WP-Safety

My Github Security & Risk Analysis

wordpress.org/plugins/my-github

A simple and nice WordPress plugin that can track your github's profile.

10 active installs v1.2.4 PHP 5.6+ WP 5.2+ Updated Dec 25, 2023
developerdevelopmentgithubportfolioprofile
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is My Github Safe to Use in 2026?

Generally Safe

Score 85/100

My Github has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "my-github" plugin version 1.2.4 exhibits a generally good security posture based on the provided static analysis. There are no identified critical or high-severity vulnerabilities in taint analysis, and the plugin has no recorded vulnerability history, suggesting a proactive approach to security by its developers. The high percentage of properly escaped output (94%) and the presence of nonce checks are positive indicators. The limited attack surface, with only one shortcode and no unprotected entry points, further contributes to its apparent safety.

However, there are areas of concern. The single SQL query is not using prepared statements, which presents a potential risk for SQL injection if the query's inputs are not rigorously validated and escaped server-side. While the number of external HTTP requests is low (3), any interaction with external services can introduce risks if not handled securely. The complete absence of capability checks is a significant weakness. Without capability checks, any user, regardless of their role or permissions, could potentially interact with the plugin's functionality, opening it up to unauthorized access or manipulation if any of its components have sensitive actions.

In conclusion, the "my-github" plugin demonstrates commendable security practices in output escaping and managing its attack surface. Nevertheless, the lack of capability checks and the use of raw SQL queries without prepared statements represent significant security weaknesses that should be addressed to achieve a more robust security posture. The absence of historical vulnerabilities is promising but should not overshadow the identified code-level risks.

Key Concerns

  • Raw SQL query without prepared statements
  • No capability checks for any entry points
Vulnerabilities
None known

My Github Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

My Github Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
8
127 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

94% escaped135 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<my_github_profile> (includes\templates\my_github_profile.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

My Github Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[my_github] includes\Frontend\Shortcode.php:43
WordPress Hooks 11
actionadmin_menuincludes\Admin\Menu.php:26
actionadmin_initincludes\Admin\Settings.php:48
filtermce_external_pluginsincludes\Admin\Settings.php:50
filtermce_buttonsincludes\Admin\Settings.php:51
actionadmin_enqueue_scriptsincludes\Assets.php:25
actionwp_enqueue_scriptsincludes\Assets.php:27
filtertemplate_includeincludes\Frontend\Shortcode.php:41
actionwidgets_initincludes\Frontend\Widget.php:32
actionupdate_optionincludes\Transient.php:25
actionactivate_pluginmy-github.php:40
actionplugins_loadedmy-github.php:41
Maintenance & Trust

My Github Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 25, 2023
PHP min version5.6
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

My Github Alternatives

Show developer profile

Show developer profile

show-git-developer-profile

A
85

A plugin to fetch and exhibit profile information and list repositories of a given github user.

0 No CVEs
WP Reroute Email

WP Reroute Email

wp-reroute-email

A
98

This plugin reroutes all outgoing emails from a WordPress site (sent using the wp_mail() function) to a predefined configurable email address.

1K 3 CVEs
Ray

Ray

spatie-ray

A
100

Easily debug WordPress sites using Ray.

500 No CVEs
Asset Queue Manager

Asset Queue Manager

asset-queue-manager

A
85

A tool for experienced frontend performance engineers to take control over the scripts and styles enqueued on their site.

200 No CVEs
Discourage Search Engines Notifier

Discourage Search Engines Notifier

discourage-search-engines-notifier

A
100

Shows an admin bar icon indicating your site's search engine visibility status.

200 No CVEs
Developer Profile

My Github Developer Profile

Ratul Hasan

3 plugins · 240 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect My Github

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/my-github/assets/my_github_qtags.min.js/wp-content/plugins/my-github/assets/my_github.min.css/wp-content/plugins/my-github/assets/grids-min.css/wp-content/plugins/my-github/assets/fontawesome-free-5.15.3/css/all.min.css
Script Paths
/wp-content/plugins/my-github/appsero/src/Client.php
Version Parameters
my-github/assets/my_github_qtags.min.js?ver=my-github/assets/my_github.min.css?ver=my-github/assets/grids-min.css?ver=my-github/assets/fontawesome-free-5.15.3/css/all.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
my-github-profilemy-github-repo
HTML Comments
<!-- Menu class file --><!-- Project My Github -->
Data Attributes
data-usernamedata-repo-count
JS Globals
my_github_opts
Shortcode Output
[my_github]
FAQ

Frequently Asked Questions about My Github