Does I Recommend This – Love/Like Button for WordPress Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in I Recommend This – Love/Like Button for WordPress Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is I Recommend This – Love/Like Button for WordPress Posts compatible with WordPress 6.8.5?

According to WordPress.org data, I Recommend This – Love/Like Button for WordPress Posts 4.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is I Recommend This – Love/Like Button for WordPress Posts compatible with PHP 7.4+?

I Recommend This – Love/Like Button for WordPress Posts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

I Recommend This – Love/Like Button for WordPress Posts Security & Risk Analysis

wordpress.org/plugins/i-recommend-this

Enable your visitors to easily like or recommend your posts with a single click, enhancing engagement without the need for comments.

5K active installs v4.0.1 PHP 7.4+ WP 6.1+ Updated Jul 25, 2025

likelovepostraterecommend

A · Safe

CVEs total5

Unpatched0

Last CVEApr 19, 2023

Plugin page Download

Safety Verdict

Is I Recommend This – Love/Like Button for WordPress Posts Safe to Use in 2026?

Generally Safe

Score 96/100

I Recommend This – Love/Like Button for WordPress Posts has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Apr 19, 2023Updated 8mo ago

Risk Assessment

The i-recommend-this plugin v4.0.1 demonstrates some good security practices, notably the complete absence of raw SQL queries and a high percentage of properly escaped output. The plugin also employs nonce and capability checks on some entry points. However, the analysis reveals significant concerns. The presence of unsanitized paths in taint analysis is particularly worrying, with three identified flows flagged as high severity. This indicates potential pathways for attackers to inject malicious code or data. Furthermore, the plugin has a history of 5 known CVEs, including one critical, two high, and two medium severity vulnerabilities. While none are currently unpatched, this pattern of past vulnerabilities, especially critical and high severity ones related to XSS, CSRF, and SQL Injection, suggests a recurring tendency for security flaws to be introduced. The lack of explicit permission callbacks on all REST API routes (though none exist currently) and the fact that not all AJAX handlers have authentication checks also represent potential future attack vectors if new endpoints are added without proper security considerations.

Key Concerns

High severity unsanitized taint flows (3)
Past critical severity CVEs (1)
Past high severity CVEs (2)
Past medium severity CVEs (2)
AJAX handlers without auth checks (implied 0 out of 2)
Potential for future unpatched REST API vulnerabilities

Vulnerabilities

I Recommend This – Love/Like Button for WordPress Posts Security Vulnerabilities

CVEs by Year

2 CVEs in 2014

2014

1 CVE in 2018

2018

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

5 total CVEs

CVE-2023-23673medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 19, 2023 Patched in 3.9.0 (279d)

CVE-2023-28696medium · 4.3Cross-Site Request Forgery (CSRF)

I Recommend This <= 3.9.0 - Cross-Site Request Forgery

Mar 22, 2023 Patched in 3.9.1 (475d)

WF-ef888b2e-1fc7-442b-8b67-ebfdcbc76696-i-recommend-thishigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

I Recommend This < 3.8.2 - Cross-Site Scripting

Sep 11, 2018 Patched in 3.8.2 (1960d)

CVE-2014-10376critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

I Recommend This < 3.7.3 - SQL Injection

Sep 24, 2014 Patched in 3.7.3 (3408d)

CVE-2014-125099high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

I Recommend This <= 3.7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

Sep 24, 2014 Patched in 3.7.3 (3408d)

Code Analysis

Analyzed Mar 16, 2026

I Recommend This – Love/Like Button for WordPress Posts Code Analysis

Dangerous Functions

Raw SQL Queries

34 prepared

Unescaped Output

134 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared34 total queries

Output Escaping

86% escaped155 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

<class-themeist-irecommendthis-admin-ui> (admin\class-themeist-irecommendthis-admin-ui.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

