WP-Safety

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Security & Risk Analysis

wordpress.org/plugins/wp-vk

WP VK,中文名称为付费内容插件。近几年付费内容在全球风靡起来,一些公众号及站长开始以付费模式经营有价值的文章、资料文档及工具软件资源等。但站长要在网站博客实现付费内容,需要实现支付接口的对接、付费内容部分加密及订单管理等,而WordPress默认功能又无法提供支持。 为此闪电博,开发了一款专属于 …

80 active installs v1.5.4 PHP + WP 6.0+ Updated Unknown
alipaypaywallwechat-payxunhupay
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 23, 2023
Plugin page Download
Safety Verdict

Is WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Safe to Use in 2026?

Generally Safe

Score 100/100

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 23, 2023
Risk Assessment

The "wp-vk" plugin v1.5.4 demonstrates a generally strong security posture with good practices in place. A significant majority of SQL queries use prepared statements, and a high percentage of output is properly escaped, reducing the risk of common web vulnerabilities. The presence of numerous nonce and capability checks further bolsters its defenses against unauthorized actions. However, the static analysis reveals a notable concern: a high number of "flows with unsanitized paths" (10 out of 13 analyzed), with two identified as high severity taint flows. This suggests potential vulnerabilities where user-supplied input could be mishandled, leading to security issues like directory traversal or unintended file access, even if no critical severity taint flows were found.

The plugin's vulnerability history shows one previously known medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF) in August 2023. While this vulnerability is reported as currently unpatched, its medium severity and the fact that it's the only known historical issue suggest it might have been addressed in later versions or has a limited impact. Nevertheless, the recurrence or persistence of such vulnerabilities, even if medium, warrants attention. Overall, "wp-vk" v1.5.4 is a reasonably secure plugin due to its strong input validation and output escaping practices, but the identified high-severity taint flows represent a significant area for improvement to mitigate potential risks associated with unsanitized path handling.

Key Concerns

  • High severity taint flows detected
  • Multiple flows with unsanitized paths
  • 1 Medium CVE (August 2023)
Vulnerabilities
1

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-0c6bc786-341a-4ab6-b86e-d21bb3dbf298-wp-vkmedium · 4.3Cross-Site Request Forgery (CSRF)

WP VK-付费内容插件 <= 1.3.3 - Cross-Site Request Forgery via AJAX actions

Aug 23, 2023 Patched in 1.3.4 (153d)
Code Analysis
Analyzed Mar 16, 2026

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
63 prepared
Unescaped Output
49
280 escaped
Nonce Checks
13
Capability Checks
15
File Operations
6
External Requests
7
Bundled Libraries
0

SQL Query Safety

90% prepared70 total queries

Output Escaping

85% escaped329 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

13 flows10 with unsanitized paths
pay_return (pay\alipay\alipay.php:109)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 7

authwp_ajax_vk_adminclasses\admin.class.php:62
authwp_ajax_vk_payclasses\front.class.php:33
noprivwp_ajax_vk_payclasses\front.class.php:34
authwp_ajax_vk_orderorder\order.class.php:19
authwp_ajax_wpvk-orderorder\order.class.php:22
authwp_ajax_vk_pay_settingpay\pay.class.php:22
authwp_ajax_wbp_apiwbm\wbm.php:39

