WP-Safety

Da Reactions Security & Risk Analysis

wordpress.org/plugins/da-reactions

This plugin creates some reaction buttons that could be added to content and comments.

400 active installs v5.3.4 PHP 7.4+ WP 6.7+ Updated Jul 7, 2025
engagementinteractionreactionssocial
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 14, 2024
Plugin page Download
Safety Verdict

Is Da Reactions Safe to Use in 2026?

Generally Safe

Score 99/100

Da Reactions has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 14, 2024Updated 9mo ago
Risk Assessment

The 'da-reactions' v5.3.4 plugin exhibits a generally good security posture, with strengths in its use of prepared statements for SQL queries and a high percentage of properly escaped output. The absence of unauthenticated AJAX handlers and REST API routes, coupled with the presence of nonce and capability checks, indicates an effort to secure its entry points. However, the presence of two taint flows with unsanitized paths, even without a critical or high severity rating, warrants attention as it suggests potential for input manipulation. The plugin's vulnerability history shows one medium severity CVE related to Cross-site Scripting, which was patched. While the lack of currently unpatched vulnerabilities is positive, the past occurrence of XSS highlights the importance of continued vigilance in output sanitization and input validation, particularly concerning the identified unsanitized paths.

Key Concerns

  • Taint flows with unsanitized paths
  • Past medium severity XSS vulnerability
Vulnerabilities
1

Da Reactions Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-49255medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Da Reactions <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 14, 2024 Patched in 5.2.0 (5d)
Code Analysis
Analyzed Mar 16, 2026

Da Reactions Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
79 prepared
Unescaped Output
40
456 escaped
Nonce Checks
11
Capability Checks
1
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared79 total queries

Output Escaping

92% escaped496 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
displayTable (classes\DaReactions\Abstracts\AbstractAdminListPage.php:24)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Da Reactions Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[reactions] classes\DaReactions\Shortcodes.php:8
Maintenance & Trust

Da Reactions Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 7, 2025
PHP min version7.4
Downloads26K

Community Trust

Rating96/100
Number of ratings16
Active installs400
Alternatives

Da Reactions Alternatives

Booster Extension

Booster Extension

booster-extension

A
91

Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official Wor &hellip;

8K 1 CVE
React & Share – Customizable Reaction Buttons

React & Share – Customizable Reaction Buttons

react-and-share

A
85

Get feedback and see what your readers think about your articles.

400 No CVEs
WPAC Social Tools – Like, React & Share

WPAC Social Tools – Like, React & Share

wpac-like-system

A
85

The Most Simple WordPress Post Like, Dislike & Reaction System with Social Sharing.

300 No CVEs
Awesome Emoji Reactions

Awesome Emoji Reactions

awesome-emoji-reactions

A
92

Add emoji reactions to your WordPress posts to increase user engagement and get instant feedback from your audience.

10 No CVEs
Emojis for Posts and Pages

Emojis for Posts and Pages

emojis-for-posts-and-pages

A
100

Add colorful emoji reactions to your WordPress posts and pages, similar to Facebook reactions.

10 No CVEs
Developer Profile

Da Reactions Developer Profile

Daniele Alessandra

3 plugins · 1K total installs

93
trust score
Avg Security Score
90/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Da Reactions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/da-reactions/assets/css/admin.css/wp-content/plugins/da-reactions/assets/css/da-reactions.css/wp-content/plugins/da-reactions/assets/css/da-reactions.theme.css/wp-content/plugins/da-reactions/assets/js/admin/buttons.js/wp-content/plugins/da-reactions/assets/js/admin/general.js/wp-content/plugins/da-reactions/assets/js/admin/graphic.js/wp-content/plugins/da-reactions/assets/js/admin/import-votes.js/wp-content/plugins/da-reactions/assets/js/admin/votes-list.js+3 more
Script Paths
/wp-content/plugins/da-reactions/assets/js/da-reactions.frontend.js
Version Parameters
da-reactions/assets/css/admin.css?ver=da-reactions/assets/css/da-reactions.css?ver=da-reactions/assets/css/da-reactions.theme.css?ver=da-reactions/assets/js/admin/buttons.js?ver=da-reactions/assets/js/admin/general.js?ver=da-reactions/assets/js/admin/graphic.js?ver=da-reactions/assets/js/admin/import-votes.js?ver=da-reactions/assets/js/admin/votes-list.js?ver=da-reactions/assets/js/da-reactions.js?ver=da-reactions/assets/js/da-reactions.admin.js?ver=da-reactions/assets/js/da-reactions.frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
da-reactions-react-buttonda-reactions-react-button-wrapda-reactions-react-button-votersda-reactions-react-button-voters-list
HTML Comments
<!-- START DA_REACTIONS --><!-- END DA_REACTIONS --><!-- START FREEMIUS --><!-- END FREEMIUS -->+1 more
Data Attributes
data-da-reactions-post-iddata-da-reactions-comment-iddata-da-reactions-nonce
JS Globals
da_reactions_params
REST Endpoints
/wp-json/da-reactions/v1/react
Shortcode Output
[da_reactions][da_reactions_frontend]
FAQ

Frequently Asked Questions about Da Reactions