WP-Safety

Gianism Security & Risk Analysis

wordpress.org/plugins/gianism

Connect user accounts with significant web services like Facebook, Twitter, etc. Stand on the shoulders of giants!

700 active installs v6.0.0 PHP 7.4+ WP 6.6+ Updated Jan 22, 2026
facebookgooglesnssocialtwitter
77
B · Generally Safe
CVEs total2
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Gianism Safe to Use in 2026?

Mostly Safe

Score 77/100

Gianism is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 2mo ago
Risk Assessment

The gianism plugin v6.0.0 exhibits a mixed security posture. While it demonstrates some good security practices, such as a high percentage of prepared SQL statements and properly escaped output, there are significant concerns. The presence of unprotected entry points, specifically one AJAX handler and one REST API route that lack authentication or permission checks, represents a critical vulnerability. These unprotected endpoints could be exploited by unauthenticated users to perform unauthorized actions or retrieve sensitive information. The plugin also has a history of known vulnerabilities, with one medium severity CVE currently unpatched. The commonality of Cross-site Scripting (XSS) vulnerabilities in its history suggests a recurring weakness in how user-supplied data is handled, despite the generally good output escaping metrics in the current version. The overall attack surface is moderate, but the unprotected components within it are a major concern. The use of bundled libraries like PHPMailer and Guzzle, while common, can introduce risks if not kept up-to-date and if they contain known vulnerabilities, though the static analysis did not explicitly flag issues with them in this version.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • Currently unpatched CVE
  • Bundled PHPMailer library
  • Bundled Guzzle library
Vulnerabilities
2

Gianism Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58266medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gianism <= 5.2.2 - Authenticated (Author+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2024-3921medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gianism <= 5.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

May 8, 2024 Patched in 5.2.1 (513d)
Code Analysis
Analyzed Mar 16, 2026

Gianism Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
17 prepared
Unescaped Output
36
186 escaped
Nonce Checks
6
Capability Checks
8
File Operations
3
External Requests
3
Bundled Libraries
2