Shortcodes 2

[vk-content] classes\front.class.php:27
[vk_my_order] classes\vk_justnews.class.php:26
WordPress Hooks 52
actionplugins_loadedclasses\admin.class.php:19
filterall_pluginsclasses\admin.class.php:29
filterplugin_action_linksclasses\admin.class.php:53
filterplugin_row_metaclasses\admin.class.php:54
actionadmin_menuclasses\admin.class.php:57
actionadmin_enqueue_scriptsclasses\admin.class.php:58
actionadmin_noticesclasses\admin.class.php:59
actionadmin_head-post.phpclasses\admin.class.php:68
actionadmin_head-post-new.phpclasses\admin.class.php:69
actionadd_meta_boxesclasses\admin.class.php:71
actionsave_postclasses\admin.class.php:72
filtermce_external_pluginsclasses\admin.class.php:85
filtermce_buttonsclasses\admin.class.php:86
filterscript_loader_tagclasses\admin.class.php:685
actioninitclasses\block.class.php:13
filterblock_categories_allclasses\block.class.php:87
actionenqueue_block_editor_assetsclasses\block.class.php:88
actionwp_enqueue_scriptsclasses\front.class.php:15
actionwp_footerclasses\front.class.php:16
filterthe_contentclasses\front.class.php:20
actioninitclasses\front.class.php:21
actionparse_requestclasses\front.class.php:22
actiontemplate_redirectclasses\front.class.php:23
filterwb_wpvk_htmlclasses\front.class.php:25
filterwbm_menuclasses\front.class.php:50
actionwbm_head_vkclasses\front.class.php:62
filterwbm_js_cnfclasses\front.class.php:69
actionwbm_content_vkclasses\front.class.php:76
filterwpcom_account_tabsclasses\vk_justnews.class.php:19
actionwpcom_account_tabs_orderclasses\vk_justnews.class.php:20
filterlogin_urlclasses\vk_justnews.class.php:22
filterregister_urlclasses\vk_justnews.class.php:24
actionadmin_menuorder\order.class.php:17
actionvk_pay_successorder\order.class.php:25
actionvk_pay_failorder\order.class.php:34
filterdocument_title_partstpl\page_my.php:12
actionwp_enqueue_scriptstpl\page_my.php:17
actionplugins_loadedwbm\wbm.php:33
filterget_wbm_cnfwbm\wbm.php:40
filterset_wbm_cnfwbm\wbm.php:41
actioninitwbm\wbm.php:46
actionwbm_headwbm\wbm.php:47
actionwbm_headerwbm\wbm.php:48
actionwbm_get_menuwbm\wbm.php:50
actionwbm_contentwbm\wbm.php:51
actionwbm_footerwbm\wbm.php:52
actionwbm_header_logowbm\wbm.php:53
actionwbm_content_homewbm\wbm.php:55
filterscript_loader_tagwbm\wbm.php:57
filterwbm_scriptwbm\wbm.php:60
filterwbm_stylewbm\wbm.php:72
actionwidgets_initwidget\widget.php:13
Maintenance & Trust

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedUnknown
PHP min version
Downloads15K

Community Trust

Rating74/100
Number of ratings3
Active installs80
Alternatives

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Alternatives

Wenprise WeChatPay Payment Gateway For WooCommerce

Wenprise WeChatPay Payment Gateway For WooCommerce

wenprise-wechatpay-checkout-for-woocommerce

A
92

WeChat payment gateway for WooCommerce, WooCommerce 微信免费全功能支付网关。

400 No CVEs
China Payments Plugin | Accept WeChat Pay, Alipay & UnionPay | Chinese Checkout Optimization

China Payments Plugin | Accept WeChat Pay, Alipay & UnionPay | Chinese Checkout Optimization

wp-stripe-global-payments

A
100

Accept WeChat Pay, Alipay & UnionPay via Stripe. Chinese checkout optimization with localization, multi-currency display & CNY conversion for &hellip;

300 No CVEs
Yedpay for WooCommerce

Yedpay for WooCommerce

yedpay-for-woocommerce

A
100

Easily accept Alipay, AlipayHK, Wechat Pay, UnionPay, Visa and mastercard on your Wordpress site using Yedpay WooCommerce payment gateway in one plugi &hellip;

300 No CVEs
Payment Gateway for Alipay and WeChat Pay (支付宝,微信支付,银联支付北美版)

Payment Gateway for Alipay and WeChat Pay (支付宝,微信支付,银联支付北美版)

snappay-alipay-wechat-payment-gateway

A
85

Allow Canadian merchants to easily accept Wechat Pay, Alipay and UnionPay for their websites using SnapPay's payment gateway.

100 No CVEs
AlphaPay for WeChat Pay, Alipay, UnionPay, and Credit Card(微信支付,支付宝,银联,信用卡支付)

AlphaPay for WeChat Pay, Alipay, UnionPay, and Credit Card(微信支付,支付宝,银联,信用卡支付)

alpha-pay-wechat-pay-alipay-for-woocommerce

A
100

Allow Canadian merchants to connect all the mainstream payment channels like WeChat Pay, Alipay, UnionPay, Visa, and MasterCard upon single activation &hellip;

50 No CVEs
Developer Profile

WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) Developer Profile

wbolt.com

11 plugins · 17K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
202 days
View full developer profile
Detection Fingerprints

How We Detect WP VK-付费内容插件(付费阅读/资料/工具软件资源管理)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-vk/assets/js/vk.js/wp-content/plugins/wp-vk/assets/css/vk.css
Script Paths
/wp-content/plugins/wp-vk/assets/js/vk.js
Version Parameters
wp-vk/style.css?ver=wp-vk/assets/css/vk.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-vk-pay-button
Data Attributes
data-vk-button-id
JS Globals
wp_vk_params
Shortcode Output
[vk][/vk]
FAQ

Frequently Asked Questions about WP VK-付费内容插件(付费阅读/资料/工具软件资源管理)