Does OS日報プラグイン have any unpatched vulnerabilities?

No. All known vulnerabilities in OS日報プラグイン have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OS日報プラグイン compatible with WordPress 4.7.32?

According to WordPress.org data, OS日報プラグイン 1.0.2 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is OS日報プラグイン updated?

OS日報プラグイン was last updated on Apr 12, 2017. Frequent updates are generally a positive security signal.

What is OS日報プラグイン's security score?

OS日報プラグイン has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OS日報プラグイン Security & Risk Analysis

wordpress.org/plugins/os-nippo

日報プラグインです。カスタム投稿を利用して、日報が書け、管理できます。

10 active installs v1.0.2 PHP + WP 3.1+ Updated Apr 12, 2017

admin%e6%97%a5%e5%a0%b1

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OS日報プラグイン Safe to Use in 2026?

Generally Safe

Score 85/100

OS日報プラグイン has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'os-nippo' plugin v1.0.2 exhibits a mixed security posture. On the positive side, it has a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that could be directly exploited. All SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common vectors for compromise. However, several critical concerns emerge from the static analysis. The presence of the `unserialize` function, a known dangerous function, is a significant risk, especially when combined with a taint flow that reaches an unsanitized path. Furthermore, a substantial 63% of outputs are not properly escaped, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. The complete absence of nonce checks and capability checks on any potential entry points (though none are directly exposed) indicates a lack of defensive coding practices for authorization and CSRF protection, which could become issues if the attack surface were to expand or if certain code paths were reached indirectly. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting it may have been fortunate or less targeted. Nevertheless, the identified code signals and taint analysis point to significant potential risks that should be addressed.

Key Concerns

Presence of dangerous function: unserialize
Taint flow with unsanitized path
Significant amount of unescaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

OS日報プラグイン Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

OS日報プラグイン Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

119

70 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$pmeta_value = ($unserialize = @unserialize($post_meta[$meta_key][0]))!==FALSE ? $unserialize : $posclass\nippoPostClass.php:163

unserialize$pmeta_value = ($unserialize = @unserialize($value))!==FALSE ? $unserialize : $value;view\admin-nippoSinglePage.php:67

SQL Query Safety

100% prepared11 total queries

Output Escaping

37% escaped189 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<nippoListClass> (class\nippoListClass.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

OS日報プラグイン Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_initclass\adminClass.php:9

actionadmin_menuclass\adminClass.php:11

actionplugins_loadedclass\commonClass.php:7

actionwp_headclass\commonClass.php:9

actionwp_print_scriptsclass\commonClass.php:11

actioninitclass\nippoPostClass.php:9

actionadmin_initclass\nippoPostClass.php:11

actionsave_postclass\nippoPostClass.php:12

actionadmin_initclass\nippoPostClass.php:14

Maintenance & Trust

OS日報プラグイン Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedApr 12, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

OS日報プラグイン Alternatives

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Redux Framework

redux-framework

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M 6 CVEs

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs

Adminimize

adminimize

Adminimize that lets you hide 'unnecessary' items from the WordPress backend

200K 2 CVEs

Developer Profile

OS日報プラグイン Developer Profile

OLIVESYSTEM

3 plugins · 720 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OS日報プラグイン

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/os-nippo/js/j.js/wp-content/plugins/os-nippo/style-admin.css/wp-content/plugins/os-nippo/style-post.css/wp-content/plugins/os-nippo/style.css

Generator Patterns

os-nippo

Version Parameters

os-nippo/js/j.js?ver=os-nippo/style-admin.css?ver=os-nippo/style-post.css?ver=os-nippo/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

msg-output

FAQ