Does WP-Lifestream2 have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-Lifestream2 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-Lifestream2 compatible with WordPress 3.3.2?

According to WordPress.org data, WP-Lifestream2 1.1.4 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is WP-Lifestream2 updated?

WP-Lifestream2 was last updated on Feb 12, 2012. Frequent updates are generally a positive security signal.

What is WP-Lifestream2's security score?

WP-Lifestream2 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Lifestream2 Security & Risk Analysis

wordpress.org/plugins/wp-lifestream2

Create a Lifestream on your blog

10 active installs v1.1.4 PHP + WP 2.8+ Updated Feb 12, 2012

lifestreamminibloggingrsssocialtwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-Lifestream2 Safe to Use in 2026?

Generally Safe

Score 85/100

WP-Lifestream2 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The static analysis of wp-lifestream2 v1.1.4 reveals a mixed security posture. While the plugin demonstrates strengths in its limited attack surface, with no apparent AJAX handlers, REST API routes, or shortcodes exposed without authentication, several significant concerns arise from the code signals and taint analysis. The presence of the `unserialize` function six times, coupled with two taint flows identified as having unsanitized paths and high severity, indicates a potential for remote code execution or data manipulation if malicious input is processed. Furthermore, the complete lack of output escaping across all identified outputs is a critical vulnerability that could lead to cross-site scripting (XSS) attacks.

The vulnerability history is a positive indicator, with no known CVEs or past vulnerabilities recorded. This suggests that the plugin has historically been maintained with security in mind or has not been a target for exploits. However, this should not overshadow the critical risks identified in the static and taint analysis. The absence of nonce checks on any entry points and the limited capability checks across the codebase further expose the plugin to potential attack vectors. In conclusion, while the plugin has a small attack surface and a clean vulnerability history, the identified `unserialize` vulnerabilities, unsanitized taint flows, and complete lack of output escaping present significant and immediate security risks that require urgent attention.

Key Concerns

Unsanitized taint flows (High Severity)
Dangerous function: unserialize usage
Output escaping: 0% properly escaped
Nonce checks: 0

Vulnerabilities

None known

WP-Lifestream2 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP-Lifestream2 Code Analysis

Dangerous Functions

Raw SQL Queries

107 prepared

Unescaped Output

261

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->data = array(unserialize($row->data));inc\core.php:62

unserialize$this->feed = new $cls($this->lifestream, unserialize($row->options), $row->feed_id);inc\core.php:74

unserialize$this->data = unserialize($row->data);inc\core.php:180

unserialize$result->data = unserialize($result->data);inc\core.php:985

unserializeif (!empty($row->options)) $options = unserialize($row->options);inc\core.php:2210

unserialize$result->data = unserialize($result->data);inc\core.php:2576

SQL Query Safety

78% prepared137 total queries

Output Escaping

0% escaped261 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

options_page (inc\core.php:901)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP-Lifestream2 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_menuinc\core.php:540

actionwp_headinc\core.php:541

filterthe_contentinc\core.php:542

actioninitinc\core.php:543

filtercron_schedulesinc\core.php:545

actionlifestream_digest_croninc\core.php:546

actionlifestream_croninc\core.php:547

actionlifestream_cleanupinc\core.php:548

actiontemplate_redirectinc\core.php:549

actionwidgets_initinc\widget.php:214

Scheduled Events 3

lifestream_cleanup

lifestream_cron

lifestream_digest_cron

Maintenance & Trust

WP-Lifestream2 Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedFeb 12, 2012

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP-Lifestream2 Alternatives

RSS Stream

rss-stream

100

RSS Stream displays your social feeds in a lifestream way.

10 No CVEs

Social Counter Widget

social-counter-widget

This widget will display your RSS subscribers, Twitter followers and Facebook fans in one nice looking box.

20 No CVEs

Total Social Counter

total-social-counter

This widget combines the number of your RSS readers, twitter followers, and fans of your facebook fan page.

10 No CVEs

Schedule Tweets – TweetBoost Free

tweetboost

Quickly schedule tweets from within the post edit screen. Visualize your Twitter schedule in a beautiful dashboard calendar widget.

10 No CVEs

Nextend Social Login and Register

nextend-facebook-connect

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs

Developer Profile

WP-Lifestream2 Developer Profile

Shelby DeNike

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Lifestream2

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-lifestream2/lifestream.css/wp-content/plugins/wp-lifestream2/lifestream.js

Script Paths

/wp-content/plugins/wp-lifestream2/lifestream.js

Version Parameters

wp-lifestream2/lifestream.css?ver=wp-lifestream2/lifestream.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-lifestream-feeddata-lifestream-ownerdata-lifestream-feed-id

JS Globals

Lifestreamls_configls_feedsls_themels_icons

Shortcode Output

<div class="lifestream-output"><div class="lifestream-event"><div class="lifestream-feed-icon"><div class="lifestream-event-title">

FAQ

WP-Lifestream2 Security & Risk Analysis

Is WP-Lifestream2 Safe to Use in 2026?

Generally Safe

Key Concerns

WP-Lifestream2 Security Vulnerabilities

WP-Lifestream2 Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

WP-Lifestream2 Attack Surface

Scheduled Events 3

WP-Lifestream2 Maintenance & Trust

Maintenance Signals

Community Trust

WP-Lifestream2 Alternatives

RSS Stream

Social Counter Widget

Total Social Counter

Schedule Tweets – TweetBoost Free

Nextend Social Login and Register

WP-Lifestream2 Developer Profile

How We Detect WP-Lifestream2

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP-Lifestream2