I Recommend This – Love/Like Button for WordPress Posts Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 2

authwp_ajax_irecommendthiscore\class-themeist-irecommendthis-ajax.php:23

noprivwp_ajax_irecommendthiscore\class-themeist-irecommendthis-ajax.php:24

Shortcodes 4

[dot_recommends] core\class-themeist-irecommendthis-shortcodes.php:24

[irecommendthis] core\class-themeist-irecommendthis-shortcodes.php:27

[dot_recommended_top_posts] core\class-themeist-irecommendthis-shortcodes.php:31

[irecommendthis_top_posts] core\class-themeist-irecommendthis-shortcodes.php:34

WordPress Hooks 24

actionadmin_initadmin\class-themeist-irecommendthis-admin-db-tools.php:41

filterplugin_action_linksadmin\class-themeist-irecommendthis-admin-plugin-links.php:41

filterplugin_row_metaadmin\class-themeist-irecommendthis-admin-plugin-links.php:42

filtermanage_posts_columnsadmin\class-themeist-irecommendthis-admin-post-columns.php:26

actionmanage_posts_custom_columnadmin\class-themeist-irecommendthis-admin-post-columns.php:27

filtermanage_edit-post_sortable_columnsadmin\class-themeist-irecommendthis-admin-post-columns.php:28

filterrequestadmin\class-themeist-irecommendthis-admin-post-columns.php:29

actionadmin_initadmin\class-themeist-irecommendthis-admin-settings.php:25

actionadmin_enqueue_scriptsadmin\class-themeist-irecommendthis-admin-ui.php:60

actionadmin_menuadmin\class-themeist-irecommendthis-admin.php:128

actionpublish_postadmin\class-themeist-irecommendthis-admin.php:131

actioninitblocks\blocks.php:74

actionenqueue_block_editor_assetsblocks\blocks.php:77

actionadmin_enqueue_scriptsblocks\blocks.php:80

filterget_post_metadatablocks\recommend\block.php:234

actioninitcore\class-themeist-irecommendthis-db-upgrader.php:60

actionwpmu_new_blogcore\class-themeist-irecommendthis-db-upgrader.php:63

actioninitcore\class-themeist-irecommendthis.php:63

actioninitcore\class-themeist-irecommendthis.php:66

actionadmin_noticescore\class-themeist-irecommendthis.php:69

actioniniti-recommend-this.php:61

actionwp_enqueue_scriptspublic\class-themeist-irecommendthis-public-assets.php:38

filterthe_contentpublic\class-themeist-irecommendthis-public-display.php:23

actionwidgets_initpublic\class-themeist-irecommendthis-widget-most-recommended.php:416

Maintenance & Trust

I Recommend This – Love/Like Button for WordPress Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 25, 2025

PHP min version7.4

Downloads391K

Community Trust

Rating94/100

Number of ratings37

Active installs5K

Alternatives

I Recommend This – Love/Like Button for WordPress Posts Alternatives

BuddyPress Like

buddypress-like

Gives users the ability to 'like' content across your BuddyPress enabled site.

100 No CVEs

Post Reaction – Add Like or Emoji Reactions to Posts

post-reaction

100

Add Facebook Reaction interface in WordPress Posts and Count them (likes, loves, cares, custom react)

60 No CVEs

Zaki Like Dislike Comments

zaki-like-dislike-comments

100

This plugin implements a "like/dislike" rating system for comments

40 No CVEs

Love It

love-it

Love It is a simple plugin that adds a "Love It" link to your posts, pages, and custom post types. Show your most popular items in a widget.

20 No CVEs

Managed posts rating ★ Like button

managed-posts-rating-like-button

100

Rating system for your WordPress site with a simple "like" button and advanced admin panel.

10 No CVEs

Developer Profile

I Recommend This – Love/Like Button for WordPress Posts Developer Profile

Harish Chouhan

7 plugins · 13K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1906 days

View full developer profile

Detection Fingerprints

How We Detect I Recommend This – Love/Like Button for WordPress Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/i-recommend-this/assets/css/admin-settings.css/wp-content/plugins/i-recommend-this/assets/js/admin-tabs.js

Version Parameters

i-recommend-this/assets/css/admin-settings.css?ver=i-recommend-this/assets/js/admin-tabs.js?ver=

HTML / DOM Fingerprints

CSS Classes

irecommendthis-settingsirecommendthis-settings-formnav-tab-activenotice-successcard

Data Attributes

data-tab

Shortcode Output

[recommend_this][irecommend_this_counter][irecommend_this_list]

FAQ