WP-Safety

Social Integration for BlueSky Security & Risk Analysis

wordpress.org/plugins/social-integration-for-bluesky

Provides auto syndication, a profile banner, and a list of your latest posts on BlueSky as Gutenberg blocks. It also adds the ability to link syndicat …

600 active installs v2.1.1 PHP 7.4+ WP 5.0+ Updated Mar 7, 2026
blueskyfeedprofilesyndicate
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Social Integration for BlueSky Safe to Use in 2026?

Generally Safe

Score 100/100

Social Integration for BlueSky has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago
Risk Assessment

The plugin 'social-integration-for-bluesky' v2.1.1 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs and utilizes prepared statements for a significant portion of its SQL queries, there are notable concerns arising from the static analysis. The presence of 10 unprotected AJAX handlers significantly expands the attack surface and presents a clear risk, as these entry points are vulnerable to unauthorized access and potential exploitation. Furthermore, the taint analysis reveals two flows with unsanitized paths, classified as high severity. This indicates potential for malicious data to be processed without proper sanitization, which could lead to various security issues including cross-site scripting (XSS) or other injection vulnerabilities, even if specific CVEs are not yet documented.

Despite the absence of critical vulnerabilities in the taint analysis and a generally good approach to output escaping and nonce checks, the high number of unprotected AJAX endpoints and the identified unsanitized data flows are significant weaknesses. The plugin's vulnerability history, while currently clean, does not negate the risks identified in the static analysis. A balanced conclusion would note the developer's apparent attention to SQL sanitization and output escaping as strengths, but the unprotected AJAX handlers and high-severity taint flows demand immediate attention to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized paths (taint analysis)
Vulnerabilities
None known

Social Integration for BlueSky Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Social Integration for BlueSky Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
14 prepared
Unescaped Output
168
551 escaped
Nonce Checks
20
Capability Checks
19
File Operations
1
External Requests
10
Bundled Libraries
0

SQL Query Safety

70% prepared20 total queries

Output Escaping

77% escaped719 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
<BlueSky_Admin_Notices> (classes\BlueSky_Admin_Notices.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Social Integration for BlueSky Attack Surface

Entry Points19
Unprotected10

AJAX Handlers 17

authwp_ajax_bluesky_retry_syndicationclasses\BlueSky_Admin_Notices.php:36
authwp_ajax_bluesky_dismiss_noticeclasses\BlueSky_Admin_Notices.php:37
authwp_ajax_refresh_bluesky_discussionclasses\BlueSky_Discussion_Metabox.php:58
authwp_ajax_unlink_bluesky_discussionclasses\BlueSky_Discussion_Metabox.php:62
authwp_ajax_bluesky_refresh_healthclasses\BlueSky_Health_Dashboard.php:41
authwp_ajax_fetch_bluesky_postsclasses\BlueSky_Plugin_Setup.php:115
noprivwp_ajax_fetch_bluesky_postsclasses\BlueSky_Plugin_Setup.php:119
authwp_ajax_get_bluesky_profileclasses\BlueSky_Plugin_Setup.php:124
noprivwp_ajax_get_bluesky_profileclasses\BlueSky_Plugin_Setup.php:128
authwp_ajax_bluesky_async_postsclasses\BlueSky_Plugin_Setup.php:134
noprivwp_ajax_bluesky_async_postsclasses\BlueSky_Plugin_Setup.php:138
authwp_ajax_bluesky_async_profileclasses\BlueSky_Plugin_Setup.php:142
noprivwp_ajax_bluesky_async_profileclasses\BlueSky_Plugin_Setup.php:146
authwp_ajax_bluesky_async_authclasses\BlueSky_Plugin_Setup.php:150
authwp_ajax_bluesky_set_discussion_accountclasses\BlueSky_Plugin_Setup.php:154
authwp_ajax_save_bluesky_meta_boxclasses\BlueSky_Post_Metabox.php:388
authwp_ajax_get_bluesky_post_previewclasses\BlueSky_Post_Metabox.php:392

