MG WP to t.sina.com Security & Risk Analysis

wordpress.org/plugins/mg-wp2tsina

在保存博客的同时,可选择同步推送摘要到新浪微博上。

10 active installs v1.1.0 PHP + WP 2.9.2+ Updated Aug 5, 2010
mgsinasync%e5%be%ae%e5%8d%9a
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is MG WP to t.sina.com Safe to Use in 2026?

Generally Safe

Score 85/100

MG WP to t.sina.com has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The "mg-wp2tsina" v1.1.0 plugin presents a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and all identified SQL queries utilize prepared statements, which is a strong practice. The absence of external HTTP requests and the fact that there are no detected taint flows are also favorable indicators. However, several significant security concerns emerge from the static analysis. The presence of the `exec` function, a dangerous function, is a major red flag, as it can be exploited for remote code execution if not properly secured. Furthermore, the plugin exhibits a significant lack of security checks. There are no nonce checks and no capability checks, meaning that any functionality exposed, even if not immediately apparent through listed entry points, could be vulnerable to unauthorized access or execution. The 60% of output that is not properly escaped also poses a risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • Presence of dangerous function 'exec'
  • Missing nonce checks
  • Missing capability checks
  • Insufficient output escaping
Vulnerabilities
None known

MG WP to t.sina.com Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MG WP to t.sina.com Release Timeline

v1.1.0Current
v1.1.0-Alpha2
v1.1.0-Beta1
v1.1.0-Beta2
v1.0.5
Code Analysis
Analyzed Apr 16, 2026

MG WP to t.sina.com Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
9
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
9
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

execexec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$resuSnoopy.class.php:1009

SQL Query Safety

100% prepared1 total queries

Output Escaping

40% escaped15 total outputs
Attack Surface

MG WP to t.sina.com Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_initmg-wp2tsina.php:48
actionpublish_postmg-wp2tsina.php:49
actionadmin_menumg-wp2tsina.php:50
actionadmin_menumg-wp2tsina.php:51
actionadmin_noticesmg-wp2tsina.php:52
actiondelete_postmg-wp2tsina.php:54
actionxmlrpc_publish_postmg-wp2tsina.php:57
actionapp_publish_postmg-wp2tsina.php:59
filterthe_contentmg-wp2tsina.php:63
Maintenance & Trust

MG WP to t.sina.com Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedAug 5, 2010
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

MG WP to t.sina.com Developer Profile

mikegaul

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MG WP to t.sina.com

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mg-wp2tsina/tsina.api.class.php/wp-content/plugins/mg-wp2tsina/Snoopy.class.php/wp-content/plugins/mg-wp2tsina/options.php

HTML / DOM Fingerprints

Data Attributes
mg-wp2tsina-setting
Shortcode Output
{wp2tsina}
FAQ

Frequently Asked Questions about MG WP to t.sina.com