
Manchete Atual – Fotojornal Security & Risk Analysis
wordpress.org/plugins/manchete-atual-fotojornalFotojornal, Galeria de Notícias em Imagem, personalizavel, disponibilizado com conteúdos do site Manchete Atual.
Is Manchete Atual – Fotojornal Safe to Use in 2026?
Generally Safe
Score 85/100Manchete Atual – Fotojornal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'manchete-atual-fotojornal' plugin version 1.0.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL query handling, utilizing prepared statements exclusively. It also has a clean vulnerability history with no known CVEs and no recorded past vulnerabilities, suggesting a generally stable codebase. The attack surface appears minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack proper authentication or permission checks.
However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a critical red flag. This function is deprecated and can lead to severe security vulnerabilities, including arbitrary code execution, if user input is not rigorously sanitized before being passed to it. Furthermore, a substantial portion of output (84%) is not properly escaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce and capability checks, even with a small attack surface, also leaves potential for privilege escalation or unauthorized actions if any new entry points are introduced or if existing ones are exploited in conjunction with other flaws. The absence of any taint analysis flows analyzed is either a positive indicator that no such flows were detected, or a negative one if the analysis was incomplete.
In conclusion, while the plugin boasts a clean security record and good SQL practices, the identified dangerous function and widespread unescaped output present substantial and immediate security risks that require urgent attention. The lack of comprehensive security checks on entry points further exacerbates these vulnerabilities.
Key Concerns
- Dangerous function used (create_function)
- Significant amount of unescaped output
- No nonce checks
- No capability checks
Manchete Atual – Fotojornal Security Vulnerabilities
Manchete Atual – Fotojornal Release Timeline
Manchete Atual – Fotojornal Code Analysis
Dangerous Functions Found
Output Escaping
Manchete Atual – Fotojornal Attack Surface
WordPress Hooks 1
Maintenance & Trust
Manchete Atual – Fotojornal Maintenance & Trust
Maintenance Signals
Community Trust
Manchete Atual – Fotojornal Alternatives
Manchete Atual – Newsfeed
manchete-atual-newsfeed
Newsfeed, Listagem de notícias, personalizavel, disponibilizado com conteúdos do site Manchete Atual.
Brasil 61 – Conteúdo gratuito para rádios, sites e blogs.
brasil-61-conteudo-gratuito-para-radios-sites-e-blogs
Plugin para importação automática de notícias do portal Brasil61.
Pagar.me para WooCommerce
pagarme-payments-for-woocommerce
Aceite diversos métodos de pagamento de forma simples e segura utilizando o Pagar.me!
Calculadora de Frete e Campos Checkout para o Brasil
woo-better-shipping-calculator-for-brazil
Shipping calculator for Brazilian WooCommerce stores with automatic Postal Code address pre-filling and Brazilian Market on WooCommerce.
PagBank for WooCommerce
pagbank-for-woocommerce
Aceite pagamentos via cartão de crédito, boleto e Pix no checkout do WooCommerce através do PagBank.
Manchete Atual – Fotojornal Developer Profile
2 plugins · 20 total installs
How We Detect Manchete Atual – Fotojornal
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/manchete-atual-fotojornal/css/jquery.mancheteatual.fotojornal.css/wp-content/plugins/manchete-atual-fotojornal/js/jquery.mancheteatual.fotojornal.js/wp-content/plugins/manchete-atual-fotojornal/js/jquery.mancheteatual.fotojornal.jsjquery.mancheteatual.fotojornal.cssjquery.mancheteatual.fotojornal.jsHTML / DOM Fingerprints
my_widget_classid="fotojornaljQuery("#fotojornal1").mancheteatual<div id="fotojornal