Good Reads Security & Risk Analysis
wordpress.org/plugins/good-readsAn ordered blogroll widget for your sidebar that displays your favorite blogs, what they're writing, and when.
Is Good Reads Safe to Use in 2026?
Generally Safe
Score 85/100Good Reads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "good-reads" plugin v1.5 exhibits a mixed security posture. On one hand, the absence of known CVEs and the complete use of prepared statements for SQL queries are positive indicators. The static analysis also reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks.
However, significant concerns arise from the code signals. The presence of a dangerous function like `ini_set` is a red flag, as it can be misused to alter PHP configuration. More critically, 100% of output escaping is missing, meaning any data displayed to users could be vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks for entry points, though currently representing zero entry points without them, leaves a potential gap if new entry points are introduced without proper safeguards. The plugin also performs file operations without apparent checks.
Given the lack of historical vulnerabilities, it's difficult to draw strong conclusions about long-term security patterns. However, the current static analysis highlights critical weaknesses in output sanitization and the use of potentially dangerous functions. While the plugin currently appears to have a limited attack surface, the identified code quality issues pose a tangible risk, particularly the unescaped output.
Key Concerns
- No output escaping detected
- Presence of dangerous function (ini_set)
- No nonce checks
- No capability checks
- File operations without explicit checks
Good Reads Security Vulnerabilities
Good Reads Release Timeline
Good Reads Code Analysis
Dangerous Functions Found
Output Escaping
Good Reads Attack Surface
WordPress Hooks 1
Maintenance & Trust
Good Reads Maintenance & Trust
Maintenance Signals
Community Trust
Good Reads Alternatives
RSS Blogroll
rss-blogroll
Sidebar widget that links to recent entries from RSS/Atom feeds.
Daring Fireball-style Linked List Plugin
daring-fireball-linked-list
This plugin makes your RSS feed behave like Daring Fireball's linked list posts, and has some extra features to make posting linked lists easier.
LinkedList
linkedlist
LinkedList was a simple WordPress plugin for sorting your blogroll in the order by which the sites on the blogroll were last updated.
Live Blogroll
live-blogroll
Shows a number of 'recent posts' for each link in your Blogroll in a popup box, using Ajax.
WP Latest Post Blogroll
wp-latest-post-blogroll
The WP Latest Post Blogroll plugin creates a link with the most recent post title for each blog listed in the blogroll.
Good Reads Developer Profile
1 plugin · 10 total installs
How We Detect Good Reads
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/good-reads/good-reads.phpHTML / DOM Fingerprints
grblog_titlelatest_post<!-- Widget Title: Text Input -->id="blogroll"$<ul id="blogroll">
<li></a>
<div class="latest_post">
</div>
</li>