wp autopost trakt.tv activity Security & Risk Analysis

wordpress.org/plugins/wp-autopost-trakttv-activity

WP Autopost Trakt.tv Activity plugin does retrive your trakt.tv activity (scrobble and checkin) data and create custom post for each activity.

10 active installs v1.1 PHP + WP 3.8+ Updated Oct 23, 2014
autopostmovietrakt-tv
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is wp autopost trakt.tv activity Safe to Use in 2026?

Generally Safe

Score 85/100

wp autopost trakt.tv activity has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "wp-autopost-trakttv-activity" plugin v1.1 exhibits a mixed security posture. On one hand, the static analysis reveals no immediate critical vulnerabilities such as direct SQL injection risks due to prepared statements, no exposed REST API routes or AJAX handlers without authentication, and no known CVEs in its history. This suggests a generally cautious approach to development in certain areas.

However, significant concerns arise from the lack of proper output escaping, with only 3% of outputs being correctly escaped. This, combined with the presence of a taint flow with unsanitized paths (even if not classified as critical/high severity), indicates a potential for cross-site scripting (XSS) vulnerabilities or other data manipulation issues if the unsanitized data is ever displayed to users. Furthermore, the complete absence of nonce checks and capability checks across all entry points, despite having file operations, is a notable weakness, potentially allowing unauthorized actions if the plugin's functionality can be triggered externally without proper authorization.

The vulnerability history being completely clean is a positive sign, suggesting that the developers have been successful in avoiding publicly known security flaws. However, this must be weighed against the identified code-level weaknesses. The plugin demonstrates strengths in its handling of SQL queries and a lack of common entry points without checks, but significant weaknesses exist in output sanitization and authorization mechanisms.

Key Concerns

  • Low output escaping percentage
  • Unsanitized paths in taint flow
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

wp autopost trakt.tv activity Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

wp autopost trakt.tv activity Release Timeline

v1.1Current
Code Analysis
Analyzed Apr 16, 2026

wp autopost trakt.tv activity Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
16
External Requests
0
Bundled Libraries
0

Output Escaping

3% escaped30 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<wata_options> (wata_options.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

wp autopost trakt.tv activity Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionwata_twicedaily_event_hookwp-autopost-trakttv-activity.php:36
actionadmin_menuwp-autopost-trakttv-activity.php:47
actionadmin_enqueue_scriptswp-autopost-trakttv-activity.php:59

Scheduled Events 1

wata_twicedaily_event_hook
Maintenance & Trust

wp autopost trakt.tv activity Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedOct 23, 2014
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

wp autopost trakt.tv activity Developer Profile

Sylvain Lodeho

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect wp autopost trakt.tv activity

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-autopost-trakttv-activity/style.css/wp-content/plugins/wp-autopost-trakttv-activity/my_jquery_functions.js
Script Paths
/wp-content/plugins/wp-autopost-trakttv-activity/my_jquery_functions.js
Version Parameters
wp-autopost-trakttv-activity/style.css?ver=wp-autopost-trakttv-activity/my_jquery_functions.js?ver=

HTML / DOM Fingerprints

HTML Comments
Copyright 2014 hephaistos themaker (email : hephaistos.themaker@gmail.com) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA+13 more
Data Attributes
wata_tuserwata_apikeywata_first_datewata_lasttimestampwata_personnalratings
FAQ

Frequently Asked Questions about wp autopost trakt.tv activity