WP-Safety

[凹凸曼]微信分享有图-WeChat Page Sharing Security & Risk Analysis

wordpress.org/plugins/apoyl-weixinshare

这是一款解决在微信里首页、文章、单页等页面(如post, page, attachment, revision, menu)分享到朋友或朋友圈,图标无法显示,描述更改为部分文章内容或者文章摘要. This is a solution to share to Chat or share on Mome …

200 active installs v2.8.1 PHP 7.4+ WP 6.0+ Updated Dec 25, 2025
sharingwechat%e5%88%86%e4%ba%ab%e5%be%ae%e4%bf%a1%e5%be%ae%e4%bf%a1%e5%88%86%e4%ba%ab
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is [凹凸曼]微信分享有图-WeChat Page Sharing Safe to Use in 2026?

Generally Safe

Score 100/100

[凹凸曼]微信分享有图-WeChat Page Sharing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "apoyl-weixinshare" v2.8.1 plugin exhibits a mixed security posture. While the absence of known vulnerabilities and a relatively small attack surface are positive indicators, several critical code-level concerns emerge. The presence of an AJAX handler without any authentication checks presents a significant risk, potentially allowing unauthorized users to interact with sensitive plugin functionality. Furthermore, the plugin utilizes SQL queries without prepared statements, increasing the likelihood of SQL injection vulnerabilities. The taint analysis, while not revealing critical or high severity flows, did identify one flow with unsanitized paths, which, combined with the other findings, warrants careful attention. The clean vulnerability history is a strength, suggesting a historical commitment to security or simply good fortune. However, the current code analysis reveals areas requiring immediate remediation to mitigate potential risks.

Key Concerns

  • AJAX handler without authentication
  • SQL queries without prepared statements
  • Taint flow with unsanitized paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

[凹凸曼]微信分享有图-WeChat Page Sharing Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

[凹凸曼]微信分享有图-WeChat Page Sharing Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
9
13 escaped
Nonce Checks
1
Capability Checks
0
File Operations
6
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

59% escaped22 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<ApoylJSSDK> (public\weixinapi\ApoylJSSDK.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

[凹凸曼]微信分享有图-WeChat Page Sharing Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

noprivwp_ajax_ajaxshareincludes\class-apoyl-weixinshare.php:63
WordPress Hooks 4
actionplugins_loadedincludes\class-apoyl-weixinshare.php:46
actionadmin_menuincludes\class-apoyl-weixinshare.php:51
actionwp_enqueue_scriptsincludes\class-apoyl-weixinshare.php:59
actionwp_footerincludes\class-apoyl-weixinshare.php:60
Maintenance & Trust

[凹凸曼]微信分享有图-WeChat Page Sharing Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 25, 2025
PHP min version7.4
Downloads13K

Community Trust

Rating60/100
Number of ratings2
Active installs200
Alternatives

[凹凸曼]微信分享有图-WeChat Page Sharing Alternatives

WP Weixin

WP Weixin

wp-weixin

A
92

WordPress WeChat integration

400 No CVEs
WP Weixin Broadcast

WP Weixin Broadcast

wp-weixin-broadcast

A
85

WeChat Broadcast for WordPress

10 No CVEs
Bosima WeChat Page Sharing

Bosima WeChat Page Sharing

bosima-wechat-page-sharing

A
85

您可以控制Wordpress页面的分享内容,包括Url、标题、图片和描述,支持分享到微信朋友、微信朋友圈、QQ和QQ空间。 请注意,0.2.x版本升级后需重新配置AppId和AppSecrect。

200 No CVEs
Wenprise WeChatPay Payment Gateway For WooCommerce

Wenprise WeChatPay Payment Gateway For WooCommerce

wenprise-wechatpay-checkout-for-woocommerce

A
92

WeChat payment gateway for WooCommerce, WooCommerce 微信免费全功能支付网关。

400 No CVEs
导入微信文章 (Import Articles from WeChat)

导入微信文章 (Import Articles from WeChat)

import-articles-from-wechat

A
100

A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.

100 No CVEs
Developer Profile

[凹凸曼]微信分享有图-WeChat Page Sharing Developer Profile

apoyl

27 plugins · 710 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect [凹凸曼]微信分享有图-WeChat Page Sharing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/apoyl-weixinshare/public/css/Apoyl_Weixinshare_public.css/wp-content/plugins/apoyl-weixinshare/admin/css/apoyl-weixinshare-admin.css/wp-content/plugins/apoyl-weixinshare/public/js/jweixin-1.6.0.js/wp-content/plugins/apoyl-weixinshare/admin/js/apoyl-weixinshare-admin.js
Script Paths
/wp-content/plugins/apoyl-weixinshare/public/js/jweixin-1.6.0.js/wp-content/plugins/apoyl-weixinshare/admin/js/apoyl-weixinshare-admin.js
Version Parameters
/wp-content/plugins/apoyl-weixinshare/public/css/Apoyl_Weixinshare_public.css?ver=/wp-content/plugins/apoyl-weixinshare/admin/css/apoyl-weixinshare-admin.css?ver=/wp-content/plugins/apoyl-weixinshare/public/js/jweixin-1.6.0.js?ver=/wp-content/plugins/apoyl-weixinshare/admin/js/apoyl-weixinshare-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
wx
FAQ

Frequently Asked Questions about [凹凸曼]微信分享有图-WeChat Page Sharing