BNC BiblioShare Security & Risk Analysis
wordpress.org/plugins/bnc-biblioshareDisplays a book's cover image, title, author, and other book data from BiblioShare
Is BNC BiblioShare Safe to Use in 2026?
Generally Safe
Score 85/100BNC BiblioShare has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'bnc-biblioshare' plugin v1.0.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has a clean vulnerability history with no known CVEs. It also includes nonce and capability checks, indicating some awareness of security fundamentals.
However, significant concerns arise from the static analysis. The presence of an unprotected AJAX handler represents a direct attack vector. Furthermore, the complete lack of output escaping across all identified outputs is a critical flaw, potentially leading to cross-site scripting (XSS) vulnerabilities when user-supplied data is displayed without proper sanitization. The taint analysis, while limited in scope, did reveal a flow with unsanitized paths, further reinforcing the XSS risk.
While the absence of historical vulnerabilities is encouraging, it does not negate the immediate risks identified in the current version. The combination of an unprotected entry point and widespread output escaping deficiencies creates a substantial risk of exploitation, primarily through XSS attacks. Addressing the output escaping issue and securing the AJAX handler should be immediate priorities.
Key Concerns
- AJAX handler without auth checks
- All outputs are unescaped
- Flows with unsanitized paths
BNC BiblioShare Security Vulnerabilities
BNC BiblioShare Code Analysis
Output Escaping
Data Flow Analysis
BNC BiblioShare Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
BNC BiblioShare Maintenance & Trust
Maintenance Signals
Community Trust
BNC BiblioShare Alternatives
Bestseller Lists from the New York Times
bestseller-lists-from-new-york-times
Integrate bestseller lists from the New York Times into your own site with a user-friendly interface.
DeadTrees
dead-trees
Share the books you've read with your readers, family, & friends. Never again receive a book you've already read as a gift!
My Google Books Library
my-google-books-library
A simple plugin with a widget and [shortcode] that displays any number of your Google Books bookshelves including custom made bookshelves.
Library Bookshelves
library-bookshelves
Create bookshelves that link to your library catalog. Use shortcodes to display book covers in carousels.
Library Management System
library-management-system
Library Management System is a WordPress plugin that helps schools and colleges manage libraries, bookcases, sections, categories, and users.
BNC BiblioShare Developer Profile
1 plugin · 20 total installs
How We Detect BNC BiblioShare
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bnc-biblioshare/libraries/booknet_button.js/wp-content/plugins/bnc-biblioshare/libraries/booknet_button.jsHTML / DOM Fingerprints
[booknetbooknet_insertbookdata