WP-Safety

WeChat微信公众号关键词回复 Security & Risk Analysis

wordpress.org/plugins/auto-reply-wechat

When a user sends a keyword via an official WeChat account, the official account can retrieve relevant content from a WordPress website based on the u …

10 active installs v1.0.7 PHP 7.4+ WP 5.3+ Updated Mar 2, 2026
%e8%ae%a2%e9%98%85-%e6%9c%8d%e5%8a%a1%e5%8f%b7%e5%85%ac%e4%bc%97%e5%8f%b7%e5%85%ac%e4%bc%97%e5%8f%b7%e7%bd%91%e7%ab%99%e9%aa%8c%e8%af%81%e7%a0%81%e5%be%ae%e4%bf%a1%e5%be%ae%e4%bf%a1%e5%85%ac%e4%bc%97%e5%8f%b7
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WeChat微信公众号关键词回复 Safe to Use in 2026?

Generally Safe

Score 100/100

WeChat微信公众号关键词回复 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "auto-reply-wechat" plugin v1.0.7 demonstrates a generally good security posture with several positive indicators. The complete absence of known CVEs and a history of no vulnerabilities suggests a stable and well-maintained codebase over time. The high percentage of SQL queries using prepared statements (93%) and the presence of nonce checks for all AJAX handlers are strong security practices that mitigate common vulnerabilities. Furthermore, the static analysis did not reveal any critical or high-severity taint flows, and there are no reported critical or high-severity vulnerabilities in its history.

However, there are areas that warrant attention. The plugin has 29 AJAX handlers, and while all have nonce checks, there are 0 capability checks. This means that any authenticated user, regardless of their role or permissions, could potentially trigger these AJAX actions. This presents a potential risk if any of these AJAX actions perform sensitive operations. Additionally, the output escaping is only properly handled for 68% of outputs, leaving 32% potentially vulnerable to cross-site scripting (XSS) attacks. The presence of 3 unsanitized paths in taint analysis, while not classified as critical or high, indicates a potential for vulnerabilities if these paths are exploited through user-controlled input.

In conclusion, the plugin's lack of known vulnerabilities and strong adherence to prepared statements and nonce checks are commendable. However, the absence of capability checks on AJAX handlers and the moderate level of output escaping represent the most significant areas of concern. Addressing these would significantly strengthen the plugin's security.

Key Concerns

  • No capability checks on AJAX handlers
  • Moderate output escaping (68% proper)
  • Unsanitized paths in taint analysis
Vulnerabilities
None known

WeChat微信公众号关键词回复 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WeChat微信公众号关键词回复 Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
26 prepared
Unescaped Output
76
163 escaped
Nonce Checks
28
Capability Checks
0
File Operations
1
External Requests
15
Bundled Libraries
0

SQL Query Safety

93% prepared28 total queries

Output Escaping

68% escaped239 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

19 flows3 with unsanitized paths
<jssdk> (inc\jssdk.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WeChat微信公众号关键词回复 Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 29

authwp_ajax_WechatReplay_login_trueinc\wx_login.php:7
noprivwp_ajax_WechatReplay_login_trueinc\wx_login.php:8
noprivwp_ajax_gdk_pass_viewinc\wx_yzm.php:8
authwp_ajax_gdk_pass_viewinc\wx_yzm.php:9
authwp_ajax_WechatReplay_indexpost.php:6
authwp_ajax_WechatReplay_addpost.php:7
authwp_ajax_WechatReplay_editpost.php:8
authwp_ajax_WechatReplay_pladdpost.php:9
authwp_ajax_WechatReplay_qrcodepost.php:10
authwp_ajax_WechatReplay_sharepost.php:11
authwp_ajax_WechatReplay_replay_deletepost.php:12
authwp_ajax_WechatReplay_pl_deletepost.php:13
authwp_ajax_WechatReplay_pl_stoppost.php:14
authwp_ajax_WechatReplay_pl_startpost.php:15
authwp_ajax_WechatReplay_loginpost.php:16
authwp_ajax_WechatReplay_get_keypost.php:17
authwp_ajax_WechatReplay_get_vippost.php:18
authwp_ajax_wechatreplay_get_sucai_totalpost.php:19
authwp_ajax_wechatreplay_get_sucaipost.php:20
authwp_ajax_WechatReplay_get_loginpost.php:21
authwp_ajax_WechatReplay_get_indexpost.php:22
authwp_ajax_WechatReplay_get_qrcodepost.php:23
authwp_ajax_WechatReplay_get_sharepost.php:24
authwp_ajax_WechatReplay_get_keywordspost.php:25
authwp_ajax_WechatReplay_get_replaypost.php:26
authwp_ajax_WechatReplay_art_tongbupost.php:27
authwp_ajax_WechatReplay_get_art_tongbupost.php:28
authwp_ajax_WechatReplay_get_catepost.php:29
authwp_ajax_WechatReplay_get_authorpost.php:30

