Manchete Atual – Fotojornal Security & Risk Analysis

wordpress.org/plugins/manchete-atual-fotojornal

Fotojornal, Galeria de Notícias em Imagem, personalizavel, disponibilizado com conteúdos do site Manchete Atual.

10 active installs v1.0.3 PHP + WP 2.5+ Updated Aug 12, 2013
brasilfotojornalmanchete-atualmanchetesnoticias
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Manchete Atual – Fotojornal Safe to Use in 2026?

Generally Safe

Score 85/100

Manchete Atual – Fotojornal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The 'manchete-atual-fotojornal' plugin version 1.0.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL query handling, utilizing prepared statements exclusively. It also has a clean vulnerability history with no known CVEs and no recorded past vulnerabilities, suggesting a generally stable codebase. The attack surface appears minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack proper authentication or permission checks.

However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a critical red flag. This function is deprecated and can lead to severe security vulnerabilities, including arbitrary code execution, if user input is not rigorously sanitized before being passed to it. Furthermore, a substantial portion of output (84%) is not properly escaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce and capability checks, even with a small attack surface, also leaves potential for privilege escalation or unauthorized actions if any new entry points are introduced or if existing ones are exploited in conjunction with other flaws. The absence of any taint analysis flows analyzed is either a positive indicator that no such flows were detected, or a negative one if the analysis was incomplete.

In conclusion, while the plugin boasts a clean security record and good SQL practices, the identified dangerous function and widespread unescaped output present substantial and immediate security risks that require urgent attention. The lack of comprehensive security checks on entry points further exacerbates these vulnerabilities.

Key Concerns

  • Dangerous function used (create_function)
  • Significant amount of unescaped output
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Manchete Atual – Fotojornal Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Manchete Atual – Fotojornal Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
Code Analysis
Analyzed Mar 17, 2026

Manchete Atual – Fotojornal Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
37
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("fotojornal");'));mancheteatual-fotojornal.php:185

Output Escaping

16% escaped44 total outputs
Attack Surface

Manchete Atual – Fotojornal Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initmancheteatual-fotojornal.php:185
Maintenance & Trust

Manchete Atual – Fotojornal Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedAug 12, 2013
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Manchete Atual – Fotojornal Developer Profile

Luís Peralta

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Manchete Atual – Fotojornal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/manchete-atual-fotojornal/css/jquery.mancheteatual.fotojornal.css/wp-content/plugins/manchete-atual-fotojornal/js/jquery.mancheteatual.fotojornal.js
Script Paths
/wp-content/plugins/manchete-atual-fotojornal/js/jquery.mancheteatual.fotojornal.js
Version Parameters
jquery.mancheteatual.fotojornal.cssjquery.mancheteatual.fotojornal.js

HTML / DOM Fingerprints

CSS Classes
my_widget_class
Data Attributes
id="fotojornal
JS Globals
jQuery("#fotojornal1").mancheteatual
Shortcode Output
<div id="fotojornal
FAQ

Frequently Asked Questions about Manchete Atual – Fotojornal