WP-Safety

百度分享按钮 Security & Risk Analysis

wordpress.org/plugins/baidushare-wp

百度分享是一个提供网页地址收藏、分享及发送的WEB2.0按钮工具。

70 active installs v1.0.6 PHP + WP 2.8.0+ Updated Mar 27, 2014
baidubaidushare%e7%99%be%e5%ba%a6%e5%88%86%e4%ba%ab%ef%bc%8cfollowpassitshare
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 23, 2025
Plugin page Download
Safety Verdict

Is 百度分享按钮 Safe to Use in 2026?

Use With Caution

Score 63/100

百度分享按钮 has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 23, 2025Updated 12yr ago
Risk Assessment

The baidushare-wp plugin version 1.0.6 exhibits a mixed security posture. On the positive side, the static analysis reveals no detected dangerous functions, file operations, external HTTP requests, or taint flows. All SQL queries utilize prepared statements, and there are no identifiable AJAX handlers, REST API routes, shortcodes, or cron events, significantly limiting the plugin's attack surface. However, a major concern is the complete absence of output escaping for all identified output points. This indicates that any data processed and displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the plugin has a history of vulnerabilities, including a known medium severity CVE that is currently unpatched. The previous vulnerability being a Cross-Site Request Forgery (CSRF) suggests a pattern of insecure handling of user interactions or data processing. The lack of nonce and capability checks further exacerbates these risks, as there are no built-in mechanisms to verify user intent or permissions for actions performed by the plugin. While the limited attack surface and prepared SQL statements are strengths, the unescaped output and the unpatched CVE present significant risks that require immediate attention.

Key Concerns

  • Unpatched CVE exists
  • Output escaping is absent
  • No nonce checks detected
  • No capability checks detected
Vulnerabilities
1

百度分享按钮 Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-48320medium · 6.1Cross-Site Request Forgery (CSRF)

百度分享按钮 <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Aug 23, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

百度分享按钮 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped5 total outputs
Attack Surface

百度分享按钮 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
filterthe_contentbaidu_share.php:21
actionplugins_loadedbaidu_share.php:38
actionadmin_menubaidu_share.php:55
Maintenance & Trust

百度分享按钮 Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedMar 27, 2014
PHP min version
Downloads19K

Community Trust

Rating86/100
Number of ratings3
Active installs70
Alternatives

百度分享按钮 Alternatives

AddToAny Share Buttons

AddToAny Share Buttons

add-to-any

A
99

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs
Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

themeisle-companion

B
83

Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.

100K 20 CVEs
Social Media Share Buttons & Social Sharing Icons

Social Media Share Buttons & Social Sharing Icons

ultimate-social-media-icons

A
96

Share buttons and pop up share icons for social media sharing

100K 11 CVEs
Developer Profile

百度分享按钮 Developer Profile

cuckoohello

1 plugin · 70 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 百度分享按钮

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/baidushare-wp/script.js
Script Paths
http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion=
Version Parameters
share.js?v=89860593.js?cdnversion=

HTML / DOM Fingerprints

CSS Classes
bdsharebuttonboxbds_morebds_qzonebds_tsinabds_tqqbds_renrenbds_weixinbds_douban+3 more
Data Attributes
data-cmd
JS Globals
window._bd_share_config_bd_share_config
Shortcode Output
<div class="bdsharebuttonbox"><a href="#" class="bds_more" data-cmd="more"></a><a href="#" class="bds_qzone" data-cmd="qzone" title="分享到QQ空间"></a><a href="#" class="bds_tsina" data-cmd="tsina" title="分享到新浪微博"></a><a href="#" class="bds_tqq" data-cmd="tqq" title="分享到腾讯微博"></a><a href="#" class="bds_renren" data-cmd="renren" title="分享到人人网"></a><a href="#" class="bds_weixin" data-cmd="weixin" title="分享到微信"></a><a href="#" class="bds_douban" data-cmd="douban" title="分享到豆瓣网"></a><a href="#" class="bds_fbook" data-cmd="fbook" title="分享到Facebook"></a><a href="#" class="bds_linkedin" data-cmd="linkedin" title="分享到linkedin"></a><a href="#" class="bds_twi" data-cmd="twi" title="分享到Twitter"></a></div>
FAQ

Frequently Asked Questions about 百度分享按钮