Sided Security & Risk Analysis

wordpress.org/plugins/sided

Use the Sided plugin to create and insert discussion polls into your content.

10 active installs v1.4.12 PHP 7.0+ WP 4.7+ Updated Feb 11, 2026
commentingcommentspollingpollssurvey
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 31, 2024
Safety Verdict

Is Sided Safe to Use in 2026?

Generally Safe

Score 99/100

Sided has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Oct 31, 2024Updated 5mo ago
Risk Assessment

The "sided" plugin v1.4.12 presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries utilizing prepared statements and a very high percentage (98%) of outputs being properly escaped. The absence of dangerous functions and file operations is also encouraging. However, a significant concern lies within its attack surface, particularly the 16 unprotected AJAX handlers, which represent a substantial entry point for potential attacks if not properly secured by other means.

Taint analysis reveals a concerning number of flows with unsanitized paths (21 out of 29), although none are categorized as critical or high severity. This suggests a potential for input manipulation that could lead to unintended behavior or vulnerabilities, even if not immediately exploitable in a critical way. The plugin's history includes one medium-severity Cross-Site Scripting (XSS) vulnerability, with the last recorded incident being recent. While currently unpatched CVEs are zero, the presence of past XSS issues combined with the taint analysis findings warrants caution regarding input handling.

Overall, "sided" v1.4.12 has strengths in its database interaction and output sanitization. However, the large number of unprotected AJAX endpoints and the prevalence of unsanitized input paths in taint analysis introduce notable risks. The past XSS vulnerability, while medium and resolved, highlights an area that requires ongoing vigilance. The plugin's security is therefore moderate, with specific areas demanding immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Past medium XSS vulnerability
  • Limited nonce checks on AJAX
Vulnerabilities
1 published

Sided Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-50554medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sided <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 31, 2024 Patched in 1.4.6 (343d)
Version History

Sided Release Timeline

v1.4.12Current
v1.4.10
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.51 CVE
v1.4.31 CVE
v1.4.21 CVE
v1.4.11 CVE
v1.3.81 CVE
v1.3.71 CVE
v1.3.61 CVE
v1.3.51 CVE
v1.3.41 CVE
v1.3.31 CVE
v1.3.21 CVE
v1.3.11 CVE
v1.3.01 CVE
v1.2.91 CVE
Code Analysis
Analyzed Mar 17, 2026

Sided Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
16
834 escaped
Nonce Checks
8
Capability Checks
8
File Operations
0
External Requests
64
Bundled Libraries
0

Output Escaping

98% escaped850 total outputs
Data Flows · Security
21 unsanitized

Data Flow Analysis

25 flows21 with unsanitized paths
sided_wpa_fetch_embed_placements_callback (1.4.11\partials\functions.php:193)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Sided Attack Surface

Entry Points26
Unprotected16

AJAX Handlers 24

authwp_ajax_wpa_sided_initiate_script1.4.11\partials\functions.php:167
noprivwp_ajax_wpa_sided_initiate_script1.4.11\partials\functions.php:168
authwp_ajax_wpa_send_cats_to_sided1.4.11\partials\functions.php:175
noprivwp_ajax_wpa_send_cats_to_sided1.4.11\partials\functions.php:176
authwp_ajax_wpa_send_tags_to_sided1.4.11\partials\functions.php:183
noprivwp_ajax_wpa_send_tags_to_sided1.4.11\partials\functions.php:184
noprivwp_ajax_wpa_fetch_embed_placements1.4.11\partials\functions.php:191
authwp_ajax_wpa_fetch_embed_placements1.4.11\partials\functions.php:192
noprivwp_ajax_wpa_sided_generate_smart_poll1.4.11\partials\functions.php:215
authwp_ajax_wpa_sided_generate_smart_poll1.4.11\partials\functions.php:216
authwp_ajax_wpa_save_embed_options1.4.11\partials\functions.php:240
noprivwp_ajax_wpa_save_embed_options1.4.11\partials\functions.php:241
noprivwp_ajax_wpa_fetch_debates1.4.11\partials\functions.php:302
authwp_ajax_wpa_fetch_debates1.4.11\partials\functions.php:303
noprivwp_ajax_wpa_fetch_current_debate1.4.11\partials\functions.php:330
authwp_ajax_wpa_fetch_current_debate1.4.11\partials\functions.php:331
authwp_ajax_wpa_sided_initiate_scriptpartials\functions.php:167
authwp_ajax_wpa_send_cats_to_sidedpartials\functions.php:180
authwp_ajax_wpa_send_tags_to_sidedpartials\functions.php:193
authwp_ajax_wpa_fetch_embed_placementspartials\functions.php:206
authwp_ajax_wpa_sided_generate_smart_pollpartials\functions.php:235
authwp_ajax_wpa_save_embed_optionspartials\functions.php:265
authwp_ajax_wpa_fetch_debatespartials\functions.php:345
authwp_ajax_wpa_fetch_current_debatepartials\functions.php:378

Shortcodes 2

[sided-debate-embed] 1.4.11\partials\sided-shortcode-to-embed.php:6
[sided-debate-embed] partials\sided-shortcode-to-embed.php:6
WordPress Hooks 20
actioninit1.4.11\includes\block-editor\sided-block-editor.php:3
actionwp_enqueue_scripts1.4.11\partials\functions.php:2
filterscript_loader_tag1.4.11\partials\functions.php:36
actiondynamic_sidebar_before1.4.11\partials\functions.php:72
filterthe_content1.4.11\partials\functions.php:101
actionwp_footer1.4.11\partials\functions.php:165
actionadmin_enqueue_scripts1.4.11\partials\functions.php:354
actionupdate_option1.4.11\partials\includes\sided-authenticate-apikey.php:10
filterrender_block1.4.11\partials\sided-sidebar-poll-injector.php:9
actionadmin_menu1.4.11\sided.php:24
actioninitincludes\block-editor\sided-block-editor.php:3
actionwp_enqueue_scriptspartials\functions.php:2
filterscript_loader_tagpartials\functions.php:36
actiondynamic_sidebar_beforepartials\functions.php:72
filterthe_contentpartials\functions.php:101
actionwp_footerpartials\functions.php:165
actionadmin_enqueue_scriptspartials\functions.php:406
actionupdate_optionpartials\includes\sided-authenticate-apikey.php:10
filterrender_blockpartials\sided-sidebar-poll-injector.php:9
actionadmin_menusided.php:28
Maintenance & Trust

Sided Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedFeb 11, 2026
PHP min version7.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Sided Developer Profile

sided

2 plugins · 10 total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
343 days
View full developer profile
Detection Fingerprints

How We Detect Sided

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sided/assets/js/sided-widget.js/wp-content/plugins/sided/assets/css/sided-widget.css
Script Paths
/wp-content/plugins/sided/assets/js/sided-widget.js
Version Parameters
sided/assets/js/sided-widget.js?ver=sided/assets/css/sided-widget.css?ver=

HTML / DOM Fingerprints

CSS Classes
sided-widgetcustom-sidebar-box
Data Attributes
clientIdplacementId
Shortcode Output
[sided_debate][sided_poll]
FAQ

Frequently Asked Questions about Sided