Bundled Libraries

PHPMailerGuzzle

SQL Query Safety

89% prepared19 total queries

Output Escaping

84% escaped222 total outputs
Attack Surface
2 unprotected

Gianism Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 1

authwp_ajax_gianism_admin_noticeapp\Gianism\Pattern\AbstractNotice.php:43

REST API Routes 1

GET/wp-json/gianism/v1profile/meapp\Gianism\Controller\ProfileChecker.php:122

Shortcodes 3

[gianism_login] app\Gianism\Api\ShortCodes.php:21
[gianism_connection] app\Gianism\Api\ShortCodes.php:22
[gianism_limit] app\Gianism\Plugins\Bot.php:452
WordPress Hooks 72
actioninitapp\Gianism\Bootstrap.php:55
actioninitapp\Gianism\Bootstrap.php:56
actionadmin_menuapp\Gianism\Bootstrap.php:58
actionadmin_enqueue_scriptsapp\Gianism\Bootstrap.php:90
actionlogin_enqueue_scriptsapp\Gianism\Bootstrap.php:124
actionwp_enqueue_scriptsapp\Gianism\Bootstrap.php:125
actionadmin_enqueue_scriptsapp\Gianism\Bootstrap.php:126
filterplugin_action_linksapp\Gianism\Controller\Admin.php:43
filterplugin_row_metaapp\Gianism\Controller\Admin.php:44
actionadmin_enqueue_scriptsapp\Gianism\Controller\Admin.php:46
actionadmin_noticesapp\Gianism\Controller\Admin.php:80
actionlogin_formapp\Gianism\Controller\Login.php:48
actionregister_formapp\Gianism\Controller\Login.php:52
actionwoocommerce_login_formapp\Gianism\Controller\Login.php:56
actionwoocommerce_register_formapp\Gianism\Controller\Login.php:57
actionwoocommerce_after_checkout_shipping_formapp\Gianism\Controller\Login.php:58
actionwoocommerce_lostpassword_formapp\Gianism\Controller\Login.php:59
actionwoocommerce_resetpassword_formapp\Gianism\Controller\Login.php:60
actionadmin_noticesapp\Gianism\Controller\Network.php:26
actiongianism_before_set_login_cookieapp\Gianism\Controller\Network.php:28
filtergianism_redirect_toapp\Gianism\Controller\Network.php:30
actionshow_user_profileapp\Gianism\Controller\Profile.php:29
actionshow_user_profileapp\Gianism\Controller\Profile.php:31
actionprofile_updateapp\Gianism\Controller\Profile.php:32
actionrest_api_initapp\Gianism\Controller\ProfileChecker.php:16
actioninitapp\Gianism\Controller\ProfileChecker.php:17
actiontemplate_redirectapp\Gianism\Controller\ProfileChecker.php:23
filterquery_varsapp\Gianism\Controller\Rewrite.php:45
filterrewrite_rules_arrayapp\Gianism\Controller\Rewrite.php:77
actionadmin_initapp\Gianism\Controller\Rewrite.php:79
actionpre_get_postsapp\Gianism\Controller\Rewrite.php:81
filtermanage_users_columnsapp\Gianism\Controller\UserList.php:18
filtermanage_users_custom_columnapp\Gianism\Controller\UserList.php:19
filtercron_schedulesapp\Gianism\Helper\Monitor.php:30
filterlogin_urlapp\Gianism\Notices\WooCompatible.php:16
actionadmin_initapp\Gianism\Pattern\AbstractNotice.php:46
actionadmin_noticesapp\Gianism\Pattern\AbstractNotice.php:75
actiongianism_extra_actionapp\Gianism\Plugins\Analytics.php:100
actioninitapp\Gianism\Plugins\Analytics.php:102
actionadmin_enqueue_scriptsapp\Gianism\Plugins\Analytics.php:105
filtergianism_setting_screen_viewsapp\Gianism\Plugins\Analytics.php:106
actionadmin_initapp\Gianism\Plugins\Analytics.php:449
actioninitapp\Gianism\Plugins\Bot.php:65
filtermanage_edit-tweet-bots_columnsapp\Gianism\Plugins\Bot.php:67
actioninitapp\Gianism\Plugins\Bot.php:69
filtercron_schedulesapp\Gianism\Plugins\Bot.php:70
actiongianism_botapp\Gianism\Plugins\Bot.php:71
actionadmin_enqueue_scriptsapp\Gianism\Plugins\Bot.php:73
filterenter_title_hereapp\Gianism\Plugins\Bot.php:74
actionedit_form_after_titleapp\Gianism\Plugins\Bot.php:75
actionsave_postapp\Gianism\Plugins\Bot.php:76
filterpost_updated_messagesapp\Gianism\Plugins\Bot.php:77
actioninitapp\Gianism\Plugins\Bot.php:79
filtergianism_google_login_allowedapp\Gianism\Plugins\WorkspaceLimited.php:47
actiongianism_user_profileapp\Gianism\Service\AbstractService.php:80
actiongianism_login_formapp\Gianism\Service\AbstractService.php:83
actionadmin_print_footer_scriptsapp\Gianism\Service\AbstractService.php:86
actionwp_footerapp\Gianism\Service\AbstractService.php:87
actionlogin_footerapp\Gianism\Service\AbstractService.php:88
actionadmin_initapp\Gianism\Service\Facebook.php:138
filtergianism_setting_screen_viewsapp\Gianism\Service\Facebook.php:140
filtergianism_facebook_permissionsapp\Gianism\Service\Facebook.php:233
filtergianism_filter_service_prefixapp\Gianism\Service\Google.php:115
filtergianism_filter_service_prefixapp\Gianism\Service\Line.php:46
filterwp_mailapp\Gianism\Service\NoMailService.php:28
actionphpmailer_initapp\Gianism\Service\NoMailService.php:88
actionadmin_noticesapp\Gianism\Service\Twitter.php:126
actionload-settings_page_gianismapp\Gianism\UI\SettingScreen.php:29
actiongianism_after_set_login_cookiehooks\simple-membership.php:29
filtergianism_default_redirect_linkhooks\wp-members.php:25
actionplugins_loadedwp-gianism.php:68
actionadmin_noticeswp-gianism.php:118

Scheduled Events 1

gianism_bot
Maintenance & Trust

Gianism Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version7.4
Downloads42K

Community Trust

Rating98/100
Number of ratings8
Active installs700
Alternatives

Gianism Alternatives

Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Social Media Widget

Social Media Widget

social-media-widget

A
87

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniorange-login-openid

C
56

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo &hellip;

10K 1 unpatched
UsersWP – Social Login

UsersWP – Social Login

userswp-social-login

A
100

Social Login addon for UsersWP.

2K No CVEs
Metro Style Social Widget

Metro Style Social Widget

metro-style-social-widget

A
85

Metro Style Social Network Widget

300 No CVEs
Developer Profile

Gianism Developer Profile

Fumiki Takahashi

14 plugins · 4K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
513 days
View full developer profile
Detection Fingerprints

How We Detect Gianism

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gianism/assets/css/login.css/wp-content/plugins/gianism/assets/css/admin.css/wp-content/plugins/gianism/assets/js/main.js/wp-content/plugins/gianism/assets/js/admin.js/wp-content/plugins/gianism/assets/js/login.js
Script Paths
/wp-content/plugins/gianism/assets/js/main.js/wp-content/plugins/gianism/assets/js/admin.js/wp-content/plugins/gianism/assets/js/login.js
Version Parameters
gianism/assets/css/login.css?ver=gianism/assets/css/admin.css?ver=gianism/assets/js/main.js?ver=gianism/assets/js/admin.js?ver=gianism/assets/js/login.js?ver=

HTML / DOM Fingerprints

CSS Classes
gianism-login-form
Data Attributes
data-gianism-nonce
JS Globals
gianism_login_params
REST Endpoints
/wp-json/gianism/v1/login
Shortcode Output
[gianism_login]
FAQ

Frequently Asked Questions about Gianism