WP-Safety

診断ジェネレータ作成プラグイン Security & Risk Analysis

wordpress.org/plugins/os-diagnosis-generator

診断サイトを手軽に作成できるプラグインです。

600 active installs v1.4.16 PHP + WP 2.8+ Updated Apr 29, 2025
%e8%a8%ba%e6%96%ad%e5%8d%a0%e3%81%84
48
D · High Risk
CVEs total2
Unpatched2
Last CVEMay 19, 2026
Plugin page Download
Safety Verdict

Is 診断ジェネレータ作成プラグイン Safe to Use in 2026?

High Risk

Score 48/100

診断ジェネレータ作成プラグイン carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: May 19, 2026Updated 1yr ago
Risk Assessment

The "os-diagnosis-generator" plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and includes a reasonable number of nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities. The absence of external HTTP requests and bundled libraries also reduces potential attack vectors. However, significant concerns arise from the taint analysis, which identified 4 flows with unsanitized paths. While these were not classified as critical or high severity, this indicates a potential for input sanitization to be overlooked in certain code paths, which could be exploited if a proper vector is found.

The plugin's vulnerability history is a major red flag. With one known medium-severity CVE that remains unpatched, it directly demonstrates a real-world security flaw. The recurring theme of "Missing Authorization" in past vulnerabilities is particularly worrying, as it suggests a persistent weakness in how the plugin handles user permissions. This, combined with the unsanitized paths found in static analysis, points to a potential for unauthorized access or data manipulation if a vulnerability is actively exploited. While some security best practices are in place, the unpatched vulnerability and the taint analysis findings necessitate careful consideration and prompt remediation.

Key Concerns

  • Unpatched CVE (medium severity)
  • Taint analysis: unsanitized paths found
  • Vulnerability history: Missing Authorization pattern
  • Output escaping: low coverage (20%)
Vulnerabilities
2 published

診断ジェネレータ作成プラグイン Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-5293medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter

May 19, 2026Unpatched
CVE-2025-30934medium · 5.3Missing Authorization

診断ジェネレータ作成プラグイン <= 1.4.16 - Missing Authorization

Jun 5, 2025Unpatched
Version History

診断ジェネレータ作成プラグイン Release Timeline

v1.0.22 CVEs
CVE-2025-30934 CVE-2026-5293
v1.0.12 CVEs
CVE-2025-30934 CVE-2026-5293
v1.0.02 CVEs
CVE-2025-30934 CVE-2026-5293
Code Analysis
Analyzed Mar 16, 2026

診断ジェネレータ作成プラグイン Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
51 prepared
Unescaped Output
107
26 escaped
Nonce Checks
7
Capability Checks
0
File Operations
6
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared51 total queries

Output Escaping

20% escaped133 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
<themeClass> (class\themeClass.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

診断ジェネレータ作成プラグイン Attack Surface

Entry Points6
Unprotected0

Shortcodes 6

[OSDGSIS-FORM] diagnosisViewClass.php:10
[OSDGSIS-RESULT-FORM] diagnosisViewClass.php:11
[osdgsis-form] diagnosisViewClass.php:13
[osdgsis-result-form] diagnosisViewClass.php:14
[formosdgsis] diagnosisViewClass.php:16
[formosdgsisresult] diagnosisViewClass.php:17
WordPress Hooks 11
actionin_admin_footeraddon\default.php:5
actionadmin_menuaddon\default.php:6
actionadmin_initdiagnosisAdminClass.php:8
actionadmin_initdiagnosisAdminClass.php:9
actionadmin_menudiagnosisAdminClass.php:11
actionplugins_loadeddiagnosisClass.php:6
actionplugins_loadeddiagnosisClass.php:8
actionwp_headdiagnosisClass.php:10
actioninitdiagnosisViewClass.php:8
actionwp_print_scriptsdiagnosisViewClass.php:19
actioninitdiagnosisViewClass.php:21
Maintenance & Trust

診断ジェネレータ作成プラグイン Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 29, 2025
PHP min version
Downloads16K

Community Trust

Rating0/100
Number of ratings0
Active installs600
Alternatives

診断ジェネレータ作成プラグイン Alternatives

No alternatives data available yet.

Developer Profile

診断ジェネレータ作成プラグイン Developer Profile

OLIVESYSTEM

4 plugins · 630 total installs

77
trust score
Avg Security Score
76/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 診断ジェネレータ作成プラグイン

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/os-diagnosis-generator/css/admin-style.css/wp-content/plugins/os-diagnosis-generator/css/style.css/wp-content/plugins/os-diagnosis-generator/js/admin.js/wp-content/plugins/os-diagnosis-generator/js/main.js
Version Parameters
os-diagnosis-generator/css/admin-style.css?ver=os-diagnosis-generator/css/style.css?ver=os-diagnosis-generator/js/admin.js?ver=os-diagnosis-generator/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
osdg_body
HTML Comments
<!-- OS DIAGNOSIS GENERATOR -->
Data Attributes
data-diagnosis-id
JS Globals
osdg_data
FAQ

Frequently Asked Questions about 診断ジェネレータ作成プラグイン