Does Love It have any unpatched vulnerabilities?

No. All known vulnerabilities in Love It have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Love It compatible with WordPress 4.3.34?

According to WordPress.org data, Love It 1.0.5 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Love It updated?

Love It was last updated on Aug 20, 2015. Frequent updates are generally a positive security signal.

What is Love It's security score?

Love It has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Love It Security & Risk Analysis

wordpress.org/plugins/love-it

Love It is a simple plugin that adds a "Love It" link to your posts, pages, and custom post types. Show your most popular items in a widget.

20 active installs v1.0.5 PHP + WP 3.4+ Updated Aug 20, 2015

likelovelove-itlove-postplus-one

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Love It Safe to Use in 2026?

Generally Safe

Score 85/100

Love It has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "love-it" plugin v1.0.5 exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one AJAX handler and no shortcodes, cron events, or REST API routes. Crucially, this single AJAX handler does have a nonce check, and all SQL queries are properly prepared. There is also no recorded vulnerability history, suggesting a generally well-maintained codebase in the past. However, several concerning signals are present in the static analysis. The use of the `create_function` is a significant red flag, as it can lead to code injection vulnerabilities if not handled with extreme care. Furthermore, a very low percentage (17%) of output escaping suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data may be outputted directly into the page without proper sanitization. The absence of capability checks on the AJAX handler, while having a nonce, leaves a potential for privilege escalation if the nonce check is bypassed or if sensitive actions are performed without verifying user roles.

Key Concerns

Dangerous function create_function used
Low output escaping percentage (17%)
Missing capability checks on AJAX handler

Vulnerabilities

None known

Love It Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Love It Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("li_most_loved_widget");'));includes\widgets.php:66

Output Escaping

17% escaped18 total outputs

Attack Surface

Love It Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_love_itincludes\love-functions.php:62

WordPress Hooks 4

filterthe_contentincludes\display-functions.php:49

actionwp_enqueue_scriptsincludes\scripts.php:16

actionwidgets_initincludes\widgets.php:66

actioninitlove-it.php:30

Maintenance & Trust

Love It Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedAug 20, 2015

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Love It Alternatives

I Recommend This – Love/Like Button for WordPress Posts

i-recommend-this

Enable your visitors to easily like or recommend your posts with a single click, enhancing engagement without the need for comments.

5K 5 CVEs

Love Me

love-me

Display a very simple and customisable like button for your posts or any custom post type.

200 No CVEs

Love Button

love-button

100

Add a Twitter style love/like/upvote button to your content.

60 No CVEs

Post Reaction – Add Like or Emoji Reactions to Posts

post-reaction

100

Add Facebook Reaction interface in WordPress Posts and Count them (likes, loves, cares, custom react)

60 No CVEs

Like to Unlock lite

jcwp-like-to-unlock-lite

100

This plugin gives you control to initially hide part of your article from user. Content is displayed correctly once user Facebook Like or +1 your page

10 No CVEs

Developer Profile

Love It Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

795 days

View full developer profile

Detection Fingerprints

How We Detect Love It

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/love-it/includes/js/love-it.js

Script Paths