Share+ by Grouptivity Security & Risk Analysis
wordpress.org/plugins/grouptivityNot just another sharing plugin. Share+ gives readers a simple way to save, share and discover your top content with friends, family and co-workers.
Is Share+ by Grouptivity Safe to Use in 2026?
Generally Safe
Score 85/100Share+ by Grouptivity has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "grouptivity" plugin v2.1.0 exhibits a generally strong security posture in several key areas. The absence of known CVEs and vulnerabilities historically, along with the fact that all SQL queries utilize prepared statements, are positive indicators. Furthermore, the plugin has no reported external HTTP requests, file operations, or bundled libraries, which reduces the potential for certain types of attacks.
However, there are significant concerns stemming from the static analysis. The "attack surface" is reported as zero, but this is contradicted by the taint analysis which found a flow with an "unsanitized path." This suggests that while direct entry points like AJAX handlers or REST API routes might be absent or protected, there's still a mechanism for potentially insecure data handling. The most prominent concern is the low percentage of properly escaped output (9%). This leaves the plugin highly susceptible to Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the site through user-generated content or plugin outputs.
While the plugin has no recorded vulnerability history, this cannot be solely relied upon as an indicator of absolute security, especially given the identified output escaping issues. The lack of nonces and capability checks on any detected entry points (even if they are zero in count currently) is also a weakness. In conclusion, "grouptivity" v2.1.0 has strengths in its lack of historical vulnerabilities and secure SQL practices, but the significant risk of XSS due to poor output escaping and the presence of an unsanitized path in the taint analysis necessitate caution and further investigation.
Key Concerns
- Low output escaping percentage (9%)
- Taint flow with unsanitized path
- Zero capability checks
- Zero nonce checks
Share+ by Grouptivity Security Vulnerabilities
Share+ by Grouptivity Code Analysis
Output Escaping
Data Flow Analysis
Share+ by Grouptivity Attack Surface
WordPress Hooks 7
Maintenance & Trust
Share+ by Grouptivity Maintenance & Trust
Maintenance Signals
Community Trust
Share+ by Grouptivity Alternatives
Shortlinks for Jetpack sharing buttons
jetpack-shortlinks-for-sharing-buttons
Use shortlinks instead of permalinks in Jetpack sharing buttons
rtSocial
rtsocial
This plugin uses non-blocking JavaScript to display social media sharing counters on posts/pages
Simple Social Sharing by Kelp
simple-social-sharing-kelp
A social sharing plugin that's accessible, performant, and looks good.
Social Icons Widget & Block – Social Media Icons & Share Buttons
social-icons-widget-by-wpzoom
Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.
Ocean Social Sharing
ocean-social-sharing
Website: https://oceanwp.org/ Support: https://oceanwp.org/support/ Documentation: https://docs.oceanwp.org/ Extensions: https://oceanwp.
Share+ by Grouptivity Developer Profile
1 plugin · 10 total installs
How We Detect Share+ by Grouptivity
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/grouptivity/shareplus.php/wp-content/plugins/grouptivity/shareplus_options.phpHTML / DOM Fingerprints
grouptivity-newsItemListgrouptivity-newsItemgrouptivity-newsItemAWidget goes hereid="gtvtMostShared"gtvt_most_shared