Does Easy Social Icons have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Social Icons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Social Icons compatible with WordPress 6.8.5?

According to WordPress.org data, Easy Social Icons 4.0.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Easy Social Icons updated?

Easy Social Icons was last updated on Nov 9, 2025. Frequent updates are generally a positive security signal.

What is Easy Social Icons's security score?

Easy Social Icons has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Social Icons Security & Risk Analysis

wordpress.org/plugins/easy-social-icons

Upload your own social media icons or choose from font-awesome. Use widget|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.

20K active installs v4.0.2 PHP + WP 3.5+ Updated Nov 9, 2025

easy-social-iconeasy-social-iconsfollow-ussocial-iconssocial-share

A · Safe

CVEs total12

Unpatched0

Last CVENov 23, 2023

Plugin page Download

Safety Verdict

Is Easy Social Icons Safe to Use in 2026?

Generally Safe

Score 96/100

Easy Social Icons has a strong security track record. Known vulnerabilities have been patched promptly.

12 known CVEsLast CVE: Nov 23, 2023Updated 4mo ago

Risk Assessment

The security posture of easy-social-icons v4.0.2 presents a mixed bag of good practices and significant concerns. While the plugin demonstrates some strengths, such as a relatively contained attack surface with no explicitly unprotected entry points in the static analysis and a decent percentage of SQL queries using prepared statements, the overall picture is marred by a concerning vulnerability history. The presence of 12 known CVEs, including a substantial number of high and medium severity vulnerabilities in the past, suggests a pattern of recurring security weaknesses. Furthermore, the static analysis reveals a flow with an unsanitized path and a high-severity taint flow, which are immediate red flags indicating potential for exploitation.

Key Concerns

High severity taint flow detected
Flow with unsanitized path detected
50% of SQL queries not using prepared statements
33% of output not properly escaped
12 total known CVEs in history
3 high severity historical CVEs
9 medium severity historical CVEs

Vulnerabilities

Easy Social Icons Security Vulnerabilities

CVEs by Year

2 CVEs in 2015

2015

3 CVEs in 2021

2021

5 CVEs in 2022

2022

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

12 total CVEs

CVE-2023-48336medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Nov 23, 2023 Patched in 3.2.5 (61d)

CVE-2023-33998medium · 4.3Missing Authorization

Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order

Nov 7, 2023 Patched in 3.2.5 (77d)

WF-7dfa84ed-0edf-4a75-8ec3-986c3880353c-easy-social-iconsmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.1.4 - Admin+ Cross-Site Scripting

Apr 11, 2022 Patched in 3.2.0 (652d)

WF-cc4f2fd3-ed6b-4fe4-b300-02b1b35ebb7b-easy-social-iconshigh · 7.3Missing Authorization

Easy Social Icons <= 3.2.0 - Authenticated (Admin+) Cross-Site Scripting and Missing Authorization Checks

Apr 11, 2022 Patched in 3.2.1 (652d)

WF-cca16945-f230-4d0d-9f40-eabd5bf42e30-easy-social-iconsmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.2.2 - Admin+ Cross-Site Scripting

Apr 11, 2022 Patched in 3.2.3 (652d)

CVE-2022-0840medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.2.0 - Admin+ Stored Cross-Site Scripting

Mar 21, 2022 Patched in 3.2.1 (673d)

CVE-2022-0887medium · 5.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Easy Social Icons <= 3.1.3 - Admin+ SQL Injection

Mar 8, 2022 Patched in 3.1.4 (686d)

WF-86c3ef76-d4d0-4106-850f-88e9ea176979-easy-social-iconsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.1.2 - Reflected Cross-Site Scripting

Sep 2, 2021 Patched in 3.1.3 (873d)

WF-1f38aca5-0d69-421e-a3f2-d12cd593a88a-easy-social-iconsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.0.9 - Reflected Cross-Site Scripting

Sep 1, 2021 Patched in 3.1.0 (874d)

CVE-2021-39322medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Icons <= 3.0.8 – Reflected Cross-Site Scripting

Sep 1, 2021 Patched in 3.0.9 (874d)

WF-feab189a-bd89-461d-b553-f137b8032e94-easy-social-iconshigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Easy Social Icons <= 1.2.3.1 - SQL Injection

