Skysa Google +1 App Security & Risk Analysis
wordpress.org/plugins/skysa-google-1-appA Google +1 button which you can configure to share any page on your site.
Is Skysa Google +1 App Safe to Use in 2026?
Generally Safe
Score 85/100Skysa Google +1 App has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "skysa-google-1-app" plugin v1.4 exhibits significant security concerns primarily due to its unprotected entry points and lack of robust security practices. The static analysis reveals two AJAX handlers, both of which lack authentication checks. This exposes them to potential unauthorized access and malicious exploitation. Furthermore, the code demonstrates a concerning reliance on raw SQL queries, with 100% of them not using prepared statements, which significantly increases the risk of SQL injection vulnerabilities. Output escaping is also poorly implemented, with only 4% of outputs being properly escaped, leaving the plugin vulnerable to cross-site scripting (XSS) attacks.
While the plugin has no recorded vulnerability history, this does not necessarily indicate a secure codebase. The absence of known CVEs might be due to a lack of thorough security auditing or exploitation of undiscovered vulnerabilities. The taint analysis, though not flagging critical or high severity issues, identified four flows with unsanitized paths, which could be a precursor to vulnerabilities if combined with other weaknesses. The overall security posture is weak, with a large attack surface exposed and a clear lack of fundamental security controls like nonce and capability checks. The plugin's reliance on insecure coding practices for database interactions and output rendering are major red flags.
Key Concerns
- AJAX handlers without auth checks
- Raw SQL queries without prepared statements
- Low percentage of properly escaped output
- No nonce checks
- No capability checks
- Taint flows with unsanitized paths
Skysa Google +1 App Security Vulnerabilities
Skysa Google +1 App Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Skysa Google +1 App Attack Surface
AJAX Handlers 2
WordPress Hooks 3
Maintenance & Trust
Skysa Google +1 App Maintenance & Trust
Maintenance Signals
Community Trust
Skysa Google +1 App Alternatives
Google Plus Authorship
google-plus-authorship
Add Google Plus Profile Picture to Google Search Results. Very Easy to implement! Google authorship for multiple authors
Social Comments
social-comments
This plugin adds Google Plus Comments system, Facebook comments and / or Disqus Comments to your site.
Social Media Social Share Icon
add-social-share
Social Media Share Icons to increase social traffic and popularity. Social sharing to Facebook , Twitter, Pinterest,LinkedIn and Google Plus social me …
WP Google Authorship
google-plus-author
Google Plus Profile Picture appear in Google Search. Very Easy to implement. Including Google authorship for multiple authors and multisite.
Jamie Social Icons
jamie-social-icons
Share your posts & pages with your favourite social sites - Twitter, Facebook, Google Plus, Pinterest And LinkedIn and now trackable with your Goo …
Skysa Google +1 App Developer Profile
8 plugins · 80 total installs
How We Detect Skysa Google +1 App
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
//apis.google.com/js/plusone.js?parsetags=explicitHTML / DOM Fingerprints
SKYUI-Mod-PlusOne-Button-holderSKYUI-Mod-PlusOne-Button*************************************************************
* This app was made using the: *
* Skysa App SDK *
* http://wordpress.org/extend/plugins/skysa-app-sdk/ *
*************************************************************This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA.data-gapiscang:plusonegapiS<div id="$button_id" class="SKYUI-Mod-PlusOne-Button-holder"><span class="SKYUI-Mod-PlusOne-Button" style="vertical-align: middle; display: inline-block; padding-top: 5px;"><g:plusone size="medium" href="$app_option3" count="#fvar_count"></g:plusone></span></div>