
Sharing Club Security & Risk Analysis
wordpress.org/plugins/sharing-clubShare books, dvd, tools, toys or any object with your community. Your users can easily lend, borrow and rate items and you know who borrowed what.
Is Sharing Club Safe to Use in 2026?
Generally Safe
Score 85/100Sharing Club has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "sharing-club" plugin v1.3.1 presents a generally good security posture with no recorded vulnerabilities or critical code signals. The plugin demonstrates good security practices by utilizing prepared statements for a significant portion of its SQL queries and implementing nonce and capability checks, indicating an effort to secure its functionalities. The absence of external HTTP requests and file operations further reduces potential attack vectors.
However, the static analysis reveals some areas for improvement. While the attack surface appears minimal with zero entry points, the taint analysis identified two flows with unsanitized paths. Although no critical or high severity issues were flagged in the taint analysis, these unsanitized paths represent a potential weakness that could be exploited if data from these flows were to be processed in a sensitive manner, especially if combined with other vulnerabilities. The output escaping also shows room for enhancement, with 40% of outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities in certain contexts.
Overall, the plugin's lack of historical vulnerabilities is a positive sign of its development and maintenance. The plugin's strengths lie in its limited attack surface and the presence of fundamental security checks. The primary concerns stem from the identified unsanitized paths and the proportion of unescaped outputs, which, while not currently resulting in critical flaws, represent latent risks that should be addressed to further harden the plugin's security.
Key Concerns
- Unsanitized paths in taint analysis
- Non-properly escaped outputs (40%)
Sharing Club Security Vulnerabilities
Sharing Club Release Timeline
Sharing Club Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Sharing Club Attack Surface
WordPress Hooks 12
Maintenance & Trust
Sharing Club Maintenance & Trust
Maintenance Signals
Community Trust
Sharing Club Alternatives
SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher
wp-scheduled-posts
Automate your WordPress content scheduling with a visual calendar, auto/manual schedulers, missed‑post handler, social sharing options & templates.
MegaCalendar
megabase-calendar
A flexible calendar and event list for communities, businesses and organizations.
BP Events Calendar
bp-events-calendar
The Modern Tribe's Events Calendar add-on that integrated into BuddyPress, and allow users to post events directly from their profile.
Community Events
community-events
The purpose of this plugin is to allow users to create a schedule of upcoming events and display events for the next 7 days in an AJAX-driven box or d …
GroupCal – Calendar for Businesses & Communities
groupcal-events-calendar
GroupCal, #1 shared calendar platform worldwide. Display calendars on your site for free, and sync them with your audience's mobile calendar app.
Sharing Club Developer Profile
1 plugin · 70 total installs
How We Detect Sharing Club
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sharing-club/css/jquery-ui.css/wp-content/plugins/sharing-club/js/lending-library-admin.js/wp-content/plugins/sharing-club/js/lending-library-admin.jssharing-club/js/lending-library-admin.js?ver=sharing-club/css/jquery-ui.css?ver=HTML / DOM Fingerprints
data-plugin="sharing-club"sharing_club_ajax_object