Github Contributors Security & Risk Analysis
wordpress.org/plugins/github-contributorsProvides a simple short code for displaying a list of contributors from any Github repository.
Is Github Contributors Safe to Use in 2026?
Generally Safe
Score 85/100Github Contributors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The github-contributors plugin, in version 1.0.1, exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and 100% proper output escaping are all commendable security practices. Furthermore, the plugin has no recorded vulnerabilities (CVEs) and no indications of critical or high-severity taint flows, suggesting a low risk of exploitation through common attack vectors like SQL injection or cross-site scripting. The limited attack surface, consisting of a single shortcode with no reported unauthenticated entry points, further contributes to its secure design.
However, there are areas that warrant attention. The most significant concern is the complete lack of nonce checks and capability checks. This means that any functionality exposed through the shortcode, or any potential future additions, could be invoked by any authenticated user without proper authorization or verification, potentially leading to privilege escalation or unintended actions. Additionally, while the external HTTP request is not inherently a vulnerability, it represents a potential attack vector if the target service is compromised or if sensitive data is transmitted insecurely. The absence of taint analysis flows, while positive in this instance, could also be due to the limited scope of the analysis or the simple nature of the code; it does not guarantee the absence of such issues in more complex scenarios.
In conclusion, the github-contributors plugin has a strong foundation of secure coding practices, particularly concerning data handling and SQL operations, and a clean vulnerability history. The primary weakness lies in the lack of authorization and verification mechanisms for its entry points. Addressing the missing nonce and capability checks would significantly bolster its security. The presence of an external HTTP request, while not a direct vulnerability, should be monitored for potential risks.
Key Concerns
- Missing nonce checks
- Missing capability checks
- External HTTP request without clear context
Github Contributors Security Vulnerabilities
Github Contributors Code Analysis
Output Escaping
Github Contributors Attack Surface
Shortcodes 1
Maintenance & Trust
Github Contributors Maintenance & Trust
Maintenance Signals
Community Trust
Github Contributors Alternatives
AffiliateWP Checkout Referrals
affiliatewp-checkout-referrals
Allow customers to select who should receive a commission at checkout
bbPress Custom Reply Notifications
bbpress-custom-reply-notifications
A simple bbPress extension to customize the email sent to forum & topic subscribers when a new topic or reply is posted.
bbPress – Notices
bbpress-notices
An extension for bbPress to easily show notices at the top of all forum pages.
Github Embed
github-embed
Plugin that allows you to embed details from GitHub just by pasting in the URL as you would any other embed source. Currently supports:
WP Plugin Info Card
wp-plugin-info-card
Plugin Info Card displays plugins & themes data in beautiful cards using WP APIs. Custom plugins, EDD, and GitHub Info Cards are supported.
Github Contributors Developer Profile
19 plugins · 920 total installs
How We Detect Github Contributors
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
pw_github_contributorspw_gh_pw_gh_contributorpw_gh_nameid="pw_github_contributors"<div id="pw_github_contributors" class="pw_gh_<div class="pw_gh_contributor"<img src="<p class="pw_gh_name">