WP-Safety

WP Google Plus Connect Security & Risk Analysis

wordpress.org/plugins/wp-google-plus-connect

Add Google+ Direct Connect Badge & allow your WordPress/BuddyPress users to register or login via their Google+ account & import their stream …

10 active installs v1.0.5.1 PHP + WP 3.0+ Updated Dec 20, 2011
googlegoogle-plusgooglepluslogin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Google Plus Connect Safe to Use in 2026?

Generally Safe

Score 85/100

WP Google Plus Connect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The wp-google-plus-connect plugin v1.0.5.1 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all its SQL queries and avoiding bundled libraries, significant concerns arise from the presence of dangerous functions and a lack of robust security checks. The use of `unserialize` is a critical vulnerability vector, especially when coupled with a complete absence of nonce and capability checks. This means that any user, regardless of their privilege level, could potentially trigger deserialization attacks if an attacker can control the data being unserialized. Although the taint analysis shows no critical or high severity flows, the inherent risk of `unserialize` remains, and the lack of authentication checks on entry points is a major red flag. The plugin's history of zero known CVEs is a positive indicator, suggesting past stability, but it does not mitigate the immediate risks identified in the static analysis. Overall, the plugin has strengths in its SQL handling but significant weaknesses in input validation and authorization, making it a moderate to high risk without further hardening.

Key Concerns

  • Dangerous function 'unserialize' used
  • No nonce checks found
  • No capability checks found
  • Unescaped output percentage is low (54%)
  • Flows with unsanitized paths
Vulnerabilities
None known

WP Google Plus Connect Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Google Plus Connect Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
4 prepared
Unescaped Output
48
56 escaped
Nonce Checks
0
Capability Checks
0
File Operations
9
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize($ret['data']);src\cache\apiApcCache.php:79
unserialize$data = unserialize($data);src\cache\apiFileCache.php:98

SQL Query Safety

100% prepared4 total queries

Output Escaping

54% escaped104 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wds_google_connect_button (functions.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Google Plus Connect Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[gplus_badge] functions.php:26
[gplus_button] functions.php:249
WordPress Hooks 18
actionadmin_menuadmin.php:3
actionadmin_initadmin.php:6
actionwidgets_initadmin.php:451
actionbp_after_sidebar_login_formbuddypress.php:7
actionbp_before_account_details_fieldsbuddypress.php:13
actioninitbuddypress.php:22
actionbp_template_titlebuddypress.php:37
actionbp_template_contentbuddypress.php:38
filterbp_activity_allowed_tagsbuddypress.php:103
actioninitbuddypress.php:112
filtercron_schedulesbuddypress.php:247
actionwds_google_connect_cronbuddypress.php:252
actionwp_headfunctions.php:7
actionadmin_headfunctions.php:8
actioninitfunctions.php:56
actionwp_logoutfunctions.php:237
actionlogin_formfunctions.php:243
actionbp_includewp-google-plus-connect.php:12

Scheduled Events 1

wds_google_connect_cron
Maintenance & Trust

WP Google Plus Connect Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedDec 20, 2011
PHP min version
Downloads16K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Google Plus Connect Alternatives

GP – GeePress

GP – GeePress

gp

A
85

All the tools you need to integrate your WordPress and Google+.

40 No CVEs
Metronet Embed Google Plus

Metronet Embed Google Plus

metronet-embed-google-plus

A
100

Easily embed Google+ posts into your pages

10 No CVEs
Advanced Google reCAPTCHA

Advanced Google reCAPTCHA

advanced-google-recaptcha

A
98

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs
Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Login No Captcha reCAPTCHA

Login No Captcha reCAPTCHA

login-recaptcha

A
85

Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.

60K 1 CVE
Developer Profile

WP Google Plus Connect Developer Profile

Brian Messenlehner

2 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Google Plus Connect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-google-plus-connect/css/wds-google-connect.css/wp-content/plugins/wp-google-plus-connect/css/gplus-badge.css/wp-content/plugins/wp-google-plus-connect/js/wds-google-connect.js
Script Paths
https://apis.google.com/js/plusone.js

HTML / DOM Fingerprints

CSS Classes
wds-google-connect-loginwds-gplus-button
HTML Comments
<!-- Direct Connect & Badge --><!-- Google+ Direct Connect & Badge Header --><!-- Google+ Badge Short Code --><!-- Google+ Badge Function -->+8 more
Data Attributes
data-clientiddata-redirecturidata-appnamedata-scopedata-callback
JS Globals
window.___gcfg
Shortcode Output
<g:plus<a href="https://plus.google.com/
FAQ

Frequently Asked Questions about WP Google Plus Connect