WP-Safety

SEO合集(支持百度/Google/Bing/头条推送) Security & Risk Analysis

wordpress.org/plugins/baiduseo

主要是针对各大搜索引擎提供SEO的推送,包括对WP网站的底层alt属性、tag属性、sitemap、网站蜘蛛监控、AI文章等优化支持。

900 active installs v2.1.9 PHP 7.4+ WP 5.3+ Updated Mar 14, 2026
bing%e7%99%be%e5%ba%a6%e8%9c%98%e8%9b%9bgooglesitemap
93
A · Safe
CVEs total2
Unpatched0
Last CVEOct 19, 2025
Download
Safety Verdict

Is SEO合集(支持百度/Google/Bing/头条推送) Safe to Use in 2026?

Generally Safe

Score 93/100

SEO合集(支持百度/Google/Bing/头条推送) has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 19, 2025Updated 21d ago
Risk Assessment

The baiduseo plugin exhibits a mixed security posture. On the positive side, it demonstrates a strong emphasis on authentication and authorization, with all identified entry points (AJAX handlers, REST API routes, shortcodes, and cron events) having associated security checks. Furthermore, the extensive use of prepared statements for SQL queries (86%) and a good number of nonce checks are positive indicators of secure coding practices.

However, several significant concerns arise from the static analysis. The presence of 24 dangerous function calls, particularly 'unserialize', is a red flag, as it can lead to deserialization vulnerabilities if user-supplied data is not properly validated. The taint analysis reveals 7 flows with unsanitized paths, including 3 categorized as high severity, indicating potential risks of data injection or manipulation. The output escaping rate of 47% is also concerning, suggesting a significant number of outputs might be vulnerable to Cross-Site Scripting (XSS) attacks.

The plugin's vulnerability history, while showing no currently unpatched CVEs, reveals a past critical vulnerability and a common pattern of "Missing Authorization" and "Unrestricted Upload of File with Dangerous Type." The critical past vulnerability, even if patched, combined with the high-severity taint flows, suggests that the plugin has historically been a target and may have underlying architectural weaknesses. While the current version appears to have addressed past CVEs and has a protected attack surface, the high number of dangerous functions, unsanitized paths, and moderate output escaping suggest a continued need for vigilance and potential for new vulnerabilities to emerge.

Key Concerns

  • High severity taint flows
  • Dangerous functions (unserialize)
  • Low output escaping rate
  • Unsanitized paths in taint flows
  • Past critical vulnerability
  • Common vulnerability types (Missing Auth, Unrestricted Upload)
Vulnerabilities
2

SEO合集(支持百度/Google/Bing/头条推送) Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2025-62977medium · 5.3Missing Authorization

百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.1.4 - Missing Authorization

Oct 19, 2025 Patched in 2.1.5 (20d)
CVE-2025-3917critical · 9.8Unrestricted Upload of File with Dangerous Type

百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload

May 14, 2025 Patched in 2.0.7 (175d)
Code Analysis
Analyzed Mar 16, 2026

SEO合集(支持百度/Google/Bing/头条推送) Code Analysis

Dangerous Functions
24
Raw SQL Queries
133
788 prepared
Unescaped Output
385
340 escaped
Nonce Checks
109
Capability Checks
2
File Operations
1
External Requests
82
Bundled Libraries
0

