WP-Safety

weibo2wp plugin Security & Risk Analysis

wordpress.org/plugins/weibo2wp

The goal of this plugin is to help people Synchronize their Weibo( which is a very popular light blog in China) to WP

10 active installs v1.2.2 PHP + WP 3.0+ Updated Jan 6, 2014
qqweiboweibo-to-wordpress
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is weibo2wp plugin Safe to Use in 2026?

Generally Safe

Score 85/100

weibo2wp plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The weibo2wp plugin v1.2.2 exhibits a generally good security posture, particularly in its handling of SQL queries, which are exclusively prepared. The plugin also demonstrates a reasonable effort in implementing nonce and capability checks, and the absence of known CVEs is a positive indicator. However, the analysis reveals critical areas for concern. The presence of three instances of the `unserialize` function, without any accompanying taint analysis indicating sanitization, poses a significant risk. If user-controlled data is being unserialized, this could lead to Remote Code Execution (RCE) or other severe vulnerabilities.

Furthermore, the output escaping is only properly implemented in 40% of cases. This suggests a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as sensitive data or user-provided content might be rendered directly in the browser without adequate sanitization. While the attack surface is small and appears to be protected by authentication for AJAX handlers, the identified code signals of dangerous functions and insufficient output escaping are significant weaknesses. The vulnerability history being clean is reassuring, but it does not negate the risks identified within the current code. The plugin needs immediate attention to address the `unserialize` usage and improve output escaping practices.

Key Concerns

  • Unsanitized unserialize calls
  • Insufficient output escaping (60% not properly escaped)
Vulnerabilities
None known

weibo2wp plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

weibo2wp plugin Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
10 prepared
Unescaped Output
12
8 escaped
Nonce Checks
5
Capability Checks
1
File Operations
2
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$image_weibo = $image_weibo ? unserialize( $image_weibo ) : array();admin\post-types\writepanel-weibo-data.php:44
unserialize$image_image = $image_image ? unserialize( $image_image ) : array();admin\post-types\writepanel-weibo-data.php:45
unserialize$this->auth_list = $auth_string ? unserialize( $auth_string ) : array();weibo2wp.php:120

SQL Query Safety

100% prepared10 total queries

Output Escaping

40% escaped20 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
weibo2wp_settings (admin\pages\admin-settings-page.php:27)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

weibo2wp plugin Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_weibo2wp-remove-weiboweibo2wp-ajax.php:27
authwp_ajax_weibo2wp-synch-weiboweibo2wp-ajax.php:59
authwp_ajax_weibo2wp-delete-postweibo2wp-ajax.php:88
WordPress Hooks 10
actionadmin_menuadmin\admin-init.php:23
actionadmin_initadmin\admin-init.php:64
actionadmin_enqueue_scriptsadmin\admin-init.php:84
actionsave_postadmin\admin-init.php:121
actionadd_meta_boxesadmin\post-types\writepanel-weibo-data.php:23
actionweibo2wp_cleanup_sessionsclasses\session\class-weibo2wp-session-handler.php:66
actionshutdownclasses\session\class-weibo2wp-session-handler.php:67
actioninitweibo2wp-functions.php:85
actionweibo2wp_synch_dailly_hookweibo2wp-hooks.php:11
actioninitweibo2wp.php:58

Scheduled Events 1

weibo2wp_synch_dailly_hook
Maintenance & Trust

weibo2wp plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedJan 6, 2014
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

weibo2wp plugin Alternatives

QQ Weibo Plugin for WordPress

QQ Weibo Plugin for WordPress

qq-weibo-plugin-for-wordpress

A
85

A very simple plugin shows the recent tweets from your QQ Weibo.

10 No CVEs
微博同步工具

微博同步工具

qqpress

A
85

支持将新日志标题和链接同步到腾讯微博,同时支持自定义文章内容预览长度。

10 No CVEs
Online Contact Widget-多合一在线客服插件

Online Contact Widget-多合一在线客服插件

online-contact-widget

A
100

Online Contact Widget(多合一在线客服插件),旨在为WordPress网站提供一系列可配置在线客服支持,包括QQ、微信(微信号、公众号和小程序QR-code)、电话、Email和工单等。

800 No CVEs
QQ旺旺Skype微信电话二维码客服WordPress插件 5usujian super serv

QQ旺旺Skype微信电话二维码客服WordPress插件 5usujian super serv

5usujian-super-serv

A
85

在网站侧边添加优美的电话、QQ、旺旺客服悬浮窗

200 No CVEs
多说社会化评论框

多说社会化评论框

duoshuo

D
42

追求最佳用户体验的社会化评论框,为中小网站提供新浪微博、QQ、人人、开心、豆瓣等多帐号登录并评论功能。

70 2 unpatched
Developer Profile

weibo2wp plugin Developer Profile

donggua211

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect weibo2wp plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/weibo2wp/classes/tencent-sdk2.1.1/class-oauth.php/wp-content/plugins/weibo2wp/classes/tencent-sdk2.1.1/class-common.php/wp-content/plugins/weibo2wp/classes/class-weibo.php/wp-content/plugins/weibo2wp/classes/class-logger.php/wp-content/plugins/weibo2wp/classes/session/abstract-weibo2wp-session.php/wp-content/plugins/weibo2wp/classes/session/class-weibo2wp-session-handler.php/wp-content/plugins/weibo2wp/weibo2wp-core-functions.php/wp-content/plugins/weibo2wp/weibo2wp-functions.php+3 more

HTML / DOM Fingerprints

CSS Classes
weibo_linkfollow_meclear
JS Globals
Weibo2wp_Session_Handler
Shortcode Output
<ol id="weibo">
FAQ

Frequently Asked Questions about weibo2wp plugin