WP-Safety

Online Games Security & Risk Analysis

wordpress.org/plugins/games

Display up to 83 free HD Flash Games in your website easily using shortcodes. Arcade games like Mario, Solitaire, Backgammon, Chess & more.

90 active installs v2.7.1 PHP + WP 3.5+ Updated Nov 14, 2015
arcadegaminghtml5mediawidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Online Games Safe to Use in 2026?

Generally Safe

Score 85/100

Online Games has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "games" plugin version 2.7.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and it has no recorded vulnerabilities or CVEs, suggesting a history of relatively secure development. The absence of dangerous functions, file operations, and external HTTP requests are also favorable indicators.

However, significant concerns arise from the static analysis. The plugin has two AJAX handlers that lack authentication checks, presenting a direct avenue for unauthorized actions if these handlers are exploitable. Furthermore, the output escaping is severely lacking, with only 2% of outputs being properly escaped. This indicates a high probability of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered without proper sanitization.

While the vulnerability history is clean, it does not negate the immediate risks identified in the code. The lack of proper output escaping and the unprotected AJAX endpoints represent substantial security weaknesses that could be exploited even in the absence of historical vulnerabilities. The large number of shortcodes also contributes to the attack surface, although they were not flagged as unprotected in the provided data.

Key Concerns

  • Unprotected AJAX handlers
  • Poor output escaping (XSS risk)
  • One capability check vs 83 entry points
Vulnerabilities
None known

Online Games Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Online Games Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
82
2 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

2% escaped84 total outputs
Attack Surface
2 unprotected

Online Games Attack Surface

Entry Points83
Unprotected2

AJAX Handlers 2

authwp_ajax_wgames_set_support_linkclasses\wgames-main.php:87
authwp_ajax_wgames_set_support_timeclasses\wgames-main.php:88

Shortcodes 81

[tetris] games.php:11
[hulksmashup] games.php:13
[ironman2] games.php:14
[powerrangersdino] games.php:15
[supermanmetropolis] games.php:16
[angrybirdsspace] games.php:19
[goalkeeper] games.php:21
[transformersprestige] games.php:22
[penaltyshootout2012] games.php:23
[minionrush] games.php:24
[jungleshooter] games.php:25
[escapingtheprison] games.php:27
[centrecourt] games.php:28
[bubbleshooter] games.php:29
[bmxmaster] games.php:30
[badpiggiesonline] games.php:31
[supermarioland] games.php:33
[supermarioworld] games.php:34
[supermariobros] games.php:35
[backyardsports] games.php:36
[baseballteam] games.php:37
[bicyclerun] games.php:38
[billiards] games.php:39
[bmxextreme] games.php:40
[constructionbike] games.php:41
[crescentsol] games.php:42
[freecellgrey] games.php:43
[lakefishing] games.php:44
[courtbasketbal] games.php:45
[lightning] games.php:46
[pinch2] games.php:47
[snooker] games.php:48
[solcollection] games.php:49
[spidersol] games.php:50
[sprinter] games.php:51
[superbikex] games.php:52
[tablehockey] games.php:53
[ultimatebaseball] games.php:54
[worldcuppenalty] games.php:55
[pacman] games.php:405
[cartwisteddreams] games.php:406
[pokemon1] games.php:407
[chess] games.php:408
[backgammon] games.php:409
[batmandefendgotham] games.php:410
[codcrossfire] games.php:411
[falltimesudoku] games.php:412
[ninjabattle3] games.php:413
[mahjong] games.php:414
[happywheels] games.php:415
[dragonball1] games.php:416
[pharaohking] games.php:417
[onceuponatime] games.php:418
[lost] games.php:419
[rockstar] games.php:420
[gladiator] games.php:421
[boomanji] games.php:422
[safarisam] games.php:423
[heist] games.php:424
[vikingage] games.php:425
[threewishes] games.php:426
[ghoulsgold] games.php:427
[royalreels] games.php:428
[safarisam] games.php:429
[thetruesheriff] games.php:430
[tycoons] games.php:431
[afternightfalls] games.php:432
[underthebed] games.php:433
[atthecopa] games.php:434
[gypsyrose] games.php:435
[puppylove] games.php:436
[anightinparis] games.php:437
[houseoffun] games.php:438
[madscientist] games.php:439
[trueillusions] games.php:440
[governorofpoker2] games.php:441
[rainforestsolitaire] games.php:442
[twistedtennis] games.php:443
[spiderman3] games.php:444
[sonic1] games.php:445
[tomandjerrypuzzle] games.php:446
WordPress Hooks 9
actionwp_enqueue_scriptsclasses\wgames-main.php:67
actionadmin_enqueue_scriptsclasses\wgames-main.php:68
actionadmin_initclasses\wgames-main.php:69
actionadmin_noticesclasses\wgames-main.php:72
actionwp_footerclasses\wgames-show.php:22
actionadmin_menugames.php:714
actioninitincludes\admin-notice-helper\admin-notice-helper.php:44
actionadmin_noticesincludes\admin-notice-helper\admin-notice-helper.php:45
actionshutdownincludes\admin-notice-helper\admin-notice-helper.php:46
Maintenance & Trust

Online Games Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedNov 14, 2015
PHP min version
Downloads38K

Community Trust

Rating64/100
Number of ratings13
Active installs90
Alternatives

Online Games Alternatives

WI Games Shortcode

WI Games Shortcode

wi-games-shortcode

A
85

This plug-in will help you to place any game which you can find on wigames.net without problems

10 No CVEs
WI Games widget Plugin

WI Games widget Plugin

wi-games-widget

A
100

This plugin will help you to smoothly integrate WI Games widget to your website.

10 No CVEs
Astra Widgets

Astra Widgets

astra-widgets

A
96

Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.

200K 3 CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Social Media Share Buttons & Social Sharing Icons

Social Media Share Buttons & Social Sharing Icons

ultimate-social-media-icons

A
96

Share buttons and pop up share icons for social media sharing

100K 11 CVEs
Developer Profile

Online Games Developer Profile

Critic Team

1 plugin · 90 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Online Games

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/games/games.css/wp-content/plugins/games/js/games.js
Script Paths
/wp-content/plugins/games/js/games.js

HTML / DOM Fingerprints

Data Attributes
name="Critic.net Hulk Smash Up"name="Critic.net Iron Man 2"name="Critic.net Power Rangers Dino Thunder"name="Critic.net Superman Metropolis Defender"name="Critic.net Angry Birds Space"name="Critic.net Escaping the Prison"+4 more
Shortcode Output
<iframe name="Critic.net Hulk Smash Up" src="http://critic.net/game-hulk-smash-up"<iframe name="Critic.net Iron Man 2" src="http://critic.net/game-iron-man-2"<iframe name="Critic.net Power Rangers Dino Thunder" src="http://critic.net/game-power-rangers-dino-thunder"<iframe name="Critic.net Superman Metropolis Defender" src="http://critic.net/game-superman-metropolis-defender"
FAQ

Frequently Asked Questions about Online Games