Shortcodes 2

[bluesky_profile] classes\BlueSky_Render_Front.php:38
[bluesky_last_posts] classes\BlueSky_Render_Front.php:42
WordPress Hooks 38
actionplugins_loadedclasses\BlueSky_Account_Manager.php:28
actionadmin_noticesclasses\BlueSky_Account_Manager.php:63
actionadmin_post_bluesky_logoutclasses\BlueSky_Admin_Actions.php:14
actionadmin_post_nopriv_bluesky_logoutclasses\BlueSky_Admin_Actions.php:15
actionadmin_noticesclasses\BlueSky_Admin_Notices.php:32
actionadmin_noticesclasses\BlueSky_Admin_Notices.php:33
actionadmin_noticesclasses\BlueSky_Admin_Notices.php:34
filterheartbeat_receivedclasses\BlueSky_Admin_Notices.php:35
filtermanage_posts_columnsclasses\BlueSky_Admin_Notices.php:40
actionmanage_posts_custom_columnclasses\BlueSky_Admin_Notices.php:41
actionbluesky_refresh_cacheclasses\BlueSky_API_Handler.php:69
actionbluesky_async_syndicateclasses\BlueSky_Async_Handler.php:59
actionbluesky_retry_syndicateclasses\BlueSky_Async_Handler.php:60
filterthe_contentclasses\BlueSky_Discussion_Frontend.php:52
actionwp_enqueue_scriptsclasses\BlueSky_Discussion_Frontend.php:53
actionadd_meta_boxesclasses\BlueSky_Discussion_Metabox.php:52
actionadmin_enqueue_scriptsclasses\BlueSky_Discussion_Metabox.php:55
actionwp_dashboard_setupclasses\BlueSky_Health_Dashboard.php:38
filtersite_status_testsclasses\BlueSky_Health_Monitor.php:33
filterdebug_informationclasses\BlueSky_Health_Monitor.php:34
actionadmin_noticesclasses\BlueSky_Helpers.php:94
actioninitclasses\BlueSky_Plugin_Setup.php:100
actionadmin_menuclasses\BlueSky_Plugin_Setup.php:107
actionadmin_initclasses\BlueSky_Plugin_Setup.php:108
actionadmin_enqueue_scriptsclasses\BlueSky_Plugin_Setup.php:111
actionwp_enqueue_scriptsclasses\BlueSky_Plugin_Setup.php:112
actionwidgets_initclasses\BlueSky_Plugin_Setup.php:160
actioninitclasses\BlueSky_Plugin_Setup.php:161
actiontransition_post_statusclasses\BlueSky_Plugin_Setup.php:164
actionadmin_noticesclasses\BlueSky_Plugin_Setup.php:172
actionadd_meta_boxesclasses\BlueSky_Post_Metabox.php:17
actionsave_postclasses\BlueSky_Post_Metabox.php:18
actionadmin_enqueue_scriptsclasses\BlueSky_Post_Metabox.php:19
actioninitclasses\BlueSky_Post_Metabox.php:20
filterwp_kses_allowed_htmlclasses\BlueSky_Render_Front.php:47
actionwp_headclasses\BlueSky_Render_Front.php:256
actionwp_footerclasses\BlueSky_Render_Front.php:260
actionwp_headclasses\BlueSky_Render_Front.php:551
Maintenance & Trust

Social Integration for BlueSky Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads7K

Community Trust

Rating100/100
Number of ratings3
Active installs600
Alternatives

Social Integration for BlueSky Alternatives

Syndicate Press

Syndicate Press

syndicate-press

A
85

Syndicate Press lets you include RSS, RDF or Atom feeds directly in your Wordpress posts, pages, widgets or theme.

200 No CVEs
ORQADESIGN Bluesky Feed

ORQADESIGN Bluesky Feed

orqadesign-bluesky-feed

A
100

Easily display and cache the latest posts from a Bluesky user using a shortcode.

30 No CVEs
Simple Pinterest Feeds

Simple Pinterest Feeds

simple-pinterest-feeds

A
85

Simple Pinterest Feeds is an awesome tool for your websites. Enjoy the limitless fun with pinterest using our Simple Pinterest Feeds.

10 No CVEs
Ipanema Twitter Feed

Ipanema Twitter Feed

ipanema-twitter-feed

A
85

Add different kind of twitter feeds in your WordPress site!

0 No CVEs
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

A
98

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs
Developer Profile

Social Integration for BlueSky Developer Profile

Geoffrey

6 plugins · 5K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Social Integration for BlueSky

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-integration-for-bluesky/assets/css/bluesky-social-admin.css/wp-content/plugins/social-integration-for-bluesky/assets/css/bluesky-social-profile.css/wp-content/plugins/social-integration-for-bluesky/assets/css/prism.min.css/wp-content/plugins/social-integration-for-bluesky/assets/css/bluesky-social-posts.css/wp-content/plugins/social-integration-for-bluesky/assets/js/bluesky-social-admin.js/wp-content/plugins/social-integration-for-bluesky/assets/js/prism.min.js/wp-content/plugins/social-integration-for-bluesky/assets/js/bluesky-async-loader.js
Version Parameters
social-integration-for-bluesky/assets/css/bluesky-social-admin.css?ver=social-integration-for-bluesky/assets/css/bluesky-social-profile.css?ver=social-integration-for-bluesky/assets/css/prism.min.css?ver=social-integration-for-bluesky/assets/css/bluesky-social-posts.css?ver=social-integration-for-bluesky/assets/js/bluesky-social-admin.js?ver=social-integration-for-bluesky/assets/js/prism.min.js?ver=social-integration-for-bluesky/assets/js/bluesky-async-loader.js?ver=

HTML / DOM Fingerprints

CSS Classes
bluesky-social-profilebluesky-profile-widget
Data Attributes
data-bluesky-handledata-bluesky-avatardata-bluesky-display-namedata-bluesky-biodata-bluesky-followersdata-bluesky-following+2 more
JS Globals
blueskyAsync
Shortcode Output
[bluesky_profile][bluesky_last_posts]
FAQ

Frequently Asked Questions about Social Integration for BlueSky