Jul 22, 2015 Patched in 1.2.4 (3107d)

CVE-2015-2084high · 8.8Cross-Site Request Forgery (CSRF)

Easy Social Icons <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Feb 19, 2015 Patched in 1.2.3 (3260d)

Code Analysis

Analyzed Mar 16, 2026

Easy Social Icons Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

184 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared12 total queries

Output Escaping

67% escaped274 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

cnss_social_icon_option_fn (easy-social-icons.php:493)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Easy Social Icons Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_update-social-icon-ordereasy-social-icons.php:169

Shortcodes 1

[cn-social-icon] easy-social-icons.php:181

WordPress Hooks 13

actionadmin_post_cnss_rollback_plugineasy-social-icons.php:102

actionadmin_noticeseasy-social-icons.php:151

actioniniteasy-social-icons.php:166

actioniniteasy-social-icons.php:167

actionadmin_initeasy-social-icons.php:168

actionadmin_menueasy-social-icons.php:170

actionwp_headeasy-social-icons.php:171

actionadmin_enqueue_scriptseasy-social-icons.php:172

actionadmin_enqueue_scriptseasy-social-icons.php:175

filterupload_mimeseasy-social-icons.php:207

actionadmin_initeasy-social-icons.php:457

actionwidgets_initeasy-social-icons.php:2104

actionwidgets_initeasy-social-icons.php:2108

Maintenance & Trust

Easy Social Icons Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 9, 2025

PHP min version

Downloads1.4M

Community Trust

Rating88/100

Number of ratings84

Active installs20K

Alternatives

Easy Social Icons Alternatives

Social Share Buttons

share-button

Our Share Button addon to MaxButtons and MaxButtons Pro plugins gets you up and sharing within minutes. It's easy to setup and offers flexibility …

1K 1 CVE

Social Icons Sticky

share-social-media

100

Add social sharing icons to a post or page of your WordPress website and allow visitors to share your content on various social media sites.

1K No CVEs

Advanced Social icons

advance-social-icons

100

Advanced social icons help you quickly add icons with links to your profile on different social media platforms.

100 No CVEs

Super Simple Social Share Icons

super-simple-social-share-icons

100

A lightweight and powerful solution for adding beautiful social sharing buttons to your WordPress site.

60 No CVEs

DP Easy Social Share

dp-easy-social-share

100

A lightweight, customizable social sharing plugin for WordPress that adds social icons to your posts, pages and custom post types.

40 No CVEs

Developer Profile

Easy Social Icons Developer Profile

CyberNetikz

5 plugins · 31K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

967 days

View full developer profile

Detection Fingerprints

How We Detect Easy Social Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-social-icons/assets/css/cnss-font.css/wp-content/plugins/easy-social-icons/assets/css/cnss.css/wp-content/plugins/easy-social-icons/assets/css/cnss-style.css/wp-content/plugins/easy-social-icons/assets/js/cnss.js/wp-content/plugins/easy-social-icons/assets/js/cnss-custom.js/wp-content/plugins/easy-social-icons/assets/js/backend/cnss-backend.js/wp-content/plugins/easy-social-icons/assets/js/frontend/cnss-frontend.js

Script Paths

/wp-content/plugins/easy-social-icons/assets/js/cnss.js/wp-content/plugins/easy-social-icons/assets/js/cnss-custom.js/wp-content/plugins/easy-social-icons/assets/js/backend/cnss-backend.js/wp-content/plugins/easy-social-icons/assets/js/frontend/cnss-frontend.js

Version Parameters

easy-social-icons/assets/css/cnss-font.css?ver=easy-social-icons/assets/css/cnss.css?ver=easy-social-icons/assets/css/cnss-style.css?ver=easy-social-icons/assets/js/cnss.js?ver=easy-social-icons/assets/js/cnss-custom.js?ver=easy-social-icons/assets/js/backend/cnss-backend.js?ver=easy-social-icons/assets/js/frontend/cnss-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

cnss-social-icon-containercnss-social-iconcnss-social-icon-textcnss_admin_bannerpro-adspro-ads-feature

HTML Comments

Data Attributes

data-icon-iddata-icon-order

JS Globals

cnss_order_datacnss_admin_obj

Shortcode Output

[cn-social-icon]

FAQ