WP-Safety

Integrate Firebase Security & Risk Analysis

wordpress.org/plugins/integrate-firebase

Integrate Firebase is a plugin that helps to integrate Firebase features to WordPress

600 active installs v0.10.0 PHP 5.2.4+ WP 4.0.0+ Updated Dec 4, 2024
firebase
91
A · Safe
CVEs total1
Unpatched0
Last CVEDec 11, 2024
Plugin page Download
Safety Verdict

Is Integrate Firebase Safe to Use in 2026?

Generally Safe

Score 91/100

Integrate Firebase has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2024Updated 1yr ago
Risk Assessment

The 'integrate-firebase' plugin v0.10.0 presents a mixed security posture. On the positive side, the static analysis shows no dangerous functions, all SQL queries use prepared statements, and there are no file operations or external HTTP requests. The absence of critical or high severity taint flows is also encouraging. However, there are notable areas of concern. The presence of 7 shortcodes, while not directly exploitable without additional flaws, represents an attack surface that could potentially be leveraged if vulnerabilities are introduced in the future. The lack of any nonce checks or capability checks across all entry points, including shortcodes, is a significant weakness, as it implies that any input processed by these shortcodes is not adequately protected against unauthorized access or manipulation. The vulnerability history shows one past medium severity vulnerability related to Cross-site Scripting, which, although patched, highlights a historical tendency for input sanitization issues. While the current version appears to have addressed past issues and maintains good practices in several areas, the lack of fundamental security checks on its entry points warrants careful consideration.

Key Concerns

  • No nonce checks on entry points
  • No capability checks on entry points
  • Past medium severity XSS vulnerability
Vulnerabilities
1

Integrate Firebase Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11785medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 11, 2024 Patched in 0.10.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

Integrate Firebase Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
16 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

84% escaped19 total outputs
Attack Surface

Integrate Firebase Attack Surface

Entry Points7
Unprotected0

Shortcodes 7

[firebase_login] includes\class.shortcodes.php:14
[firebase_logout] includes\class.shortcodes.php:15
[firebase_greetings] includes\class.shortcodes.php:16
[firebase_login_error] includes\class.shortcodes.php:17
[firebase_show] includes\class.shortcodes.php:20
[firebase_show_not_login] includes\class.shortcodes.php:21
[realtime] includes\class.shortcodes.php:24
WordPress Hooks 7
actionadmin_menuincludes\class.firebase-admin.php:23
actionadmin_initincludes\class.firebase-admin.php:24
actionadmin_enqueue_scriptsincludes\class.firebase-admin.php:25
actionwp_enqueue_scriptsincludes\class.firebase.php:16
actioninitinit.php:62
actioninitinit.php:65
actioninitinit.php:70
Maintenance & Trust

Integrate Firebase Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 4, 2024
PHP min version5.2.4
Downloads28K

Community Trust

Rating100/100
Number of ratings20
Active installs600
Alternatives

Integrate Firebase Alternatives

FCM Push Notification from WP

FCM Push Notification from WP

fcm-push-notification-from-wp

A
92

Notify your users using Firebase Cloud Messaging (FCM) when content is published or updated.

600 No CVEs
Firebase Authentication

Firebase Authentication

firebase-authentication

A
100

This plugin allows login into WordPress using Firebase user credentials and maps Firebase user data to WordPress user profile.

500 No CVEs
Push notification for Mobile and Web app

Push notification for Mobile and Web app

push-notification-mobile-and-web-app

A
99

Push notification for Android, iOS and the Web

500 1 CVE
Free SMS OTP Verification for Gravity Forms By Firebase

Free SMS OTP Verification for Gravity Forms By Firebase

free-sms-verification-for-gravity-forms

A
85

The best free SMS verification plugin for Gravity Forms, Verify users numbers before submitting the forms.

200 No CVEs
Push Notification for Post and BuddyPress

Push Notification for Post and BuddyPress

push-notification-for-post-and-buddypress

A
95

Send free push notifications for post/custom post, BuddyPress from WordPress sites or using mobile app webview and to generate PWA.

200 4 CVEs
Developer Profile

Integrate Firebase Developer Profile

Dale Nguyen

2 plugins · 600 total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Integrate Firebase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/integrate-firebase/css/firebase-admin.css/wp-content/plugins/integrate-firebase/js/firebase-admin.js
Script Paths
https://www.gstatic.com/firebasejs/8.2.5/firebase-app.jshttps://www.gstatic.com/firebasejs/8.2.5/firebase-auth.jshttps://www.gstatic.com/firebasejs/8.2.5/firebase-database.jshttps://www.gstatic.com/firebasejs/8.2.5/firebase-firestore.js
Version Parameters
integrate-firebase/css/firebase-admin.css?ver=integrate-firebase/js/firebase-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
window.firebaseDatabaseOptionswindow.firebaseOptions
FAQ

Frequently Asked Questions about Integrate Firebase