WP-Safety

WP Nasa/ADS Query Importer Security & Risk Analysis

wordpress.org/plugins/wp-nasaads-query-importer

Fetch bibliographic records from The SAO/NASA Astrophysics Data System (ADS) and include a list of these records in your posts using shortcodes.

20 active installs v1.0 PHP 7.0+ WP 4.7+ Updated Jun 27, 2023
adsarticleastronomynasa
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Nasa/ADS Query Importer Safe to Use in 2026?

Generally Safe

Score 85/100

WP Nasa/ADS Query Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The wp-nasaads-query-importer plugin v1.0 exhibits a generally good security posture based on the static analysis provided. The plugin has a very small attack surface, with only two shortcodes and no exposed AJAX handlers or REST API routes that lack proper authentication or permission checks. All SQL queries are performed using prepared statements, which significantly mitigates SQL injection risks. Furthermore, the absence of known CVEs and a clean vulnerability history suggest a commitment to security by the developers or a lack of previously identified exploitable flaws. However, the most significant concern lies in the output escaping. With only 29% of outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user interface through the plugin's functionality.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks present
Vulnerabilities
None known

WP Nasa/ADS Query Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Nasa/ADS Query Importer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
2 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

29% escaped7 total outputs
Attack Surface

WP Nasa/ADS Query Importer Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[wp_nasaads_query_importer] shortcodes.php:271
[wp_nasaads_query_importer_full] shortcodes.php:273
WordPress Hooks 9
actionadmin_initsettings.php:57
actionadmin_menusettings.php:189
filterplugin_action_linkssettings.php:200
filterwp_nasaads_query_importer-format_authorshortcodes.php:55
filterwp_nasaads_query_importer-format_monthshortcodes.php:61
filterwp_nasaads_query_importer-format_bibstemshortcodes.php:67
filterwp_nasaads_query_importer-format_adsurlshortcodes.php:74
filterwp_nasaads_query_importer-API_valueshortcodes.php:88
actionadmin_noticeswp-nasaads-query-importer.php:38
Maintenance & Trust

WP Nasa/ADS Query Importer Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJun 27, 2023
PHP min version7.0
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

WP Nasa/ADS Query Importer Alternatives

NASA Picture of the Day

NASA Picture of the Day

nasa-astrology-picture-of-the-day

A
85

Allow your readers to enjoy NASA's Astronomy Picture of the Day on your blog with this easy to use and setup plugin.

20 No CVEs
Site Kit by Google – Analytics, Search Console, AdSense, Speed

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

A
100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

A
98

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs
TablePress – Tables in WordPress made easy

TablePress – Tables in WordPress made easy

tablepress

A
89

Embed beautiful, accessible, and interactive tables into your WordPress website’s posts and pages, without having to write code!

700K 9 CVEs
Developer Profile

WP Nasa/ADS Query Importer Developer Profile

marblestation

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Nasa/ADS Query Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-nasaads-query-importer/wp-nasaads-query-importer.php/wp-content/plugins/wp-nasaads-query-importer/shortcodes.php/wp-content/plugins/wp-nasaads-query-importer/settings.php/wp-content/plugins/wp-nasaads-query-importer/query.php

HTML / DOM Fingerprints

CSS Classes
notice-error
HTML Comments
Copyright 2020 The SAO/NASA Astrophysics Data System This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at+9 more
Data Attributes
max_authorsmax_recqueryauthoraffyear+6 more
Shortcode Output
<div style="border-left: solid 4px; border-left-color: #dc3232; padding-left: 5px"><p><b>WP NASA/ADS Query Importer error: </b>access token is not valid The plugin <a href="options-general.php?page=wp_nasaads_query_importer">WP Nasa/ADS Query Importer</a> reported that your access token is not valid yet!<div class="notice notice-error is-dismissible">
FAQ

Frequently Asked Questions about WP Nasa/ADS Query Importer