WP-Safety

WeLovez Social Login For WoWonder Php Social Script Security & Risk Analysis

wordpress.org/plugins/welovez-social-login

WeLovez Social Login For WoWonder Php Social Script a free powerful WordPress plugin that will allow wowonder (your social media) users to login to an …

10 active installs v2.1 PHP + WP 4.9+ Updated Jun 14, 2021
loginsharesocialwelovezwowonder
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WeLovez Social Login For WoWonder Php Social Script Safe to Use in 2026?

Generally Safe

Score 85/100

WeLovez Social Login For WoWonder Php Social Script has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The welovez-social-login plugin version 2.1 exhibits a generally good security posture, with no reported vulnerabilities or critical issues identified in the static and taint analysis. The plugin demonstrates strong practices by using prepared statements for all SQL queries and having a limited attack surface with all entry points protected by authentication. The absence of file operations and dangerous functions further contributes to its security.

However, there are areas for improvement. The low percentage of properly escaped output (29%) is a significant concern. This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data may be directly rendered in the browser without sufficient sanitization. While the plugin has only two external HTTP requests, the nature of these requests is not detailed, which could represent a potential risk if not handled securely. The presence of only one nonce check for three entry points is also a weakness, particularly if some of the AJAX handlers are not adequately protected.

Overall, while the plugin benefits from a clean vulnerability history and a well-protected primary attack surface, the insufficient output escaping presents a tangible risk of XSS. Addressing this would significantly improve the plugin's security.

Key Concerns

  • Low output escaping percentage
  • Potential for XSS in unescaped output
  • Insufficient nonce checks for entry points
Vulnerabilities
None known

WeLovez Social Login For WoWonder Php Social Script Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WeLovez Social Login For WoWonder Php Social Script Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
7 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

29% escaped24 total outputs
Attack Surface

WeLovez Social Login For WoWonder Php Social Script Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_welovez_admin_settingsclasses\welovezadmin.php:28

Shortcodes 2

[wowonder_login] classes\welovez.php:18
[wowonder_share] classes\welovez.php:19
WordPress Hooks 5
actionwp_enqueue_scriptsclasses\welovez.php:20
actioninitclasses\welovez.php:22
actionadmin_menuclasses\welovezadmin.php:27
actionadmin_enqueue_scriptsclasses\welovezadmin.php:29
actionactivated_pluginwelovez-login.php:36
Maintenance & Trust

WeLovez Social Login For WoWonder Php Social Script Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedJun 14, 2021
PHP min version
Downloads2K

Community Trust

Rating82/100
Number of ratings9
Active installs10
Alternatives

WeLovez Social Login For WoWonder Php Social Script Alternatives

Wp Social Login and Register Social Counter

Wp Social Login and Register Social Counter

wp-social

A
89

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K 5 CVEs
Social Share, Social Login and Social Comments Plugin – Super Socializer

Social Share, Social Login and Social Comments Plugin – Super Socializer

super-socializer

A
92

The unique Social Plugin to let you integrate Social Login, Social Share, Social Comments and Social Media follow at your website

20K 10 CVEs
AddToAny Share Buttons

AddToAny Share Buttons

add-to-any

A
99

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs
Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Developer Profile

WeLovez Social Login For WoWonder Php Social Script Developer Profile

wpcoder110

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WeLovez Social Login For WoWonder Php Social Script

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/welovez-social-login/assets/images/button-wrapper.png/wp-content/plugins/welovez-social-login/assets/images/welovez.png

HTML / DOM Fingerprints

CSS Classes
welovez-sharewelovez-wrapperwelovez-button
Data Attributes
id="welovez-wrapper"id="welovez-button"class="welovez-share"
Shortcode Output
<div id="welovez-wrapper"><a href="class="btn" id="welovez-button"><div class="content-share__item lovez buzz-share-button">
FAQ

Frequently Asked Questions about WeLovez Social Login For WoWonder Php Social Script