Selfie Security & Risk Analysis
wordpress.org/plugins/selfieDemo: http://youtu.be/O-W_dZw7Cwg
Is Selfie Safe to Use in 2026?
Generally Safe
Score 85/100Selfie has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "selfie" plugin v0.2.2 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. Out of 8 identified entry points, a substantial 7 are AJAX handlers that lack authentication checks. This creates a wide attack surface, making it trivial for unauthenticated users to trigger these handlers and potentially manipulate the plugin's functionality. While the plugin does not appear to have a history of public vulnerabilities (CVEs), this is not a strong indicator of inherent security given the identified weaknesses in access control.
Furthermore, the static analysis reveals that a very low percentage (3%) of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Although no dangerous functions, raw SQL queries, or critical taint flows were detected, the combination of numerous unprotected AJAX endpoints and widespread output escaping deficiencies presents a significant security risk. The absence of nonces and capability checks on these AJAX handlers exacerbates the problem. The plugin's overall security is weakened by these critical omissions in fundamental WordPress security practices.
Key Concerns
- Unprotected AJAX handlers
- Missing nonce checks on AJAX
- Missing capability checks on AJAX
- Low percentage of properly escaped output
Selfie Security Vulnerabilities
Selfie Code Analysis
Output Escaping
Selfie Attack Surface
AJAX Handlers 7
Shortcodes 1
WordPress Hooks 12
Maintenance & Trust
Selfie Maintenance & Trust
Maintenance Signals
Community Trust
Selfie Alternatives
Broadstreet
broadstreet
Integrate Broadstreet adserving power into your site.
Site Kit by Google – Analytics, Search Console, AdSense, Speed
google-site-kit
Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.
Google for WooCommerce
google-listings-and-ads
Native integration with Google that allows merchants to easily display their products across Google’s network.
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress
duracelltomi-google-tag-manager
Advanced tag management for WordPress with Google Tag Manager
TablePress – Tables in WordPress made easy
tablepress
Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!
Selfie Developer Profile
5 plugins · 3K total installs
How We Detect Selfie
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/selfie/css/selfie.css/wp-content/plugins/selfie/js/selfie.js/wp-content/plugins/selfie/js/selfie-admin.js/wp-content/plugins/selfie/js/selfie.js/wp-content/plugins/selfie/js/selfie-admin.jsselfie/style.css?ver=selfie/script.js?ver=HTML / DOM Fingerprints
selfie-whitebox-tipselfie-whitebox-boxselfie-title-line<!-- Generated by Selfie -->data-post-iddata-selfie-iddata-selfie-positionselfie_nonce/wp-json/selfie/v1/get-ads[selfie]