爱采集数据采集和发布插件 Security & Risk Analysis
wordpress.org/plugins/icollect爱采集(http://icollect.net.cn)是一个超易用,强大的网页数据采集和发布软件
Is 爱采集数据采集和发布插件 Safe to Use in 2026?
Generally Safe
Score 85/100爱采集数据采集和发布插件 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "icollect" v1.0.0 plugin presents a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and exhibits good practices in handling SQL queries, with a high percentage utilizing prepared statements. Output escaping is also generally well-implemented, suggesting an awareness of common web vulnerabilities. However, the static analysis reveals significant concerns, particularly within the taint analysis. The presence of 4 flows with unsanitized paths, including 2 of high severity, indicates a strong potential for code injection or other data manipulation vulnerabilities, even without direct user-facing attack vectors like AJAX or REST endpoints. The lack of any nonce or capability checks across all identified entry points (though none are listed, this is a general observation for the plugin's internal logic) is a major weakness that could be exploited if an attack vector were to be introduced or discovered.
While the plugin's vulnerability history is clean, this does not negate the risks identified in the static analysis. The clean history might indicate that the plugin has not been extensively targeted or that vulnerabilities have not been publicly disclosed. The critical flaw lies in the taint analysis results showing high-severity unsanitized flows. Coupled with the absence of capability and nonce checks, this plugin, despite its limited reported attack surface and clean CVE history, carries a notable risk of being exploited if an attacker can find a way to trigger these unsanitized data paths.
Key Concerns
- High severity unsanitized taint flows
- Unsanitized paths in taint flows
- Missing nonce checks
- Missing capability checks
- File operations without evident checks
爱采集数据采集和发布插件 Security Vulnerabilities
爱采集数据采集和发布插件 Release Timeline
爱采集数据采集和发布插件 Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
爱采集数据采集和发布插件 Attack Surface
WordPress Hooks 2
Maintenance & Trust
爱采集数据采集和发布插件 Maintenance & Trust
Maintenance Signals
Community Trust
爱采集数据采集和发布插件 Alternatives
胖鼠采集(Fat Rat Collect)
fat-rat-collect
胖鼠采集(Fat Rat Collect) 是一款能够帮助你网站自动化的采集工具. 支持采集、微信、简书、知乎、自定义列表页、自定义详情页面、还有许多特色功能、 还可一键采集历史文章, 一键设置自动采集, 自动发布, 为您节省精力, 快来体验一下吧!
WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买
wxsync
标准云微信公众号文章采集与自动同步插件,手动采集永久免费,自动同步采集可按月收费
简数采集器
keydatas
简数采集器不仅提供网页文章全自动采集、定时采集等基本功能,还创新实现了智能识别和鼠标可视化点选生成采集规则(不用手写规则)、书签一键采集等特色功能,大幅提升了采集配置效率。
导入微信文章 (Import Articles from WeChat)
import-articles-from-wechat
A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.
快兔兔AI采集器(站群版)
kuaitutu-crawler
基于深度学习技术的AI采集器,能主动搜索文章并智能解析出标题和正文,通过NLP提取关键词进行比对,最后投递到正确的分类中。
爱采集数据采集和发布插件 Developer Profile
1 plugin · 10 total installs
How We Detect 爱采集数据采集和发布插件
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/icollect/css/admin.css/wp-content/plugins/icollect/css/icollect-auto-post.css/wp-content/plugins/icollect/css/icollect.css/wp-content/plugins/icollect/js/icollect.js/wp-content/plugins/icollect/js/icollect_auto_post.js/wp-content/plugins/icollect/js/icollect.js/wp-content/plugins/icollect/js/icollect_auto_post.jsicollect/css/admin.css?ver=icollect/css/icollect-auto-post.css?ver=icollect/css/icollect.css?ver=icollect/js/icollect.js?ver=icollect/js/icollect_auto_post.js?ver=HTML / DOM Fingerprints
icollect-admin-settingicollect-auto-post-settingicollect-nav-itemicollect-settingsdata-icollect-passworddata-icollect-post-iddata-icollect-post-titleicollectConfigicollectAutoPostConfig/wp-json/icollect/v1/get_category/wp-json/icollect/v1/get_users/wp-json/icollect/v1/find_post_by_title/wp-json/icollect/v1/post/wp-json/icollect/v1/get_file_path