Business Badges Security & Risk Analysis
wordpress.org/plugins/business-badgesBusiness Badges allows you to display customizable social badges on your website, like Google Business badge, facebook badge. Google+ badge Widget.
Is Business Badges Safe to Use in 2026?
Generally Safe
Score 85/100Business Badges has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "business-badges" v1.0 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no known vulnerabilities or CVEs. The limited attack surface, with only one shortcode and no AJAX handlers, REST API routes, or cron events, also contributes to its security. However, significant concerns arise from the code analysis. A notable weakness is the proper escaping of output, with only 46% of outputs being properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis revealed 3 flows with unsanitized paths, which, while not classified as critical or high severity in this instance, represent a concerning area where user-controlled data could be processed without adequate sanitization, potentially leading to unexpected behavior or security issues if expanded upon.
The absence of vulnerability history is a strong positive, suggesting the plugin has historically been secure. However, the code analysis findings cannot be ignored. The lack of proper output escaping and the presence of unsanitized paths, even without immediate high-severity findings, represent latent risks that could be exploited. The plugin's strengths lie in its SQL handling and limited attack surface. Its weaknesses are primarily in input sanitization and output escaping, which are critical for preventing common web vulnerabilities. Users should be aware of the potential for XSS and the implications of unsanitized data flows.
Key Concerns
- Output escaping is not consistently applied
- Taint analysis shows unsanitized paths
- No nonce checks on entry points
- No capability checks on entry points
Business Badges Security Vulnerabilities
Business Badges Code Analysis
Output Escaping
Data Flow Analysis
Business Badges Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
Business Badges Maintenance & Trust
Maintenance Signals
Community Trust
Business Badges Alternatives
Like to Unlock lite
jcwp-like-to-unlock-lite
This plugin gives you control to initially hide part of your article from user. Content is displayed correctly once user Facebook Like or +1 your page
Widgets for Google Reviews
wp-reviews-plugin-for-google
Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More
reviews-feed
No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.
Mongoose Page Plugin
facebook-page-feed-graph-api
The most popular way to display the Facebook Page Plugin on your WordPress website. Easy implementation using a shortcode or widget.
Post to Google My Business (Google Business Profile)
post-to-google-my-business
Auto-publish posts, pages & CPTs, plus manage Google Business Profile posts. All from your WordPress dashboard!
Business Badges Developer Profile
1 plugin · 10 total installs
How We Detect Business Badges
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/business-badges/BB_scripts.php/wp-content/plugins/business-badges/BB_styles.phphttps://apis.google.com/js/platform.jshttps://connect.facebook.net/es_LA/sdk.jsHTML / DOM Fingerprints
BBfacebookbadge<!-- Insignia google+--><!-- Facebook Badge START --><!-- Facebook Badge END -->data-widthdata-hrefdata-showtaglinedata-reldata-actiondata-height+3 moreBusiness Badges Widget