Sharing Club Security & Risk Analysis

wordpress.org/plugins/sharing-club

Share books, dvd, tools, toys or any object with your community. Your users can easily lend, borrow and rate items and you know who borrowed what.

70 active installs v1.3.1 PHP + WP 4.0+ Updated Dec 2, 2022
borrowcommunitylendloanshare
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Sharing Club Safe to Use in 2026?

Generally Safe

Score 85/100

Sharing Club has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "sharing-club" plugin v1.3.1 presents a generally good security posture with no recorded vulnerabilities or critical code signals. The plugin demonstrates good security practices by utilizing prepared statements for a significant portion of its SQL queries and implementing nonce and capability checks, indicating an effort to secure its functionalities. The absence of external HTTP requests and file operations further reduces potential attack vectors.

However, the static analysis reveals some areas for improvement. While the attack surface appears minimal with zero entry points, the taint analysis identified two flows with unsanitized paths. Although no critical or high severity issues were flagged in the taint analysis, these unsanitized paths represent a potential weakness that could be exploited if data from these flows were to be processed in a sensitive manner, especially if combined with other vulnerabilities. The output escaping also shows room for enhancement, with 40% of outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities in certain contexts.

Overall, the plugin's lack of historical vulnerabilities is a positive sign of its development and maintenance. The plugin's strengths lie in its limited attack surface and the presence of fundamental security checks. The primary concerns stem from the identified unsanitized paths and the proportion of unescaped outputs, which, while not currently resulting in critical flaws, represent latent risks that should be addressed to further harden the plugin's security.

Key Concerns

  • Unsanitized paths in taint analysis
  • Non-properly escaped outputs (40%)
Vulnerabilities
None known

Sharing Club Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sharing Club Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Sharing Club Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
5 prepared
Unescaped Output
23
34 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

45% prepared11 total queries

Output Escaping

60% escaped57 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
<admin-lending-form-display> (admin-lending-form-display.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Sharing Club Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
actionadmin_menuadmin-options.php:26
actionadmin_initadmin-options.php:27
actionadmin_initsharing-club.php:117
actioninitsharing-club.php:151
actionadmin_menusharing-club.php:183
filtermanage_shared_item_posts_columnssharing-club.php:193
actionmanage_posts_custom_columnsharing-club.php:200
filtercomments_clausessharing-club.php:203
filtersingle_templatesharing-club.php:239
filterarchive_templatesharing-club.php:240
filterwp_mail_content_typesharing-club.php:256
actiontemplate_redirectsharing-club.php:283
Maintenance & Trust

Sharing Club Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedDec 2, 2022
PHP min version
Downloads4K

Community Trust

Rating96/100
Number of ratings4
Active installs70
Developer Profile

Sharing Club Developer Profile

netdelight

1 plugin · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sharing Club

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sharing-club/css/jquery-ui.css/wp-content/plugins/sharing-club/js/lending-library-admin.js
Script Paths
/wp-content/plugins/sharing-club/js/lending-library-admin.js
Version Parameters
sharing-club/js/lending-library-admin.js?ver=sharing-club/css/jquery-ui.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-plugin="sharing-club"
JS Globals
sharing_club_ajax_object
FAQ

Frequently Asked Questions about Sharing Club