Shortcodes 1

[WechatReplay] inc\wx_yzm.php:10
WordPress Hooks 15
actionadmin_enqueue_scriptsinc\index.php:9
actionadmin_menuinc\index.php:10
actioninitinc\index.php:16
filterwechatreplay_dhdfkdksjinc\index.php:17
filterwechatreplay_dssddinc\index.php:18
actionwechatreplay_cronhookinc\wx_cron.php:8
actionwechatreplay_cronhook1inc\wx_cron.php:24
actionwp_footerinc\wx_login.php:11
actionuser_profile_update_errorsinc\wx_login.php:62
actionwp_enqueue_scriptsinc\wx_share.php:5
actionwp_footerinc\wx_share.php:6
filtermce_external_pluginsinc\wx_yzm.php:6
filtermce_buttonsinc\wx_yzm.php:7
actionwp_headinc\wx_yzm.php:11
actionthe_contentinc\wx_yzm.php:578

Scheduled Events 1

wechatreplay_cronhook1
Maintenance & Trust

WeChat微信公众号关键词回复 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.4
Downloads9K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WeChat微信公众号关键词回复 Alternatives

胖鼠采集(Fat Rat Collect)

胖鼠采集(Fat Rat Collect)

fat-rat-collect

A
99

胖鼠采集(Fat Rat Collect) 是一款能够帮助你网站自动化的采集工具. 支持采集、微信、简书、知乎、自定义列表页、自定义详情页面、还有许多特色功能、 还可一键采集历史文章, 一键设置自动采集, 自动发布, 为您节省精力, 快来体验一下吧!

1K 2 CVEs
WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买

WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买

wxsync

A
92

标准云微信公众号文章采集与自动同步插件,手动采集永久免费,自动同步采集可按月收费

500 1 CVE
WP Weixin

WP Weixin

wp-weixin

A
92

WordPress WeChat integration

400 No CVEs
导入微信文章 (Import Articles from WeChat)

导入微信文章 (Import Articles from WeChat)

import-articles-from-wechat

A
100

A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.

100 No CVEs
爱采集数据采集和发布插件

爱采集数据采集和发布插件

icollect

A
85

爱采集(http://icollect.net.cn)是一个超易用,强大的网页数据采集和发布软件

20 No CVEs
Developer Profile

WeChat微信公众号关键词回复 Developer Profile

沃之涛

8 plugins · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
98 days
View full developer profile
Detection Fingerprints

How We Detect WeChat微信公众号关键词回复

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/auto-reply-wechat/block/wechatreplay_admin.css/wp-content/plugins/auto-reply-wechat/block/yzm.js/wp-content/plugins/auto-reply-wechat/inc/wx_yzm.js/wp-content/plugins/auto-reply-wechat/inc/wx_share.js/wp-content/plugins/auto-reply-wechat/inc/wx_login.js
Script Paths
/wp-content/plugins/auto-reply-wechat/block/yzm.js
Version Parameters
auto-reply-wechat/block/wechatreplay_admin.css?ver=auto-reply-wechat/block/yzm.js?ver=auto-reply-wechat/inc/wx_yzm.js?ver=auto-reply-wechat/inc/wx_share.js?ver=auto-reply-wechat/inc/wx_login.js?ver=

HTML / DOM Fingerprints

CSS Classes
wechatreplay_wztkj-app
HTML Comments
<!-- 声明全局变量$wpdb 和 数据表名常量 --><!-- 注册古腾堡编辑器 --><!-- fishtheme/block可自定义, 比如: demo/block --><!-- 后端 -->
Data Attributes
id="wechatreplay_wztkj-app"
JS Globals
wechatreplay_wztkj_urlwechatreplay_noncewechatreplay_ajaxwechatreplay_versionwechatreplay_urlwechatreplay_ip+1 more
FAQ

Frequently Asked Questions about WeChat微信公众号关键词回复