
WP PlusOne This Security & Risk Analysis
wordpress.org/plugins/wp-plusone-thisThe WP PlusOne This plugin, automatically adds the Google Plus One ( +1 ) Button to your WordPress posts and pages.
Is WP PlusOne This Safe to Use in 2026?
Generally Safe
Score 85/100WP PlusOne This has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-plusone-this v0.2 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any identified CVEs in its vulnerability history and a complete lack of identified critical or high-severity taint flows are positive indicators. Furthermore, the plugin's code signals show no dangerous functions, no file operations, and no external HTTP requests, all of which contribute to a reduced attack surface. The use of prepared statements for all SQL queries is also a strong security practice.
However, a significant concern arises from the fact that 100% of the identified outputs are not properly escaped. This creates a potential vulnerability for Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected into the site's output and executed in users' browsers. While the plugin has no direct entry points like AJAX handlers, REST API routes, or shortcodes without authentication, this unescaped output represents a hidden risk that could be exploited if other vulnerabilities allow for manipulation of the data being outputted.
In conclusion, while the plugin has avoided common pitfalls like unpatched vulnerabilities and dangerous code patterns, the lack of output escaping is a notable weakness. The absence of any recorded historical vulnerabilities might suggest diligent development or a lack of past scrutiny, but the current code analysis points to a specific, exploitable flaw that needs immediate attention. Addressing the unescaped output should be the primary focus for improving this plugin's security.
Key Concerns
- 100% of outputs not properly escaped
WP PlusOne This Security Vulnerabilities
WP PlusOne This Release Timeline
WP PlusOne This Code Analysis
Output Escaping
WP PlusOne This Attack Surface
WordPress Hooks 2
Maintenance & Trust
WP PlusOne This Maintenance & Trust
Maintenance Signals
Community Trust
WP PlusOne This Alternatives
Google Plus One Bottom
google-plus-one-bottom
Promotion your pr in google +1 with the google plus one bottom plugin. With google plus one bottom, your users can promote your content by sharing goo …
Google Plusone(+1) Button
googleplusone-button
Author Site|
Like to Unlock lite
jcwp-like-to-unlock-lite
This plugin gives you control to initially hide part of your article from user. Content is displayed correctly once user Facebook Like or +1 your page
VB Social Share Widget
virtual-brick-social-bar-side-widget
Easy To Use Social Bar with Your Favorite Social Share Buttons
WP Google+1
wp1
Adds Google +1 stuff to the blog. E.g. a overview of the number of shared articles.
WP PlusOne This Developer Profile
1 plugin · 10 total installs
How We Detect WP PlusOne This
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
https://apis.google.com/js/plusone.jsHTML / DOM Fingerprints
<!-- Start wpplusonethis --><!-- End Of wpplusonethis -->g:plusone