Code School Badges Security & Risk Analysis
wordpress.org/plugins/code-school-badgesProvides both widgets and shortcodes to help display Code School profile badges on your website.
Is Code School Badges Safe to Use in 2026?
Generally Safe
Score 85/100Code School Badges has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The code-school-badges plugin v1.0.2 presents a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and having no recorded historical vulnerabilities. The plugin also avoids bundled libraries and making external HTTP requests, which can sometimes introduce security risks.
However, significant concerns arise from the static analysis. The plugin exposes a single AJAX handler that lacks authentication checks, creating a direct attack vector. Furthermore, a substantial portion of its output (89%) is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis did not reveal critical or high severity issues, the presence of two flows with unsanitized paths, even if of lower severity, coupled with the unescaped output, suggests potential for malicious data injection or manipulation.
In conclusion, the lack of historical vulnerabilities is a positive indicator, but the current code analysis highlights critical weaknesses, particularly the unprotected AJAX endpoint and pervasive output escaping deficiencies. These issues present a clear and present danger to any WordPress site using this plugin, outweighing the positive aspects of its code quality in other areas.
Key Concerns
- AJAX handler without authentication check
- High percentage of unescaped output
- Flows with unsanitized paths detected
Code School Badges Security Vulnerabilities
Code School Badges Code Analysis
Output Escaping
Data Flow Analysis
Code School Badges Attack Surface
AJAX Handlers 1
WordPress Hooks 5
Maintenance & Trust
Code School Badges Maintenance & Trust
Maintenance Signals
Community Trust
Code School Badges Alternatives
BP XProfile Shortcode
bp-xprofile-shortcode
Adds Shortcode for BuddyPress XProfile data
Achievement Shortcode Add-On for GamiPress
achievement-shortcode-add-on-for-gamipress
This GamiPress Add-on adds a shortcode to show or hide content depending on the user having earned a specific achievement.
Achievement Shortcode Add-On for BadgeOS
achievement-shortcode-for-badgeos
This BadgeOS Add-on adds a shortcode to show or hide content depending on the user having earned a specific achievement.
Award On Click Add-On for GamiPress
award-on-click-for-gamipress
This GamiPress Add-on adds a shortcode to show a link. The user is awarded a specified achievement when the link is clicked.
Custom Profile Filters for BuddyPress
buddypress-custom-profile-filters
Allows users to take control of the way that the links in their Buddypress profiles are handled.
Code School Badges Developer Profile
1 plugin · 10 total installs
How We Detect Code School Badges
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wpcodeschool-badges/inc/wpcodeschool-badges.css/wp-content/plugins/wpcodeschool-badges/wpcodeschool-badges.js/wp-content/plugins/wpcodeschool-badges/wpcodeschool-badges.jsHTML / DOM Fingerprints
<!-- Markup Based on: https://github.com/bueltge/WordPress -->name="wpcodeschool_username"name="wpcodeschool_display_sub_badges"id="wpcodeschool_username"id="wpcodeschool_display_sub_badges"ajaxurl[wpcodeschool_badges][wpcodeschool_badges num_badges="3"][wpcodeschool_badges badge_size="120px"][wpcodeschool_badges num_badges="3" badge_size="120px"]