Gravatar Like Security & Risk Analysis

wordpress.org/plugins/gravatar-like

A Wordpress.com Like plugin for self hosted wordpress sites

10 active installs v0.1.0.1 PHP + WP 3.0+ Updated Oct 5, 2011
gravatargravatar-likelikemoallemi%da%a9%d8%a7%d9%88%d8%b4%da%af%d8%b1
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Gravatar Like Safe to Use in 2026?

Generally Safe

Score 85/100

Gravatar Like has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "gravatar-like" plugin version 0.1.0.1 presents a significant security risk due to its unprotected entry points. While the code exhibits some good practices, such as the absence of dangerous functions and the exclusive use of prepared statements for SQL queries, these are overshadowed by critical security oversights. The presence of two AJAX handlers without any authentication or capability checks creates an open door for attackers to interact with the plugin's functionality without authorization. Furthermore, the taint analysis revealing two unsanitized path flows, although not classified as critical or high severity in this specific analysis, is a strong indicator of potential vulnerabilities if not properly handled. The complete lack of vulnerability history, while seemingly positive, can also be interpreted as a lack of rigorous security auditing or a very limited scope of use, rather than an inherent security strength. The plugin's overall security posture is weak due to these critical omissions in basic security controls.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint analysis
  • Output escaping is not fully implemented
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
None known

Gravatar Like Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Gravatar Like Release Timeline

No version history available.
Code Analysis
Analyzed Apr 6, 2026

Gravatar Like Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

25% escaped4 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
gravatar_like_send (gravatar-like.php:126)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Gravatar Like Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_gravatar_like_sendgravatar-like.php:30
noprivwp_ajax_gravatar_like_sendgravatar-like.php:31
WordPress Hooks 1
filterthe_contentgravatar-like.php:28
Maintenance & Trust

Gravatar Like Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedOct 5, 2011
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Gravatar Like Developer Profile

moallemi

6 plugins · 90 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravatar Like

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravatar-like/loading.gif/wp-content/plugins/gravatar-like/like.png/wp-content/plugins/gravatar-like/style.css
Version Parameters
gravatar-like/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
gravatar-like-clearfix
Data Attributes
id="gravatar-like-button-div"id="gravatar-like-button"id="gllikeCount"id="gravatar-like-form"id="glMail"id="glSend"+2 more
JS Globals
jQuery
REST Endpoints
/wp-admin/admin-ajax.php
FAQ

Frequently Asked Questions about Gravatar Like