Does GP – GeePress have any unpatched vulnerabilities?

No. All known vulnerabilities in GP – GeePress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GP – GeePress compatible with WordPress 3.5.2?

According to WordPress.org data, GP – GeePress 1.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is GP – GeePress updated?

GP – GeePress was last updated on Oct 12, 2013. Frequent updates are generally a positive security signal.

What is GP – GeePress's security score?

GP – GeePress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GP – GeePress Security & Risk Analysis

wordpress.org/plugins/gp

All the tools you need to integrate your WordPress and Google+.

40 active installs v1.0 PHP + WP 3.0+ Updated Oct 12, 2013

adminbuttoncommentcommentsconnectgoogle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is GP – GeePress Safe to Use in 2026?

Generally Safe

Score 85/100

GP – GeePress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "gp" v1.0 plugin exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and avoids critical taint flows, several significant security concerns are present. The plugin has a small but concerning attack surface, with two AJAX handlers, both of which lack authentication checks. This directly exposes potentially sensitive functionality to unauthenticated users. Additionally, the code signals indicate the use of dangerous functions like 'unserialize' and 'create_function', which can be exploited if user-controlled data is passed to them. The low percentage of properly escaped output further exacerbates these risks, as it opens the door for Cross-Site Scripting (XSS) vulnerabilities. The absence of any recorded vulnerability history is a positive sign, suggesting it has not been a target or has not had publicly disclosed vulnerabilities. However, this cannot compensate for the immediate risks identified in the code analysis, particularly the unprotected AJAX endpoints and the use of dangerous functions.

Key Concerns

AJAX handlers without auth checks
Use of dangerous functions (unserialize, create_function)
Low output escaping percentage

Vulnerabilities

None known

GP – GeePress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GP – GeePress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize($ret['data']);google-api\cache\Google_ApcCache.php:79

unserialize$data = unserialize($data);google-api\cache\Google_FileCache.php:100

create_functionadd_action('admin_notices', create_function( '', "echo '<div class=\"error\"><p>".sprintf(__('GeePregp.php:141

SQL Query Safety

100% prepared2 total queries

Output Escaping

5% escaped19 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

gp_app_options_page (gp.php:176)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

GP – GeePress Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_gp_comm_get_displaygp-comments.php:225

authwp_ajax_disconnect_guidgp-login.php:91

WordPress Hooks 32

actionadmin_initgp-comments.php:9

actionadmin_noticesgp-comments.php:12

actionadmin_initgp-comments.php:20

actiongp_validate_optionsgp-comments.php:47

filterget_avatargp-comments.php:183

actioncomment_formgp-comments.php:222

actioncomment_formgp-comments.php:223

actionwp_footergp-comments.php:224

actioninitgp-comments.php:226

actioncomment_form_before_fieldsgp-comments.php:227

actionalt_comment_logingp-comments.php:228

actioncomment_form_before_fieldsgp-comments.php:229

actioncomment_form_after_fieldsgp-comments.php:230

actioncomment_postgp-comments.php:231

filterpre_comment_on_postgp-comments.php:232

actioncomment_postgp-comments.php:234

actionadmin_initgp-login.php:13

actiongp_validate_optionsgp-login.php:30

actionprofile_personal_optionsgp-login.php:44

actiongp_login_connectgp-login.php:104

actionlogin_formgp-login.php:119

filterauthenticategp-login.php:128

actionwp_logoutgp-login.php:152

actioninitgp.php:48

actionadmin_menugp.php:119

actionnetwork_admin_menugp.php:127

actionadmin_initgp.php:135

actionadmin_noticesgp.php:141

filterpre_update_option_gp_app_optionsgp.php:148

actionoauth_start_googlegp.php:311

actioninitwp-oauth.php:16

actiontemplate_redirectwp-oauth.php:27

Maintenance & Trust

GP – GeePress Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedOct 12, 2013

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

GP – GeePress Alternatives

One Click Close Comments

one-click-close-comments

Conveniently close or open comments for a post or page with one click from the admin listing of posts.

6K 1 CVE

chat-me-now

Floating button that opens the WhatsApp chat to the technical support on turn. It allows asign the work schedule up to 2 employees.

5K No CVEs

Relative URL

relative-url

Relative URL applies wp_make_link_relative function to links to convert them to relative URLs.

3K No CVEs

Quotmarks Replacer

quotmarks-replacer

Quotmarks Replacer disables wptexturize function that keeps all quotation marks and suspension points in half-width form.

300 No CVEs

Nofollow Case by Case

nofollow-case-by-case

"Dofollow" but Nofollow Case by Case allows you to selectively apply nofollow to your comments as well.

200 No CVEs

Developer Profile

GP – GeePress Developer Profile

Louy Alakkad

7 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GP – GeePress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gp/google-api/Google_Client.php/wp-content/plugins/gp/google-api/contrib/Google_PlusService.php/wp-content/plugins/gp/google-api/contrib/Google_Oauth2Service.php/wp-content/plugins/gp/wp-oauth.php

Version Parameters

gp/style.css?ver=

HTML / DOM Fingerprints

HTML Comments

<!--
if you want to force the plugin to use a client id and secret,
add your keys and copy the following 2 lines to your wp-config.php
-->

Data Attributes

data-gp-google-client-iddata-gp-google-client-secret

JS Globals

window.gp_client_idwindow.gp_client_secret

FAQ