Does Candy Social Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Candy Social Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Candy Social Widget compatible with WordPress 6.9.4?

According to WordPress.org data, Candy Social Widget 3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Candy Social Widget compatible with PHP 5.3+?

Candy Social Widget requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Candy Social Widget updated?

Candy Social Widget was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Candy Social Widget's security score?

Candy Social Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Candy Social Widget Security & Risk Analysis

wordpress.org/plugins/candy-social-widget

Social Widget plugin for displaying links to your social media in any widget area. Created by WPExplorer, this plugin allows you to add colorful icons …

200 active installs v3.1 PHP 5.3+ WP 4.6+ Updated Mar 10, 2026

socialsocial-mediasocial-networkingsocial-widgetwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Candy Social Widget Safe to Use in 2026?

Generally Safe

Score 100/100

Candy Social Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago

Risk Assessment

The candy-social-widget plugin v3.1 exhibits a generally strong security posture based on the provided static analysis. There are no identified vulnerabilities in its history and the code analysis reveals no critical issues. The absence of direct SQL queries outside of prepared statements, a high percentage of properly escaped output, and no observed critical or high severity taint flows are positive indicators. The limited attack surface and lack of external HTTP requests further contribute to this favorable assessment.

However, there are a few areas that warrant attention. The complete absence of nonce checks across all entry points is a significant concern, as it leaves the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks if any of its functionalities were to be triggered by an attacker. Additionally, the presence of file operations, even if not explicitly flagged as malicious, could potentially be an avenue for exploitation if not handled with extreme care and robust validation. While the vulnerability history is clean, this does not guarantee future security and vigilance is always recommended.

Overall, the plugin appears to be well-coded with a focus on secure practices, particularly regarding SQL injection. The primary weakness lies in the missing nonce protection for its entry points. This should be addressed to mitigate potential CSRF risks.

Key Concerns

Missing nonce checks on entry points
File operations present without specific validation context

Vulnerabilities

None known

Candy Social Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Candy Social Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

72 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

84% escaped86 total outputs

Attack Surface

Candy Social Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionwp_enqueue_scriptscandy-social-widget.php:88

actionadmin_print_scripts-widgets.phpcandy-social-widget.php:90

actionwidgets_initcandy-social-widget.php:488

Maintenance & Trust

Candy Social Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version5.3

Downloads20K

Community Trust

Rating100/100

Number of ratings2

Active installs200

Alternatives

Candy Social Widget Alternatives

Socials Ignited

socials-ignited

100

The Socials Ignited plugin gives you a widget, allowing you to display and link icons on your website of more than 50 social networks.

2K No CVEs

Lightweight Social Icons

lightweight-social-icons

Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.

30K No CVEs

Fuse Social Floating Sidebar

fuse-social-floating-sidebar

This plugin allows you to add social media floating sidebar icons connected with your social media profiles.

10K 2 CVEs

WP Social Widget

wp-social-widget

A widget to add links of social networking sites.

4K 1 unpatched

Easy Share Solution For WordPress

easy-share-solution

100

A powerful, easy-to-use WordPress social sharing plugin with modern share buttons, built-in analytics, and smooth dashboard integration.

1K No CVEs

Developer Profile

Candy Social Widget Developer Profile

AJ Clarke

1 plugin · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Candy Social Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/candy-social-widget/assets/css/candy-social-widget.css

Script Paths

/wp-content/plugins/candy-social-widget/assets/js/candy-social-widget.js

Version Parameters

candy-social-widget/assets/css/candy-social-widget.css?ver=candy-social-widget/assets/js/candy-social-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

candy_social_widgetcandy_social_widget_ulcsw-desccsw-shape-roundedcsw-shape-roundcsw-shape-squarecsw-facebookcsw-twitter+28 more

Data Attributes

data-iddata-sitedata-url

FAQ