Does Social LikeBox & Feed have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Social LikeBox & Feed compatible with WordPress 6.9.4?

According to WordPress.org data, Social LikeBox & Feed 3.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Social LikeBox & Feed updated?

Social LikeBox & Feed was last updated on Feb 23, 2026. Frequent updates are generally a positive security signal.

What is Social LikeBox & Feed's security score?

Social LikeBox & Feed has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Social LikeBox & Feed Security & Risk Analysis

wordpress.org/plugins/facebook-by-weblizar

Display your FaceBook Feed and Like box on your website with this outstanding plugin. It is completely customizable, responsive and the code is search …

10K active installs v3.2.0 PHP + WP + Updated Feb 23, 2026

post-sliderpost-widgetrecent-postsrelated-postsresponsive-slider

A · Safe

CVEs total1

Unpatched0

Last CVEAug 10, 2019

Plugin page Download

Safety Verdict

Is Social LikeBox & Feed Safe to Use in 2026?

Generally Safe

Score 99/100

Social LikeBox & Feed has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 10, 2019Updated 2mo ago

Risk Assessment

The "facebook-by-weblizar" v3.2.0 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices in several key areas. All SQL queries are prepared, all output is properly escaped, and there are no observed file operations or dangerous functions beyond the `unserialize` function, which is a common area of concern. The plugin also demonstrates a proactive approach to security by including nonce checks for its entry points. However, there are notable weaknesses. The presence of the `unserialize` function, even if not immediately evident as a vulnerability in the taint analysis, represents a potential attack vector if user-supplied data is ever passed to it without proper sanitization. While the current taint analysis shows no critical or high severity unsanitized flows, the potential for such flows exists with `unserialize`. The vulnerability history indicates a past high-severity vulnerability, specifically CSRF, which, although patched, highlights that the plugin has had exploitable flaws in the past. The absence of capability checks on its entry points is also a significant concern, as it suggests that any authenticated user, regardless of their role, could potentially interact with these points.

Key Concerns

Dangerous function unserialize found
No capability checks on entry points
Past high severity vulnerability (CSRF)

Vulnerabilities

1 published

Social LikeBox & Feed Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2019-15781high · 8.8Cross-Site Request Forgery (CSRF)

Social LikeBox & Feed <= 2.8.4 - Cross-Site Request Forgery to Cross-Site Scripting

Aug 10, 2019 Patched in 2.8.5 (1627d)

Version History

Social LikeBox & Feed Release Timeline

v3.2.0Current

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

Code Analysis

Analyzed Mar 16, 2026

Social LikeBox & Feed Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

741 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$FacebookSettings = unserialize(get_option("weblizar_facebook_shortcode_settings"));function\facebook-by-weblizar-data.php:24

unserialize$FacebookSettings = unserialize(get_option("weblizar_facebook_shortcode_settings"));function\facebook-by-weblizar-short-code.php:11

unserialize$facebook_feed_fetch = unserialize(get_option("weblizar_facebook_feed_option_settings"));function\facebook-feed-shortcode-data.php:2

unserialize$facebook_feed_fetch = unserialize(get_option('weblizar_facebook_feed_option_settings'));function\facebook-feed.php:22

Output Escaping

100% escaped744 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

<facebook-feed-shortcode-data> (function\facebook-feed-shortcode-data.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Social LikeBox & Feed Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[FBW] function\facebook-by-weblizar-short-code.php:7

[facebook_feed] function\facebook-feed-shortcode.php:2

WordPress Hooks 6

actionplugins_loadedfacebook-by-weblizar.php:20

actionadmin_menufacebook-by-weblizar.php:27

actionwp_enqueue_scriptsfacebook-by-weblizar.php:67

actionwidgets_initfunction\facebook-by-weblizar-widgets.php:7

actionplugins_loadedfunction\facebook-by-weblizar-widgets.php:17

actionwidgets_initfunction\facebook-feed-widget.php:393

Maintenance & Trust

Social LikeBox & Feed Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version

Downloads1.1M

Community Trust

Rating66/100

Number of ratings47

Active installs10K

Alternatives

Social LikeBox & Feed Alternatives

Recent Related Post And Page

recent-related-post-and-page

100

Show Recent Related Posts Pages Using Widget & Shortcode

20 No CVEs

Post Slider

horizontal-post-slider

Post slider is a responsive carousel to slide recent posts with category selection and no.of posts. You can use the post slider in unlimited websites …

20 No CVEs

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K 14 CVEs

WP Latest Posts

wp-latest-posts

Load your content from posts, page, tags or custom post type and display it anywhere in WordPress including in Gutenberg editor

10K 2 CVEs

Blog Designer – Post and Widget

blog-designer-for-post-and-widget

100

Display Post on your website with 2 designs(Grid and Slider) with 1 widget. Also work with Gutenberg shortcode block.

5K 1 CVE

Developer Profile

Social LikeBox & Feed Developer Profile

Weblizar - WordPress Themes & Plugin

26 plugins · 56K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

952 days

View full developer profile

Detection Fingerprints

How We Detect Social LikeBox & Feed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/facebook-by-weblizar/css/bootstrap.min.css/wp-content/plugins/facebook-by-weblizar/css/custom-box-slider.css/wp-content/plugins/facebook-by-weblizar/css/facebook-feed-shortcode.css/wp-content/plugins/facebook-by-weblizar/css/font-awesome.min.css/wp-content/plugins/facebook-by-weblizar/css/weblizar-option-style.css/wp-content/plugins/facebook-by-weblizar/js/bootstrap.min.js/wp-content/plugins/facebook-by-weblizar/js/option-js.js/wp-content/plugins/facebook-by-weblizar/js/popper.min.js

Script Paths

//connect.facebook.net//wp-content/plugins/facebook-by-weblizar/js/bootstrap.min.js/wp-content/plugins/facebook-by-weblizar/js/option-js.js/wp-content/plugins/facebook-by-weblizar/js/popper.min.js

HTML / DOM Fingerprints

CSS Classes

fb-like-boxwp-weblizar_fb-pluginweblizar_fb-main-bannerweblizar_fb-main-banner-img

Data Attributes

data-force-walldata-hrefdata-heightdata-show-borderdata-show-facesdata-stream+1 more

JS Globals

facebook-jssdk

Shortcode Output

[facebook_feed][FBW]

FAQ