Dangerous Functions Found

unserialize$meta = unserialize($va['meta_value']);inc\admin\cron.php:771
unserialize$unserialized = unserialize($result);inc\admin\cron_ts.php:29
unserializeif(isset(unserialize($val['meta_value'])['num'])){inc\admin\get.php:1803
unserialize$arr[$key]['num'] = unserialize($val['meta_value'])['num'];inc\admin\get.php:1804
unserializeif(isset(unserialize($val['meta_value'])['tjtime'])){inc\admin\get.php:1813
unserialize$arr[$key]['tjtime'] = unserialize($val['meta_value'])['tjtime'];inc\admin\get.php:1814
unserializeif(isset(unserialize($val['meta_value'])['kouchu'])){inc\admin\get.php:1818
unserialize$arr[$key]['jifen'] = unserialize($val['meta_value'])['kouchu'];inc\admin\get.php:1819
unserializeif(isset(unserialize($val['meta_value'])['yc'])){inc\admin\get.php:1823
unserializeif(isset(unserialize($val['meta_value'])['hyc']) && unserialize($val['meta_value'])['hyc']){inc\admin\get.php:1824
unserializeif(isset(unserialize($val['meta_value'])['hyc']) && unserialize($val['meta_value'])['hyc']){inc\admin\get.php:1824
unserializeif(unserialize($val['meta_value'])['yc']=='101'){inc\admin\get.php:1825
unserialize}elseif(unserialize($val['meta_value'])['yc']=='102'){inc\admin\get.php:1828
unserialize$arr[$key]['yc'] = unserialize($val['meta_value'])['hyc'].'%';inc\admin\get.php:1832
unserializeif(unserialize($val['meta_value'])['gx_status']==2){inc\admin\get.php:1833
unserialize$arr[$key]['hyc'] = unserialize($val['meta_value'])['yc'].'%';inc\admin\get.php:1836
unserializeif(unserialize($val['meta_value'])['yc']=='101'){inc\admin\get.php:1840
unserialize}elseif(unserialize($val['meta_value'])['yc']=='102'){inc\admin\get.php:1842
unserialize$arr[$key]['yc'] = unserialize($val['meta_value'])['yc'].'%';inc\admin\get.php:1845
unserializeif(isset(unserialize($val['meta_value'])['addtime'])){inc\admin\get.php:1853
unserialize$arr[$key]['time'] = unserialize($val['meta_value'])['addtime'];inc\admin\get.php:1854
unserializeif(isset(unserialize($val['meta_value'])['content_edit'])){inc\admin\get.php:1858
unserialize$arr[$key]['content_edit'] = unserialize($val['meta_value'])['content_edit'];inc\admin\get.php:1859
unserialize$unserialized = unserialize($result);inc\common\index.php:1458

SQL Query Safety

86% prepared921 total queries

Output Escaping

47% escaped725 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

25 flows7 with unsanitized paths
<cron> (inc\admin\cron.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SEO合集(支持百度/Google/Bing/头条推送) Attack Surface

