WP PlusOne This Security & Risk Analysis

wordpress.org/plugins/wp-plusone-this

The WP PlusOne This plugin, automatically adds the Google Plus One ( +1 ) Button to your WordPress posts and pages.

10 active installs v0.2 PHP + WP 2.5+ Updated Jun 19, 2011
1googlegoogle-1google-plus-onesocial
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP PlusOne This Safe to Use in 2026?

Generally Safe

Score 85/100

WP PlusOne This has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The wp-plusone-this v0.2 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any identified CVEs in its vulnerability history and a complete lack of identified critical or high-severity taint flows are positive indicators. Furthermore, the plugin's code signals show no dangerous functions, no file operations, and no external HTTP requests, all of which contribute to a reduced attack surface. The use of prepared statements for all SQL queries is also a strong security practice.

However, a significant concern arises from the fact that 100% of the identified outputs are not properly escaped. This creates a potential vulnerability for Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected into the site's output and executed in users' browsers. While the plugin has no direct entry points like AJAX handlers, REST API routes, or shortcodes without authentication, this unescaped output represents a hidden risk that could be exploited if other vulnerabilities allow for manipulation of the data being outputted.

In conclusion, while the plugin has avoided common pitfalls like unpatched vulnerabilities and dangerous code patterns, the lack of output escaping is a notable weakness. The absence of any recorded historical vulnerabilities might suggest diligent development or a lack of past scrutiny, but the current code analysis points to a specific, exploitable flaw that needs immediate attention. Addressing the unescaped output should be the primary focus for improving this plugin's security.

Key Concerns

  • 100% of outputs not properly escaped
Vulnerabilities
None known

WP PlusOne This Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP PlusOne This Release Timeline

v0.2Current
v0.1
Code Analysis
Analyzed Mar 16, 2026

WP PlusOne This Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

WP PlusOne This Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionwp_headwp-plusone-this.php:40
filterthe_contentwp-plusone-this.php:43
Maintenance & Trust

WP PlusOne This Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4
Last updatedJun 19, 2011
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

WP PlusOne This Developer Profile

SISCOM WEB DESIGN

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP PlusOne This

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
https://apis.google.com/js/plusone.js

HTML / DOM Fingerprints

HTML Comments
<!-- Start wpplusonethis --><!-- End Of wpplusonethis -->
Data Attributes
g:plusone
FAQ

Frequently Asked Questions about WP PlusOne This