WP SPID Italia Security & Risk Analysis
wordpress.org/plugins/wp-spid-italiaSPID - Sistema Pubblico di Identità Digitale
Is WP SPID Italia Safe to Use in 2026?
Generally Safe
Score 99/100WP SPID Italia has a strong security track record. Known vulnerabilities have been patched promptly.
The wp-spid-italia plugin v2.13.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices with all SQL queries using prepared statements and a single capability check in place. There are no AJAX handlers or REST API routes exposed without authorization, and no external HTTP requests are made. The absence of critical or high severity taint flows, along with a relatively small attack surface primarily consisting of a single shortcode, are also encouraging signs.
However, there are notable concerns. The plugin has a history of one known medium severity Cross-Site Scripting (XSS) vulnerability, though it is currently patched. The static analysis reveals that 63% of output escaping is properly done, meaning a significant portion (37%) is not. Additionally, two out of two analyzed taint flows involve unsanitized paths, which is a strong indicator of potential injection vulnerabilities, even though they are not classified as critical or high severity in this analysis. The lack of nonce checks on the single shortcode is also a concern, as it leaves this entry point potentially vulnerable to replay attacks.
In conclusion, while the plugin shows some good security foundations, the presence of unsanitized paths in taint flows, incomplete output escaping, and the absence of nonce checks on its shortcode present tangible risks. The past XSS vulnerability, even if patched, highlights the potential for such issues. Developers should prioritize addressing the output escaping and implementing nonce checks to strengthen its security.
Key Concerns
- Unsanitized paths in taint flows (2/2)
- Improper output escaping (37%)
- No nonce checks on shortcode
- Past medium severity CVE (XSS)
WP SPID Italia Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
WP SPID Italia Code Analysis
Output Escaping
Data Flow Analysis
WP SPID Italia Attack Surface
Shortcodes 1
WordPress Hooks 18
Maintenance & Trust
WP SPID Italia Maintenance & Trust
Maintenance Signals
Community Trust
WP SPID Italia Alternatives
Spider Analyser – WordPress搜索引擎蜘蛛分析插件
spider-analyser
Spider Analyser是一款用于跟踪WordPress网站各种搜索引擎蜘蛛爬行日志的插件,并进行详细的蜘蛛爬行数据统计、蜘蛛行为分析、蜘蛛爬取分析及伪蜘蛛拦截等。
3B Meteo
3b-meteo
Permette di aggiungere i widget meteo per le previsioni del tempo sul tuo sito in vari formati.
Campi Moduli Italiani
campi-moduli-italiani
Plugin to create useful fields for Italian sites, to be used in the forms produced with Contact Form 7 and WPForms.
Bot Traffic Shield – Block Bad Bots and Stop AI Bots Crawlers
bot-traffic-shield
A powerful and user-friendly plugin to block AI crawlers and malicious data scraper bots, protecting your content and server resources.
InPost Italy
inpost-italy
Permetti ai tuoi clienti di scegliere InPost come corriere in fase di check-out e selezionare il punto di ritiro InPost più comodo attraverso il nostr …
WP SPID Italia Developer Profile
13 plugins · 13K total installs
How We Detect WP SPID Italia
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-spid-italia/css/login.css/wp-content/plugins/wp-spid-italia/css/spid-login.css/wp-content/plugins/wp-spid-italia/js/spid-login.js/wp-content/plugins/wp-spid-italia/js/spid-login.jswp-spid-italia/css/login.css?ver=wp-spid-italia/css/spid-login.css?ver=wp-spid-italia/js/spid-login.js?ver=HTML / DOM Fingerprints
spid-sso-wrapspid-sso-wrap__userspid-sso-wrap__actionspid-sso-wrap__innerspid-sso-orspid-sso-togglewpcomdata-spid-idp-listspid_get_idp_listspid_get_loginform_button[spid_login_button]