WP-Safety

Don Social Widget Security & Risk Analysis

wordpress.org/plugins/don-social-widget

Just another social widget plugin, put it in your sidebars and footer. Simple and flat.

10 active installs v0.1.2 PHP + WP 4.6+ Updated Oct 22, 2016
footericonssidebarsocialwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Don Social Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Don Social Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin "don-social-widget" v0.1.2 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no direct SQL queries (all use prepared statements), no file operations, and no external HTTP requests. The absence of known CVEs and historical vulnerabilities is also a strong indicator of good security practices in the past. The attack surface is reported as zero, meaning no directly identifiable entry points like AJAX handlers, REST API routes, shortcodes, or cron events were found.

However, significant concerns arise from the output escaping and the lack of nonces and capability checks. With only 26% of output properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This means user-supplied or dynamically generated data displayed in the frontend might not be properly sanitized, allowing attackers to inject malicious scripts. The complete absence of nonce checks and capability checks is also a major red flag. While no direct entry points were identified, if any were inadvertently created or if the plugin relies on other WordPress mechanisms for input, the lack of these fundamental security measures leaves it vulnerable to various attacks, including CSRF and unauthorized actions.

In conclusion, while the plugin demonstrates strengths in avoiding common pitfalls like direct SQL injection and dangerous function usage, the severe deficiency in output escaping and the complete lack of nonces and capability checks represent critical weaknesses. The current reporting suggests a very limited attack surface, but the identified weaknesses in output handling could still lead to significant vulnerabilities if any form of user input or dynamic content is ever processed and displayed. It is strongly recommended that the output escaping be addressed immediately, and the implementation of nonce and capability checks be considered, especially if the plugin's functionality might evolve to include user interactions or data handling.

Key Concerns

  • Insufficient output escaping
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Don Social Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Don Social Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
29
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

26% escaped39 total outputs
Attack Surface

Don Social Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionplugins_loadeddon-social-widget.php:33
actionwidgets_initdon-social-widget.php:195
actionadmin_menudsw_settings.php:41
actionadmin_initdsw_settings.php:44
actionadmin_enqueue_scriptsdsw_settings.php:50
Maintenance & Trust

Don Social Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedOct 22, 2016
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Don Social Widget Alternatives

Fuse Social Floating Sidebar

Fuse Social Floating Sidebar

fuse-social-floating-sidebar

A
99

This plugin allows you to add social media floating sidebar icons connected with your social media profiles.

10K 2 CVEs
Social Media Icon Widget

Social Media Icon Widget

new-social-media-widget

A
100

Add social media icon links to your sidebar with customizable styles, colors, hover effects, and animations.

4K No CVEs
Social Space

Social Space

social-space

A
85

A ridiculously simple plugin for showing your social network links using a simple widget so that people can connect with you more easily.

100 No CVEs
FloatySocial – Awesome Social Floating Sidebar

FloatySocial – Awesome Social Floating Sidebar

floatysocial-awesome-social-floating-sidebar

A
100

This plugin lets you add floating sidebar icons to your site that link directly to your social media profiles.

80 No CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Developer Profile

Don Social Widget Developer Profile

Rodrigo Donini

2 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Don Social Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/don-social-widget/admin/css/dsw-admin-style.css/wp-content/plugins/don-social-widget/admin/js/dsw-admin-script.js
Script Paths
/wp-content/plugins/don-social-widget/admin/js/dsw-admin-script.js

HTML / DOM Fingerprints

CSS Classes
dsw-item-rowdsw-widget-front-itemdsw-listdsw-fielsetdsw-social-item-dsw-itemdsw-btn-removedsw-field-text+4 more
Data Attributes
data-network
JS Globals
window.dswAdmin
FAQ

Frequently Asked Questions about Don Social Widget