
apoyl-weixinshare
这是一款解决在微信里首页、文章、单页等页面(如post, page, attachment, revision, menu)分享到朋友或朋友圈,图标无法显示,描述更改为部分文章内容或者文章摘要. This is a solution to share to Chat or share on Mome …
导入微信文章 (Import Articles from WeChat)
import-articles-from-wechat
A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.
Payment gateway for WooCommerce – Woo WeChatPay
woo-wechatpay
WeChat Pay payment gateway for WooCommerce.
[凹凸曼]一键微信登录 Developer Profile
27 plugins · 710 total installs
How We Detect [凹凸曼]一键微信登录
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/apoyl-weixin/admin/css/admin.css/wp-content/plugins/apoyl-weixin/admin/js/admin.jsapoyl-weixin/admin/css/admin.css?ver=apoyl-weixin/admin/js/admin.js?ver=HTML / DOM Fingerprints
<!--
* @link http://www.girltm.com/
* @since 1.0.0
* @package APOYL_WEIXIN
* @subpackage APOYL_WEIXIN/admin
* @author 凹凸曼 <3201361925@qq.com>
*
-->