WP-Safety

Tce Sharing Security & Risk Analysis

wordpress.org/plugins/tce-sharing

Publish content on https://tce.exchange

10 active installs v2.0.9 PHP 7.4+ WP 5.4+ Updated Jan 18, 2022
content-exchangesharingsyndicationtce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tce Sharing Safe to Use in 2026?

Generally Safe

Score 85/100

Tce Sharing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The tce-sharing v2.0.9 plugin exhibits a mixed security posture. On one hand, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and has no recorded vulnerability history (CVEs). The absence of detected taint flows with unsanitized paths is also a positive indicator. However, several significant concerns emerge from the static code analysis. The presence of 22 'dangerous functions' such as `shell_exec`, `assert`, `unserialize`, and `passthru` is a major red flag, as these functions can be exploited for remote code execution or deserialization vulnerabilities if not handled with extreme care and robust sanitization, which appears to be lacking given the low capability check count and zero nonce checks. Furthermore, the output escaping is only 56% proper, suggesting a risk of cross-site scripting (XSS) vulnerabilities in the plugin's output. The presence of bundled libraries, specifically Guzzle, without information on their version or patching status, introduces a potential risk of leveraging known vulnerabilities in that library.

Key Concerns

  • Dangerous functions used (shell_exec, assert, etc.)
  • Low percentage of properly escaped output
  • No nonce checks on potential entry points
  • Bundled library (Guzzle) without version info
  • Limited capability checks
Vulnerabilities
None known

Tce Sharing Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Tce Sharing Code Analysis

Dangerous Functions
22
Raw SQL Queries
0
6 prepared
Unescaped Output
22
28 escaped
Nonce Checks
0
Capability Checks
1
File Operations
39
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

shell_exec$json = shell_exec($credentialProcess);Autoload\aws\aws-sdk-php\src\Credentials\CredentialProvider.php:630
assertassert($bin !== false);Autoload\brick\math\src\BigInteger.php:1087
assertassert($denominator !== null);Autoload\brick\math\src\BigNumber.php:93
assertassert($q !== null);Autoload\brick\math\src\Internal\Calculator\BcMathCalculator.php:81
assertassert($r !== null);Autoload\brick\math\src\Internal\Calculator\BcMathCalculator.php:82
assertassert(is_int($q));Autoload\brick\math\src\Internal\Calculator\NativeCalculator.php:189
assertassert($carry === 0);Autoload\brick\math\src\Internal\Calculator\NativeCalculator.php:435
unserialize$data = unserialize($serialized, ['allowed_classes' => false]);Autoload\ramsey\collection\src\AbstractArray.php:145
unserialize$data = unserialize($serialized, ['allowed_classes' => [$this->getType()]]);Autoload\ramsey\collection\src\AbstractCollection.php:276
unserialize$data = unserialize($serialized, [Autoload\ramsey\uuid\src\Builder\BuilderCollection.php:59
assertassert($instance instanceof UuidV6);Autoload\ramsey\uuid\src\Lazy\LazyUuidFromString.php:518
assertassert($instance instanceof UuidV6);Autoload\ramsey\uuid\src\Lazy\LazyUuidFromString.php:527
shell_execreturn trim((string) shell_exec('id -u'));Autoload\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:114
shell_execreturn trim((string) shell_exec('id -g'));Autoload\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:134
shell_exec$response = shell_exec('whoami /user /fo csv /nh');Autoload\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:174
shell_exec$response = shell_exec('net user %username% | findstr /b /i "Local Group Memberships"');Autoload\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:203
shell_exec$response = shell_exec('wmic group get name,sid | findstr /b /i ' . escapeshellarg($firstGroup));Autoload\ramsey\uuid\src\Provider\Dce\SystemDceSecurityProvider.php:218
unserialize$data = unserialize($serialized, [Autoload\ramsey\uuid\src\Provider\Node\NodeProviderCollection.php:43
passthrupassthru('ipconfig /all 2>&1');Autoload\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:110
passthrupassthru('ifconfig 2>&1');Autoload\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:114
passthrupassthru('netstat -i -f link 2>&1');Autoload\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:118
passthrupassthru('netstat -ie 2>&1');Autoload\ramsey\uuid\src\Provider\Node\SystemNodeProvider.php:123

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared6 total queries

Output Escaping

56% escaped50 total outputs
Attack Surface

Tce Sharing Attack Surface

Entry Points0
Unprotected0
Maintenance & Trust

Tce Sharing Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJan 18, 2022
PHP min version7.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Tce Sharing Alternatives

Broadcast

Broadcast

threewp-broadcast

A
99

Network content syndication made easy! Automatically share content by multiposting between multisite blogs.

1K 1 CVE
Syndication Links

Syndication Links

syndication-links

A
100

Link to copies of your cross-posted content in other social networks or websites.

300 1 CVE
The Publisher Desk – Headlines Plus Widget

The Publisher Desk – Headlines Plus Widget

headlines-plus-widget

A
100

Headlines Plus: Free plugin for WordPress to grow your audience with traffic sharing, syndication, and lazy-loading widgets or shortcodes.

10 No CVEs
Revive To Sky – Post old content to Bluesky

Revive To Sky – Post old content to Bluesky

revive-to-sky

A
100

Automatically syndicate your old blog posts to Bluesky on a regular basis, increasing traffic and engagement automatically.

10 No CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Developer Profile

Tce Sharing Developer Profile

tcenl

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tce Sharing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tce-sharing/dist/css/main.css/wp-content/plugins/tce-sharing/dist/js/bundle.js/wp-content/plugins/tce-sharing/dist/js/tce-sharing-app.js
Script Paths
/wp-content/plugins/tce-sharing/dist/js/bundle.js/wp-content/plugins/tce-sharing/dist/js/tce-sharing-app.js
Version Parameters
tce-sharing/dist/css/main.css?ver=tce-sharing/dist/js/bundle.js?ver=tce-sharing/dist/js/tce-sharing-app.js?ver=

HTML / DOM Fingerprints

JS Globals
TCE_SHARING_API_ENDPOINTTCE_SHARING_AWS_REGIONTCE_SHARING_AWS_USER_POOLTCE_SHARING_AWS_USER_POOL_WEBCLIENTTCE_SHARING_AWS_IDENTITY_POOL
REST Endpoints
/wp-json/tce-sharing/v1/
FAQ

Frequently Asked Questions about Tce Sharing