Does 微博同步工具 have any unpatched vulnerabilities?

No. All known vulnerabilities in 微博同步工具 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 微博同步工具 compatible with WordPress 3.2.1?

According to WordPress.org data, 微博同步工具 1.5 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is 微博同步工具 updated?

微博同步工具 was last updated on Nov 3, 2011. Frequent updates are generally a positive security signal.

What is 微博同步工具's security score?

微博同步工具 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

微博同步工具 Security & Risk Analysis

wordpress.org/plugins/qqpress

支持将新日志标题和链接同步到腾讯微博，同时支持自定义文章内容预览长度。

10 active installs v1.5 PHP + WP 3.0+ Updated Nov 3, 2011

%e8%85%be%e8%ae%af%e5%be%ae%e5%8d%9a%e8%85%be%e8%ae%af%e5%be%ae%e5%8d%9a%e5%90%8c%e6%ad%a5qqweibowordpress%e5%90%8c%e6%ad%a5

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is 微博同步工具 Safe to Use in 2026?

Generally Safe

Score 85/100

微博同步工具 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The static analysis of the "qqpress" v1.5 plugin reveals a generally positive security posture with no detected vulnerabilities in its vulnerability history. The absence of known CVEs and the limited attack surface are strong indicators of good security practices. However, the code analysis raises significant concerns regarding output escaping and the handling of file operations. The fact that 100% of output is unescaped is a critical weakness, potentially leading to cross-site scripting (XSS) vulnerabilities if any user-supplied data is ever displayed. Furthermore, the presence of file operations without clear sanitization or permission checks is a potential avenue for arbitrary file manipulation or disclosure. While taint analysis did not flag critical or high severity flows, the five analyzed flows with unsanitized paths, even if not leading to severe issues in this specific version, highlight a concerning pattern of potentially insecure data handling. The lack of nonce and capability checks on the identified entry points (though there are none in this version) would be a major concern if any were present, suggesting a foundational lack of security controls.

Key Concerns

All output escaping is missing
File operations without clear checks
Unsanitized paths in taint flows
SQL queries not using prepared statements
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

微博同步工具 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

微博同步工具 Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared7 total queries

Output Escaping

0% escaped7 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

<qq-start> (qq-start.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

微博同步工具 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actioninitqqpress.php:16

actionwp_headqqpress.php:17

actionadmin_headqqpress.php:18

actionadmin_menuqqpress.php:19

actionadmin_menuqqpress.php:20

actionwp_insert_postqqpress.php:21

Maintenance & Trust

微博同步工具 Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedNov 3, 2011

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

微博同步工具 Alternatives

QQ Weibo Plugin for WordPress

qq-weibo-plugin-for-wordpress

A very simple plugin shows the recent tweets from your QQ Weibo.

10 No CVEs

weibo2wp plugin

weibo2wp

The goal of this plugin is to help people Synchronize their Weibo( which is a very popular light blog in China) to WP

10 No CVEs

Online Contact Widget-多合一在线客服插件

online-contact-widget

100

Online Contact Widget（多合一在线客服插件），旨在为WordPress网站提供一系列可配置在线客服支持，包括QQ、微信（微信号、公众号和小程序QR-code）、电话、Email和工单等。

800 No CVEs

QQ旺旺Skype微信电话二维码客服WordPress插件 5usujian super serv

5usujian-super-serv

在网站侧边添加优美的电话、QQ、旺旺客服悬浮窗

200 No CVEs

多说社会化评论框

duoshuo

追求最佳用户体验的社会化评论框，为中小网站提供新浪微博、QQ、人人、开心、豆瓣等多帐号登录并评论功能。

70 2 unpatched

Developer Profile

微博同步工具 Developer Profile

cooiky

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect 微博同步工具

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qqpress/css/qqpress.css/wp-content/plugins/qqpress/js/qqpress.js

Script Paths

/wp-content/plugins/qqpress/js/qqpress.js

HTML / DOM Fingerprints

CSS Classes

qqpress-message

Data Attributes

istoqq

JS Globals

qc_reload

FAQ