nomination and voting Security & Risk Analysis
wordpress.org/plugins/nomination-and-votingThis plugin allows user to nominate their favourites using their facebook account when the plugin is in nomination mode. And when in voting mode,user …
Is nomination and voting Safe to Use in 2026?
Generally Safe
Score 100/100nomination and voting has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "nomination-and-voting" v1.1 plugin presents significant security concerns due to multiple critical vulnerabilities identified in the static analysis. A notable weakness is the presence of two AJAX handlers that lack authentication checks, creating an open attack surface for unauthorized actions. Furthermore, the analysis reveals that 100% of SQL queries are not using prepared statements, and an equally alarming 0% of output is properly escaped. This combination of raw SQL and unescaped output strongly suggests a high risk of SQL injection and Cross-Site Scripting (XSS) vulnerabilities.
Taint analysis confirms these fears, with 5 out of 6 analyzed flows involving unsanitized paths, four of which are categorized as high severity. While the plugin has no recorded vulnerability history, this absence should not be interpreted as a sign of robust security. Instead, it likely reflects an unexploited attack surface or a lack of historical security auditing for this specific plugin. The plugin's sole capability check and zero nonce checks further exacerbate the security risks, making it vulnerable to various attacks.
In conclusion, the "nomination-and-voting" v1.1 plugin has a poor security posture. The lack of fundamental security practices like prepared statements, output escaping, and proper authentication on entry points, coupled with high-severity taint flows, makes it a prime target for malicious exploitation. The absence of past vulnerabilities is not an indicator of safety but rather a warning sign of potential undiscovered and exploitable flaws.
Key Concerns
- AJAX handlers without auth checks
- 100% of SQL queries not prepared
- 0% of output properly escaped
- High severity taint flows (4)
- Unsanitized paths in taint flows (5)
- No nonce checks on AJAX
- Only 1 capability check
nomination and voting Security Vulnerabilities
nomination and voting Release Timeline
nomination and voting Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
nomination and voting Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
nomination and voting Maintenance & Trust
Maintenance Signals
Community Trust
nomination and voting Alternatives
Like Button Rating ♥ LikeBtn
likebtn-like-button
Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!
bbPress Voting
bbp-voting
Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!
Polls CP
cp-polls
Create classic polls and advanced polls with dependant questions. Voting / survey system.
Idea Factory
idea-factory
Front end submission and voting system.
Voting for a Photo
voting-for-a-photo
Adding a photo vote to the WordPress Gallery
nomination and voting Developer Profile
2 plugins · 20 total installs
How We Detect nomination and voting
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/nomination-and-voting/tpls/asking_nomination.php/wp-content/plugins/nomination-and-voting/tpls/metabox_options.php/wp-content/plugins/nomination-and-voting/tpls/nominee_list.php/wp-content/plugins/nomination-and-voting/tpls/settings.php/wp-content/plugins/nomination-and-voting/tpls/voter_list.phpnomination-and-voting/style.css?ver=nomination-and-voting/script.js?ver=HTML / DOM Fingerprints
wpnv-nominee-selectionwpnv-nominee-inputwpnv-nominee-labeldata-plugin-name="nomination-and-voting"data-plugin-version="1.1"wpnv_ajax_object[vote_nomination]