Does 新浪连接 have any unpatched vulnerabilities?

No. All known vulnerabilities in 新浪连接 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 新浪连接 compatible with WordPress 3.2.1?

According to WordPress.org data, 新浪连接 2.3.2 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is 新浪连接 updated?

新浪连接 was last updated on Sep 21, 2011. Frequent updates are generally a positive security signal.

What is 新浪连接's security score?

新浪连接 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

新浪连接 Security & Risk Analysis

wordpress.org/plugins/sina-connect

使用新浪微博瓣账号登陆你的 WordPress 博客，博主可以同步日志到新浪微博，用户可以同步留言到新浪微博。

10 active installs v2.3.2 PHP + WP 3.0+ Updated Sep 21, 2011

connectsina

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is 新浪连接 Safe to Use in 2026?

Generally Safe

Score 85/100

新浪连接 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "sina-connect" plugin, version 2.3.2, exhibits a mixed security posture. On the positive side, there are no known historical vulnerabilities (CVEs), and the plugin avoids common pitfalls like raw SQL queries and potentially dangerous functions. The static analysis did not reveal any direct entry points that are unprotected, which is a significant strength. However, the analysis also highlights critical areas of concern. All identified output operations are unescaped, posing a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals flows with unsanitized paths, indicating potential issues with how external data is handled, even if no critical or high severity issues were flagged in the automated analysis. The lack of nonce checks and capability checks on all identified entry points (even though the attack surface is reported as zero) is also a concern, as it suggests a potential oversight in securing any interactions that might arise.

Key Concerns

All identified outputs are unescaped.
Taint analysis shows unsanitized paths.
No nonce checks implemented.
No capability checks implemented.

Vulnerabilities

None known

新浪连接 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

新浪连接 Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

0% escaped5 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

<sina-start> (sina-start.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

新浪连接 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actioninitsina-connect.php:14

actionwp_headsina-connect.php:26

actionadmin_headsina-connect.php:27

actionlogin_headsina-connect.php:28

actionadmin_headsina-connect.php:29

actioncomment_formsina-connect.php:38

actionlogin_formsina-connect.php:39

actionregister_formsina-connect.php:40

filterget_avatarsina-connect.php:72

actionlogin_form_loginsina-connect.php:190

actionlogin_form_registersina-connect.php:191

actioncomment_postsina-connect.php:200

actionadmin_menusina-connect.php:223

actionpublish_postsina-connect.php:307

actionwp_dashboard_setupsina-connect.php:392

Maintenance & Trust

新浪连接 Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedSep 21, 2011

PHP min version

Downloads21K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

新浪连接 Alternatives

LeadConnector

leadconnector

LeadConnector: It helps you to add the LeadConnector chat widget and the LeadConnector funnel pages to your WordPress website.

30K 2 CVEs

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE

OpenID Connect Generic Client

daggerhart-openid-connect-generic

A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.

10K 2 CVEs

Posts 2 Posts

posts-to-posts

100

Efficient many-to-many connections between posts, pages, custom post types, users.

10K No CVEs

Pre* Party Resource Hints

pre-party-browser-hints

Take advantage of browser resource hints and plug-and-play features to improve page load time.

6K 1 unpatched

Developer Profile

新浪连接 Developer Profile

denishua

8 plugins · 4K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

143 days

View full developer profile

Detection Fingerprints

How We Detect 新浪连接

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sina-connect/sina_button.png/wp-content/plugins/sina-connect/sinaOAuth.php

HTML / DOM Fingerprints

CSS Classes

sc_button

Data Attributes

onclick

JS Globals

window.opener.sc_reloadlocation.hreflocation.reloadsc_reload

Shortcode Output

<p id="sc_connect" class="sc_button">

FAQ