Does Lotos Likes have any unpatched vulnerabilities?

No. All known vulnerabilities in Lotos Likes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lotos Likes compatible with WordPress 6.5.8?

According to WordPress.org data, Lotos Likes 1.8 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Lotos Likes updated?

Lotos Likes was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Lotos Likes's security score?

Lotos Likes has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lotos Likes Security & Risk Analysis

wordpress.org/plugins/lotos-likes

Add "like" functionality to your posts and pages

200 active installs v1.8 PHP + WP 4.2+ Updated Unknown

heartslikespostshortcodetemplate-tag

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Lotos Likes Safe to Use in 2026?

Generally Safe

Score 100/100

Lotos Likes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "lotos-likes" v1.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerabilities. This suggests a developer who is aware of some fundamental security principles. However, significant concerns arise from the static analysis. The plugin has a total of 3 entry points, with 2 of them being AJAX handlers that completely lack authentication checks. This is a critical oversight, exposing these handlers to potential abuse by unauthenticated users. Furthermore, only a small percentage (14%) of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities across its various output mechanisms. The taint analysis also reveals 2 flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, still represent potential avenues for malicious input to reach sensitive parts of the code. The lack of nonce checks and capability checks on critical entry points compounds the risk associated with the unprotected AJAX handlers.

Key Concerns

Unprotected AJAX handlers
Low output escaping percentage
Taint flows with unsanitized paths
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Lotos Likes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Lotos Likes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped37 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ajax_callback (lotos-likes.php:247)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Lotos Likes Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_lotos-likeslotos-likes.php:27

noprivwp_ajax_lotos-likeslotos-likes.php:28

Shortcodes 1

[lotos_likes] lotos-likes.php:29

WordPress Hooks 9

actioninitlotos-likes.php:19

actionadmin_initlotos-likes.php:20

actionadmin_menulotos-likes.php:21

actionwp_enqueue_scriptslotos-likes.php:22

filterthe_contentlotos-likes.php:23

filterthe_excerptlotos-likes.php:24

filterbody_classlotos-likes.php:25

actionpublish_postlotos-likes.php:26

actionwidgets_initlotos-likes.php:30

Maintenance & Trust

Lotos Likes Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedUnknown

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Lotos Likes Alternatives

WP Post Likes

wp-post-likes

A simple and efficient post like system for WordPress.

10 No CVEs

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A comprehensive collection of visual components for your site

400K 32 CVEs

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs

WP Show Posts

wp-show-posts

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Developer Profile

Lotos Likes Developer Profile

Excellent Dynamics

1 plugin · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Lotos Likes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lotos-likes/css/lotos-likes.css/wp-content/plugins/lotos-likes/js/lotos-likes.js

Script Paths

/wp-content/plugins/lotos-likes/js/lotos-likes.js

Version Parameters

lotos-likes/css/lotos-likes.css?ver=lotos-likes/js/lotos-likes.js?ver=

HTML / DOM Fingerprints

CSS Classes

lotos-likes-countlotos-likes-button

Data Attributes

data-post-iddata-likes-count

JS Globals

lotosLikes

REST Endpoints

/wp-json/lotos-likes/v1/likes

Shortcode Output

[lotos_likes]

FAQ