WP-Safety

Share It for All Users on BuddyPress YR Security & Risk Analysis

wordpress.org/plugins/buddy-share-it-allusers-fb-yr

For generate WP custom buttons, social share, Facebook Like, Buddypress Activity buttons, Viber Whatsapp Telegram Google and other buttons

10 active installs v3.4.5 PHP + WP 3.3.1+ Updated Mar 8, 2026
buddypress-sharecustom-buttonfacebook-likesocial-buttonsviber
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Share It for All Users on BuddyPress YR Safe to Use in 2026?

Generally Safe

Score 100/100

Share It for All Users on BuddyPress YR has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 26d ago
Risk Assessment

The "buddy-share-it-allusers-fb-yr" plugin v3.4.5 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs, unpatched vulnerabilities, or identified critical/high severity taint flows is a significant positive indicator. The plugin also demonstrates good practices in its handling of SQL queries, utilizing prepared statements exclusively, and a high percentage of properly escaped output. Furthermore, it includes nonce and capability checks, suggesting an awareness of WordPress security best practices for its limited entry points.

However, a critical concern lies in the presence of seven instances of the `unserialize` function. While the static analysis did not reveal any unsanitized paths leading to this function, `unserialize` is inherently risky due to its potential for object injection vulnerabilities if the input is not strictly controlled and validated. The plugin's attack surface is reported as zero entry points, which is excellent, but this may be an artifact of the analysis or imply that functionality is only exposed via non-standard means. The use of file operations (13) and external HTTP requests (1) are areas that warrant careful scrutiny to ensure they do not introduce unforeseen risks, even if not flagged as directly vulnerable in this analysis.

Overall, the plugin appears to be developed with security in mind, particularly regarding its SQL and output handling. The lack of historical vulnerabilities and the robust use of prepared statements are commendable. The primary weakness identified is the reliance on `unserialize` without explicit indicators of input sanitization within the provided data. If the input to `unserialize` is user-controllable and not rigorously validated, it could represent a significant risk. Without further context on how these `unserialize` calls are used and what data they process, a definitive risk level is difficult to assign, but it remains the most prominent area for potential concern.

Key Concerns

  • Dangerous function: unserialize detected
Vulnerabilities
None known

Share It for All Users on BuddyPress YR Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Share It for All Users on BuddyPress YR Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
0 prepared
Unescaped Output
10
56 escaped
Nonce Checks
1
Capability Checks
2
File Operations
13
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$yr_bpshare_options_lines_temp = unserialize($yr_bpshare_options_lines_temp_ser);yr-bpshare-hnd.php:38
unserializeif (unserialize($yr_bpshare_options_lines_init_ser) === false) {yr-bpshare-hnd.php:67
unserialize$yr_bpshare_options_lines = unserialize($yr_bpshare_options_lines_init_ser);yr-bpshare-hnd.php:72
unserializeif (unserialize ($yr_bpshare_options_lines_ser) === false) { // what seri error ?yr-bpshare.php:431
unserialize$yr_bpshare_options_lines = unserialize($yr_bpshare_options_lines_init_ser);yr-bpshare.php:432
unserialize$yr_bpshare_options_lines = unserialize ($yr_bpshare_options_lines_ser);yr-bpshare.php:434
unserialize$yr_bpshare_options_lines = unserialize ($yr_bpshare_options_lines_ser);yr-bpshare.php:639

Output Escaping

85% escaped66 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
yr_bpshare_button_activity_filter (yr-bpshare.php:841)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Share It for All Users on BuddyPress YR Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
actionplugins_loadedloader.php:69
actioninitloader.php:81
actioninitloader.php:85
actionbp_includeloader.php:88
actionadmin_post_yr_bpshare_options_hndyr-bpshare-hnd.php:202
actionadmin_menuyr-bpshare.php:231
actionnetwork_admin_menuyr-bpshare.php:232
actionadmin_inityr-bpshare.php:247
filterthe_contentyr-bpshare.php:650
filterbp_get_activity_content_bodyyr-bpshare.php:656
actionbp_before_group_forum_topic_postsyr-bpshare.php:668
actionbp_group_header_metayr-bpshare.php:671
actionwp_footeryr-bpshare.php:1448
actionwp_headyr-bpshare.php:1450
actionwp_print_stylesyr-bpshare.php:1466
actionwp_print_scriptsyr-bpshare.php:1473
Maintenance & Trust

Share It for All Users on BuddyPress YR Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 8, 2026
PHP min version
Downloads67K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Alternatives

Share It for All Users on BuddyPress YR Alternatives

Sharing Plus – Social Sharing Icons

Sharing Plus – Social Sharing Icons

sharing-plus

A
85

Sharing Plus adds an advanced set of social media sharing buttons to your WordPress sites, such as: Google+, Facebook, WhatsApp, Viber, Twitter, Reddi …

0 No CVEs
Simple Share Buttons Adder

Simple Share Buttons Adder

simple-share-buttons-adder

A
94

A simple plugin that enables you to add share buttons to all of your posts and/or pages.

40K 6 CVEs
Hubbub Lite – Fast, free social sharing and follow buttons

Hubbub Lite – Fast, free social sharing and follow buttons

social-pug

A
92

Your content is worth sharing. Let's makes it easier!

30K 9 CVEs
ShareThis Share Buttons

ShareThis Share Buttons

sharethis-share-buttons

A
99

Grow your website traffic and engagement by enabling one-click sharing with the free ShareThis Share Buttons plugin. The plugin is free (no upgrades a …

20K 1 CVE
Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
97

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 7 CVEs
Developer Profile

Share It for All Users on BuddyPress YR Developer Profile

Yuriy Radko

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Share It for All Users on BuddyPress YR

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddy-share-it-allusers-fb-yr/css/yr-style.css/wp-content/plugins/buddy-share-it-allusers-fb-yr/css/yr-style-like.css/wp-content/plugins/buddy-share-it-allusers-fb-yr/js/yr-script.js/wp-content/plugins/buddy-share-it-allusers-fb-yr/js/yr-share-it-allusers-fb-yr-script.js
Generator Patterns
Share It for All Users on BuddyPress YR
Script Paths
/wp-content/plugins/buddy-share-it-allusers-fb-yr/js/yr-script.js/wp-content/plugins/buddy-share-it-allusers-fb-yr/js/yr-share-it-allusers-fb-yr-script.js
Version Parameters
buddy-share-it-allusers-fb-yr/css/yr-style.css?ver=buddy-share-it-allusers-fb-yr/css/yr-style-like.css?ver=buddy-share-it-allusers-fb-yr/js/yr-script.js?ver=buddy-share-it-allusers-fb-yr/js/yr-share-it-allusers-fb-yr-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
yr-share-button-containeryr-like-button-container
HTML Comments
yr_bpshare 3.4.5 060326start internationalize buddy-share-it-allusers-fb-yrend internationalize
Data Attributes
data-yr-share-type
JS Globals
yr_bpshare_flag_bp
Shortcode Output
[yr-bpshare-button][yr-like-button]
FAQ

Frequently Asked Questions about Share It for All Users on BuddyPress YR