Does WeiBo TuChuang have any unpatched vulnerabilities?

No. All known vulnerabilities in WeiBo TuChuang have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WeiBo TuChuang compatible with WordPress 3.7.41?

According to WordPress.org data, WeiBo TuChuang 1.2 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is WeiBo TuChuang updated?

WeiBo TuChuang was last updated on Dec 17, 2013. Frequent updates are generally a positive security signal.

What is WeiBo TuChuang's security score?

WeiBo TuChuang has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WeiBo TuChuang Security & Risk Analysis

wordpress.org/plugins/weibo-tuchuang

微博图床是将图片上传到微博中作为图床使用。

10 active installs v1.2 PHP + WP 3.6+ Updated Dec 17, 2013

photosinauploadweibo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WeiBo TuChuang Safe to Use in 2026?

Generally Safe

Score 85/100

WeiBo TuChuang has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The weibo-tuchuang v1.2 plugin exhibits a generally positive security posture based on the static analysis. There are no identified dangerous functions, all SQL queries utilize prepared statements, and the vast majority of output is properly escaped. The plugin also demonstrates good practices by not bundling external libraries that might introduce vulnerabilities.

However, several areas raise concerns. The absence of any nonce checks, capability checks, and particularly the presence of a "flow with unsanitized paths" in the taint analysis, even if not classified as critical or high severity, indicates potential areas for exploitation, especially concerning file operations. The zero count for unprotected entry points is misleading given the lack of authorization checks on any potential handlers that might exist but are not explicitly identified in this report.

With no recorded vulnerability history, this plugin appears to have a clean track record. However, the lack of robust authorization and input validation mechanisms, as suggested by the taint analysis and the absence of nonce/capability checks, means that even minor vulnerabilities, if introduced in future updates, could have significant consequences. The overall security is decent, but critical improvements are needed in input validation and authorization to mitigate latent risks.

Key Concerns

Flow with unsanitized paths (Taint Analysis)
Zero nonce checks present
Zero capability checks present
1 file operation (potential risk)
1 external HTTP request (potential risk)
90% output escaping (10% unescaped)

Vulnerabilities

None known

WeiBo TuChuang Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WeiBo TuChuang Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped52 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<weibo-tuchuang> (weibo-tuchuang.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WeiBo TuChuang Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionafter_wp_tiny_mceweibo-tuchuang.php:34

actionsubmitpost_boxweibo-tuchuang.php:41

actionsubmitpost_boxweibo-tuchuang.php:45

actionadmin_menuweibo-tuchuang.php:83

Maintenance & Trust

WeiBo TuChuang Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedDec 17, 2013

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WeiBo TuChuang Alternatives

Picture Gallery – Frontend Image Uploads, AJAX Photo List

picture-gallery

Streamline photo sharing with AJAX-powered galleries, frontend uploads, and integrated monetization.

400 5 CVEs

Resize on Upload

resize-on-upload

Provides the ability to set a maximum width or height an uploaded image can be, if the image is larger then it is resized.

100 No CVEs

Comment-Images

wordpress-comment-images

Comment Image Embedder is a very simple plugin that, once installed, lets your visitors add an image to their comments.

50 No CVEs

Name: Media Upload Meta Box

media-upload-meta-box

Adds a Meta Box for Drag and Drop Media Upload to the edit page/post screens.

20 No CVEs

Eazy Project Management

eazy-project-management

Add projects and display only to clients that are logged in.

10 No CVEs

Developer Profile

WeiBo TuChuang Developer Profile

shuangca

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WeiBo TuChuang

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weibo-tuchuang/weibo_tuchuang.css/wp-content/plugins/weibo-tuchuang/weibo_tuchuang.js

Script Paths

/wp-content/plugins/weibo-tuchuang/weibo_tuchuang.js

Version Parameters

weibo-tuchuang/weibo_tuchuang.css?ver=weibo-tuchuang/weibo_tuchuang.js?ver=

HTML / DOM Fingerprints

CSS Classes

weibo_tuchuang_post

JS Globals

weibo_tuchuang_post_url

FAQ