WP-Safety

WP-Postlike Security & Risk Analysis

wordpress.org/plugins/wp-postlike

WordPress 文章点赞插件

30 active installs v2.0.0 PHP + WP 5.0+ Updated Unknown
%e8%af%84%e5%88%86%e6%96%87%e7%ab%a0
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP-Postlike Safe to Use in 2026?

Generally Safe

Score 100/100

WP-Postlike has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wp-postlike" v2.0.0 plugin presents a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests, several critical areas raise significant concerns. The plugin exposes two AJAX handlers with no authentication or capability checks, creating a substantial attack surface that could allow unauthorized actions. Furthermore, none of the output appears to be properly escaped, which is a major vulnerability that could lead to cross-site scripting (XSS) attacks. The absence of any recorded vulnerability history might suggest a lack of public discovery or exploitation, but this does not negate the inherent risks identified in the code analysis. The overall security is compromised by the unauthenticated entry points and the lack of output sanitization, despite other positive coding attributes.

Key Concerns

  • AJAX handlers without auth checks
  • Output not properly escaped
  • No nonce checks on AJAX
  • No capability checks on AJAX
Vulnerabilities
None known

WP-Postlike Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP-Postlike Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface
2 unprotected

WP-Postlike Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_wpl_callbackfunctions.php:20
authwp_ajax_wpl_callbackfunctions.php:21
WordPress Hooks 1
actionwp_enqueue_scriptsfunctions.php:46
Maintenance & Trust

WP-Postlike Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedUnknown
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

WP-Postlike Alternatives

WP Comment Vote

WP Comment Vote

wp-comment-vote

A
85

WP Comment Vote

10 No CVEs
胖鼠采集(Fat Rat Collect)

胖鼠采集(Fat Rat Collect)

fat-rat-collect

A
99

胖鼠采集(Fat Rat Collect) 是一款能够帮助你网站自动化的采集工具. 支持采集、微信、简书、知乎、自定义列表页、自定义详情页面、还有许多特色功能、 还可一键采集历史文章, 一键设置自动采集, 自动发布, 为您节省精力, 快来体验一下吧!

1K 2 CVEs
简数采集器

简数采集器

keydatas

A
93

简数采集器不仅提供网页文章全自动采集、定时采集等基本功能,还创新实现了智能识别和鼠标可视化点选生成采集规则(不用手写规则)、书签一键采集等特色功能,大幅提升了采集配置效率。

1K 2 CVEs
WPReplace内容字符替换插件

WPReplace内容字符替换插件

wpreplace

A
100

WordPress内容字符替换插件(简称:WPReplace),可视化帮助网友快速替换WordPress网站文章标题、内容、评论用户名和评论内容的指定字符。公众号:老蒋朋友圈

900 No CVEs
WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买

WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买

wxsync

A
92

标准云微信公众号文章采集与自动同步插件,手动采集永久免费,自动同步采集可按月收费

500 1 CVE
Developer Profile

WP-Postlike Developer Profile

Dariolee

4 plugins · 150 total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP-Postlike

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-postlike/static/css/bundle.css/wp-content/plugins/wp-postlike/static/js/bundle.js
Script Paths
/wp-content/plugins/wp-postlike/static/js/bundle.js
Version Parameters
wp-postlike/static/css/bundle.css?ver=wp-postlike/static/js/bundle.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpl-buttonwpl-text
Data Attributes
data-id
JS Globals
wpl_ajax_url
Shortcode Output
<button data-id="
FAQ

Frequently Asked Questions about WP-Postlike