Does WP1 Like have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP1 Like compatible with WordPress 6.5.8?

According to WordPress.org data, WP1 Like 1.2 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is WP1 Like updated?

WP1 Like was last updated on May 31, 2024. Frequent updates are generally a positive security signal.

What is WP1 Like's security score?

WP1 Like has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP1 Like Security & Risk Analysis

wordpress.org/plugins/wp1-like

Display Like button on posts, pages, custom post types and WooCommerce products.

40 active installs v1.2 PHP + WP 6.4+ Updated May 31, 2024

likelike-buttonpost-likeproduct-likewp-like

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP1 Like Safe to Use in 2026?

Generally Safe

Score 92/100

WP1 Like has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The wp1-like plugin v1.2 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no recorded vulnerabilities, there are significant concerns regarding its attack surface. Specifically, the presence of two AJAX handlers without any authentication checks exposes these entry points to potential unauthorized access and manipulation. Although taint analysis did not reveal critical or high severity issues, the lack of capability checks on these AJAX handlers leaves them vulnerable to cross-site request forgery (CSRF) or unauthorized data modification if they perform sensitive actions.

The plugin's vulnerability history is a strong positive, indicating a generally secure development process. However, this is overshadowed by the directly observable security weaknesses in the current version's code analysis. The absence of capability checks on AJAX handlers is a notable oversight that should be addressed. Overall, the plugin has a solid foundation in areas like SQL handling and avoiding known dangerous functions, but the lack of authorization on its AJAX endpoints is a critical flaw that significantly elevates its risk profile.

Key Concerns

Unprotected AJAX handlers
Missing capability checks on AJAX
Output escaping not fully implemented

Vulnerabilities

None known

WP1 Like Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP1 Like Release Timeline

v1.2Current

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

WP1 Like Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

69% escaped16 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<wp1-like_option> (wp1-like_option.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP1 Like Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wp1_like_like_this_postinc\wp1-like-functions.php:81

noprivwp_ajax_wp1_like_like_this_postinc\wp1-like-functions.php:82

WordPress Hooks 8

actionwp_enqueue_scriptsinc\wp1-like-functions.php:122

actionthe_contentinc\wp1-like-functions.php:147

actionwp_print_scriptswp1-like.php:19

actionadmin_enqueue_scriptswp1-like.php:31

actionwp_print_styleswp1-like.php:32

actionwp_enqueue_scriptswp1-like.php:48

actionadmin_menuwp1-like.php:61

filterplugin_action_linkswp1-like.php:74

Maintenance & Trust

WP1 Like Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMay 31, 2024

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

WP1 Like Alternatives

Kento Like Post

kento-like-post

Facebook Style like button for WordPress with like count and user thumbnails.

10 No CVEs

Solid Post Likes

solid-post-likes

A like button for all post types. Solid and simple.

500 No CVEs

CodeChief

codechief

A awesome WordPress plugin to manage many user options and create many new features easily from admin panel.

0 No CVEs

SR Post Like Dislike

sr-post-like-dislike

The SR Post Like Dislike Plugin is a powerful and easy-to-use plugin that adds a like and dislike functionality to your WordPress posts, pages, and cu …

0 No CVEs

Booster Extension

booster-extension

Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official Wor …

7K 1 CVE

Developer Profile

WP1 Like Developer Profile

wponeco

1 plugin · 40 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP1 Like

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp1-like/assets/js/wp1-like.js/wp-content/plugins/wp1-like/assets/js/jscolor.js/wp-content/plugins/wp1-like/assets/css/wp1-like.css

Script Paths

assets/js/wp1-like.jsassets/js/jscolor.js

Version Parameters

wp1-like.js?ver=1.2jscolor.js?ver=1.2wp1-like.css?ver=1.2

HTML / DOM Fingerprints

CSS Classes

wp1_like_likewp1_like_like.disabled

Data Attributes

data-id

JS Globals

wp1_like_button_colorwp1_like_button_hover_colorwp1_like_button_disabled_colorwp1_like_button_textwp1_like_show_count

FAQ