WP-Safety

WP GitHub Tools Security & Risk Analysis

wordpress.org/plugins/wp-github-tools

A plugin that inserts dynamic updates for any GitHub repository.

10 active installs v1.4.4 PHP + WP 3.3+ Updated Aug 11, 2016
commitgithubrepositorytoolwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP GitHub Tools Safe to Use in 2026?

Generally Safe

Score 85/100

WP GitHub Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The wp-github-tools plugin v1.4.4 exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities and utilizes prepared statements for its SQL queries. However, the static analysis reveals significant areas of concern.

The plugin's attack surface includes one AJAX handler that lacks authentication checks, posing a direct risk of unauthorized actions if exploited. Furthermore, a substantial number of output operations (49 in total) are not properly escaped, creating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on its entry points, especially the unprotected AJAX handler, is a critical oversight.

While the plugin has no known CVEs, this does not negate the inherent risks identified in the static analysis. The complete lack of vulnerability history might suggest a lack of historical scrutiny or that previous versions were less complex. In conclusion, despite the absence of known vulnerabilities, the identified security weaknesses, particularly the unprotected AJAX handler and widespread unescaped output, present a notable risk to WordPress sites using this plugin. Developers should prioritize addressing these issues to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler
  • No output escaping
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

WP GitHub Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP GitHub Tools Release Timeline

v1.4.4Current
v1.3.5
v1.3.4
v1.3.3
v1.3.1
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2
v1.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

WP GitHub Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
49
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped49 total outputs
Attack Surface
1 unprotected

WP GitHub Tools Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_wp_github_toolswp_github_tools.php:68

Shortcodes 4

[gist] wp_github_tools.php:78
[commits] wp_github_tools.php:80
[releases] wp_github_tools.php:82
[chart] wp_github_tools.php:84
WordPress Hooks 10
actionadmin_menuincludes/WP_Github_Tools_Options.php:31
actionadmin_initincludes/WP_Github_Tools_Options.php:32
actionadmin_noticeswp_github_tools.php:63
actionadmin_initwp_github_tools.php:64
actionadmin_enqueue_scriptswp_github_tools.php:67
actionwp_enqueue_scriptswp_github_tools.php:72
actionWP_Github_Tools_Activatedwp_github_tools.php:74
actionwidgets_initwp_github_tools.php:86
actionadmin_noticeswp_github_tools.php:91
actionadmin_print_footer_scriptswp_github_tools.php:141
Maintenance & Trust

WP GitHub Tools Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedAug 11, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP GitHub Tools Alternatives

Blocks for GitHub

Blocks for GitHub

blocks-for-github

A
92

Easily display your GitHub profile, organization, repositories, and more within the WordPress Block Editor aka "Gutenberg".

10 No CVEs
WP Github Commits

WP Github Commits

wp-github-commits

A
85

Displays the latest commits of a github repo in the sidebar.

10 No CVEs
ThemeZee Toolkit

ThemeZee Toolkit

themezee-toolkit

A
85

A collection of useful small plugins and features, neatly bundled into a single plugin.

6K No CVEs
EmbedStories – Display social media stories

EmbedStories – Display social media stories

embedstories

A
85

EmbedStories allows you to easily embed Instagram Stories on your website

300 1 CVE
Contact Button – The All-in-One Website Widget

Contact Button – The All-in-One Website Widget

contact-button

A
100

Convert website visitors into contacts with 15 easy to use Contact Button apps. Widget apps include, Contact Forms, Call Now Buttons and more!

200 No CVEs
Developer Profile

WP GitHub Tools Developer Profile

vilmosioo

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP GitHub Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-github-tools/css/wp-github-tools.css/wp-content/plugins/wp-github-tools/js/wp-github-tools.js
Script Paths
/wp-content/plugins/wp-github-tools/js/wp-github-tools.js
Version Parameters
/wp-content/plugins/wp-github-tools/css/wp-github-tools.css?ver=/wp-content/plugins/wp-github-tools/js/wp-github-tools.js?ver=

HTML / DOM Fingerprints

CSS Classes
github-commitsgithub-commits-github-releasesgithub-releases-commit
Data Attributes
data-repositorydata-countdata-titledata-class
JS Globals
ajaxurl
Shortcode Output
<script src="http://gist.github.com/<ul class='github-commits</ul><script src="http://gist.github.com/<ul class='github-releases
FAQ

Frequently Asked Questions about WP GitHub Tools