WP-Safety

My Favorites Security & Risk Analysis

wordpress.org/plugins/my-favorites

Save user's favorite posts and list them.

1K active installs v1.4.4 PHP 5.4.0+ WP 4.8+ Updated Jan 9, 2026
accessibilityfavorite-postsfavoriteslikes
99
A · Safe
CVEs total2
Unpatched0
Last CVEOct 14, 2024
Plugin page Download
Safety Verdict

Is My Favorites Safe to Use in 2026?

Generally Safe

Score 99/100

My Favorites has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 14, 2024Updated 2mo ago
Risk Assessment

The "my-favorites" plugin v1.4.4 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks for its AJAX handlers. The absence of shortcodes, cron events, and REST API routes, along with a small, protected attack surface, are also strengths. However, the presence of a dangerous `create_function` call is a significant concern, as it can be a vector for code injection if not handled with extreme caution and sanitization. Furthermore, only 40% of output is properly escaped, indicating a potential risk for Cross-Site Scripting (XSS) vulnerabilities, which aligns with its vulnerability history.

Key Concerns

  • Dangerous function detected (create_function)
  • Insufficient output escaping (40% proper)
  • Previous vulnerabilities indicate XSS risks
Vulnerabilities
2

My Favorites Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-49263medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Favorites <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 14, 2024 Patched in 1.4.3 (8d)
CVE-2024-37114medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Favorites <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 20, 2024 Patched in 1.4.4 (573d)
Code Analysis
Analyzed Mar 16, 2026

My Favorites Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
3
2 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionregister_activation_hook(__FILE__, create_function('', "deactivate_plugins('" . plugin_basename(__FImy-favorites.php:38

Output Escaping

40% escaped5 total outputs
Attack Surface

My Favorites Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_ccc_my_favorite-update-actionfunction.php:19
authwp_ajax_ccc_my_favorite-get-actionfunction.php:20
authwp_ajax_ccc_my_favorite-list-actionfunction.php:24
noprivwp_ajax_ccc_my_favorite-list-actionfunction.php:25
WordPress Hooks 5
actionwp_enqueue_scriptsfunction.php:16
actionwp_enqueue_scriptsfunction.php:17
actionwp_enqueue_scriptsfunction.php:18
actionwp_enqueue_scriptsfunction.php:22
actionwp_enqueue_scriptsfunction.php:23
Maintenance & Trust

My Favorites Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 9, 2026
PHP min version5.4.0
Downloads17K

Community Trust

Rating100/100
Number of ratings15
Active installs1K
Alternatives

My Favorites Alternatives

Favorites

Favorites

favorites

B
71

Favorites for any post type. Easily add favoriting/liking, wishlists, or any other similar functionality using the developer-friendly API.

10K 1 unpatched
WP Favorite Posts Extended

WP Favorite Posts Extended

wp-favorite-posts-extended

A
85

wp-favorite-posts, reading list, post list, post lists, lists Requires at least: 3.5 Tested up to: 4.0 Stable tag: 0.1 Based on plugin "WP Favor &hellip;

20 No CVEs
Keyring Reactions Importer

Keyring Reactions Importer

keyring-reactions-importer

A
85

A social reactions ( comments, like, favs, etc. ) importer.

10 No CVEs
Ally – Web Accessibility & Usability

Ally – Web Accessibility & Usability

pojo-accessibility

A
93

Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat &hellip;

500K 4 CVEs
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

auto-image-attributes-from-filename-with-bulk-updater

A
100

Automatically add Image Alt Text, Title, Caption and Description from Filename. Bulk update existing images. Great for Image SEO and Accessibility.

100K No CVEs
Developer Profile

My Favorites Developer Profile

Takashi Matsuyama

1 plugin · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
291 days
View full developer profile
Detection Fingerprints

How We Detect My Favorites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/my-favorites/assets/select.css/wp-content/plugins/my-favorites/assets/select.js/wp-content/plugins/my-favorites/assets/list.css/wp-content/plugins/my-favorites/assets/list.js
Script Paths
/wp-content/plugins/my-favorites/assets/select.js/wp-content/plugins/my-favorites/assets/list.js
Version Parameters
my-favorites/assets/select.css?ver=my-favorites/assets/select.js?ver=my-favorites/assets/list.css?ver=my-favorites/assets/list.js?ver=

HTML / DOM Fingerprints

CSS Classes
ccc-my-favorite-select-buttonccc-my-favorite-button-textccc-my-favorite-button-countccc-my-favorite-list-wrapper
HTML Comments
How to use this ShortcodeCCC_My_Favorite InitializeInitial executionお気に入りの投稿をユーザーメタ(usermeta)に追加+5 more
Data Attributes
data-post-iddata-actiondata-nonce
JS Globals
CCC_MY_FAVORITE_UPDATECCC_MY_FAVORITE_GETCCC_MY_FAVORITE_LIST
REST Endpoints
/wp-json/ccc_my_favorite-update-action/wp-json/ccc_my_favorite-get-action/wp-json/ccc_my_favorite-list-action
Shortcode Output
[ccc_my_favorite_select_button[ccc_my_favorite_list_menu[ccc_my_favorite_list_results
FAQ

Frequently Asked Questions about My Favorites