Entry Points61
Unprotected0

AJAX Handlers 60

authwp_ajax_baiduseo_get_zhizhuinc\admin\get.php:4
authwp_ajax_baiduseo_zhizhu_tubiaoinc\admin\get.php:5
authwp_ajax_baiduseo_zhizhu_dangqianinc\admin\get.php:6
authwp_ajax_baiduseo_get_zhizhu_coninc\admin\get.php:7
authwp_ajax_baiduseo_get_cateinc\admin\get.php:8
authwp_ajax_baiduseo_get_pageinc\admin\get.php:9
authwp_ajax_baiduseo_get_seoinc\admin\get.php:10
authwp_ajax_baiduseo_get_cate_seoinc\admin\get.php:11
authwp_ajax_baiduseo_get_page_seoinc\admin\get.php:12
authwp_ajax_baiduseo_get_wycinc\admin\get.php:13
authwp_ajax_baiduseo_get_yuanchuanginc\admin\get.php:14
authwp_ajax_baiduseo_get_zhigai_loginc\admin\get.php:15
authwp_ajax_baiduseo_get_cate_typeinc\admin\get.php:16
authwp_ajax_baiduseo_get_post_typeinc\admin\get.php:17
authwp_ajax_baiduseo_get_zzinc\admin\get.php:18
authwp_ajax_baiduseo_get_bbptinc\admin\get.php:19
authwp_ajax_baiduseo_get_bbksinc\admin\get.php:20
authwp_ajax_baiduseo_get_binginc\admin\get.php:21
authwp_ajax_baiduseo_get_indexnowinc\admin\get.php:22
authwp_ajax_baiduseo_get_googleinc\admin\get.php:23
authwp_ajax_baiduseo_get_shenmainc\admin\get.php:24
authwp_ajax_baiduseo_get_bdpeinc\admin\get.php:25
authwp_ajax_baiduseo_get_bingpeinc\admin\get.php:26
authwp_ajax_baiduseo_get_youhuainc\admin\get.php:27
authwp_ajax_baiduseo_get_quanzhonginc\admin\get.php:28
authwp_ajax_baiduseo_get_rankinc\admin\get.php:29
authwp_ajax_baiduseo_get_keywordsinc\admin\get.php:30
authwp_ajax_baiduseo_get_neilianinc\admin\get.php:31
authwp_ajax_baiduseo_get_taginc\admin\get.php:32
authwp_ajax_baiduseo_get_longinc\admin\get.php:33
authwp_ajax_baiduseo_get_friends_szinc\admin\get.php:34
authwp_ajax_baiduseo_get_friends_openinc\admin\get.php:35
authwp_ajax_baiduseo_get_friends_tongjiinc\admin\get.php:36
authwp_ajax_baiduseo_get_friends1inc\admin\get.php:37
authwp_ajax_baiduseo_get_friends2inc\admin\get.php:38
authwp_ajax_baiduseo_get_friends3inc\admin\get.php:39
authwp_ajax_baiduseo_get_titlesinc\admin\get.php:40
authwp_ajax_baiduseo_get_tongxuninc\admin\get.php:41
authwp_ajax_baiduseo_get_liulianginc\admin\get.php:42
authwp_ajax_baiduseo_get_liuliang_pvinc\admin\get.php:43
authwp_ajax_baiduseo_get_liuliang_uvinc\admin\get.php:44
authwp_ajax_baiduseo_get_liuliang_ipinc\admin\get.php:45
authwp_ajax_baiduseo_get_liuliang_sourceinc\admin\get.php:46
authwp_ajax_baiduseo_get_liuliang_sfinc\admin\get.php:47
authwp_ajax_baiduseo_get_liuliang_slinc\admin\get.php:48
authwp_ajax_baiduseo_get_liuliang_listinc\admin\get.php:49
authwp_ajax_baiduseo_get_vipinc\admin\get.php:50
authwp_ajax_baiduseo_get_301inc\admin\get.php:51
authwp_ajax_baiduseo_get_keyinc\admin\get.php:52
authwp_ajax_baiduseo_liuliang_dituinc\admin\get.php:53
authwp_ajax_baiduseo_get_zhizhu_tongjiinc\admin\get.php:54
authwp_ajax_baiduseo_get_zhizhu_tongji_2inc\admin\get.php:55
authwp_ajax_baiduseo_get_pingfeninc\admin\get.php:56
authwp_ajax_baiduseo_get_gonggaoinc\admin\get.php:57
authwp_ajax_baiduseo_gonggao_readinc\admin\get.php:58
authwp_ajax_baiduseo_get_beianinc\admin\get.php:59
authwp_ajax_baiduseo_get_seojc_jifeninc\admin\get.php:60
authwp_ajax_baiduseo_get_kp_jifeninc\admin\get.php:61
authwp_ajax_baiduseo_liuliang_loginc\common\index.php:33
noprivwp_ajax_baiduseo_liuliang_loginc\common\index.php:34

Shortcodes 1

[baiduseofriends] inc\common\index.php:30
WordPress Hooks 52
actionbaiduseo_cronhookinc\admin\cron.php:4
actionbaiduseo_cronhook1inc\admin\cron_tongbu.php:4
actionbaiduseo_my_minute_task_hookinc\admin\cron_ts.php:8
actionbaiduseo_five_minute_task_hookinc\admin\cron_zhizhu.php:8
filterbaiduseo_check1inc\admin\kp.php:37
filterbaiduseo_check2inc\admin\kp.php:38
filterbaiduseo_check3inc\admin\kp.php:39
filterbaiduseo_check4inc\admin\kp.php:40
filterbaiduseo_check5inc\admin\kp.php:41
filterbaiduseo_check6inc\admin\kp.php:42
filterbaiduseo_check7inc\admin\kp.php:43
actionwpinc\admin\zhizhu.php:5
actionwpinc\common\index.php:6
actioninitinc\common\index.php:19
actionadmin_enqueue_scriptsinc\common\index.php:23
actionadmin_menuinc\common\index.php:25
actionwp_headinc\common\index.php:27
actionwp_footerinc\common\index.php:29
actionmanage_posts_custom_columninc\common\index.php:31
filtermanage_posts_columnsinc\common\index.php:32
filtercron_schedulesinc\common\index.php:35
actionthe_contentinc\common\index.php:876
actionplugins_loadedinc\index\youhua.php:50
actionbaiduseo_art_croninc\index\youhua.php:51
filterrest_pre_dispatchinc\index\youhua.php:57
filterwp_sitemaps_add_providerinc\index\youhua.php:65
filterpre_option_thumbnail_size_winc\index\youhua.php:94
filterpre_option_thumbnail_size_hinc\index\youhua.php:95
filterpre_option_medium_size_winc\index\youhua.php:96
filterpre_option_medium_size_hinc\index\youhua.php:97
filterpre_option_large_size_winc\index\youhua.php:98
filterpre_option_large_size_hinc\index\youhua.php:99
filterintermediate_image_sizes_advancedinc\index\youhua.php:101
filterimage_resize_dimensionsinc\index\youhua.php:105
filterxmlrpc_methodsinc\index\youhua.php:135
actiondo_feedinc\index\youhua.php:143
actiondo_feed_rdfinc\index\youhua.php:144
actiondo_feed_rssinc\index\youhua.php:145
actiondo_feed_rss2inc\index\youhua.php:146
actiondo_feed_atominc\index\youhua.php:147
actionbefore_delete_postinc\index\youhua.php:153
filterget_avatarinc\index\youhua.php:175
filterlocaleinc\index\youhua.php:180
actioncreated_categoryinc\index\youhua.php:191
actiondelete_categoryinc\index\youhua.php:192
actionedited_categoryinc\index\youhua.php:193
actioninitinc\index\youhua.php:194
filtercategory_rewrite_rulesinc\index\youhua.php:197
filterquery_varsinc\index\youhua.php:198
filterrequestinc\index\youhua.php:199
filterterms_clausesinc\index\youhua.php:236
actionplugins_loadedseo_title_baidu.php:52

Scheduled Events 5

baiduseo_cronhook
baiduseo_cronhook1
baiduseo_my_minute_task_hook
baiduseo_five_minute_task_hook
baiduseo_art_cron
Maintenance & Trust

SEO合集(支持百度/Google/Bing/头条推送) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version7.4
Downloads86K

Community Trust

Rating100/100
Number of ratings1
Active installs900
Alternatives

SEO合集(支持百度/Google/Bing/头条推送) Alternatives

Simple News XML Sitemap Generator

Simple News XML Sitemap Generator

news-xml-sitemap-generator

A
100

Generates an XML sitemap optimized for news services following official guidelines for advanced indexing.

10 No CVEs
SW Video SiteMap

SW Video SiteMap

salesworks-media-sitemap

A
85

This plugin generates a video sitemap of posts in a given category. Use the settings to identify which categories, what custom fields contain your vi &hellip;

10 No CVEs
SEO Toolkit

SEO Toolkit

seo-toolkit

A
85

SEO Toolkit is a smart plugin that assists you to optimize your website for purposes of SEO easily.

10 No CVEs
Smart Sitemap Generator

Smart Sitemap Generator

smart-sitemap-generator

A
85

Smart Sitemap Generator is a simple plugin that allows you to intelligently generate XML Sitemap outputs of your posts, pages and products automatical &hellip;

0 No CVEs
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
Developer Profile

SEO合集(支持百度/Google/Bing/头条推送) Developer Profile

沃之涛

8 plugins · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
98 days
View full developer profile
Detection Fingerprints

How We Detect SEO合集(支持百度/Google/Bing/头条推送)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/baiduseo/inc/css/admin_common.css/wp-content/plugins/baiduseo/inc/css/admin_seo.css/wp-content/plugins/baiduseo/inc/css/bootstrap.min.css/wp-content/plugins/baiduseo/inc/js/admin_seo.js/wp-content/plugins/baiduseo/inc/js/admin_common.js/wp-content/plugins/baiduseo/inc/js/bootstrap.min.js/wp-content/plugins/baiduseo/inc/js/charts.umd.js/wp-content/plugins/baiduseo/inc/js/echarts.min.js+1 more
Script Paths
/wp-content/plugins/baiduseo/inc/js/admin_seo.js/wp-content/plugins/baiduseo/inc/js/admin_common.js/wp-content/plugins/baiduseo/inc/js/bootstrap.min.js/wp-content/plugins/baiduseo/inc/js/charts.umd.js/wp-content/plugins/baiduseo/inc/js/echarts.min.js/wp-content/plugins/baiduseo/inc/js/public.js
Version Parameters
baiduseo/style.css?ver=baiduseo/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
baiduseo_titlebaiduseo_formbaiduseo_label
HTML Comments
<!-- wpseo --><!-- end wpseo -->
Data Attributes
data-baiduseo-post-iddata-baiduseo-nonce
JS Globals
baiduseo_ajax_object
Shortcode Output
[baiduseofriends]
FAQ

Frequently Asked Questions about SEO合集(支持百度/Google/Bing/头条推送)