WP-Safety

Html Social share buttons Security & Risk Analysis

wordpress.org/plugins/html-social-share-buttons

Are you searching for a lightweight sharing plugin? You are in right place. This plugin does not use JavaScript.

80 active installs v2.2.2 PHP 7.0+ WP 5.0+ Updated Jan 14, 2026
fastlightweightno-javascriptprivacy-friendlysocial-share
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is Html Social share buttons Safe to Use in 2026?

Generally Safe

Score 99/100

Html Social share buttons has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 5, 2025Updated 2mo ago
Risk Assessment

The plugin 'html-social-share-buttons' v2.2.2 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped outputs, there are significant areas of concern. A notable weakness is the presence of unprotected AJAX handlers, which represent a direct attack vector for malicious input. The taint analysis revealed flows with unsanitized paths, indicating potential vulnerabilities if these paths are exposed to user-controlled input, although no critical or high severity issues were identified here. The vulnerability history shows one past medium-severity Cross-Site Scripting (XSS) vulnerability. Although currently patched, this pattern suggests a propensity for input sanitization issues.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Past medium severity XSS vulnerability
Vulnerabilities
1

Html Social share buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-9849medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2025 Patched in 2.2.0 (4d)
Code Analysis
Analyzed Mar 16, 2026

Html Social share buttons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
61 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

75% escaped81 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wp_ajax_get_iconset (iconsets.php:95)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Html Social share buttons Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_get_iconseticonsets.php:28
authwp_ajax_get_iconset_previewiconsets.php:29
authwp_ajax_get_iconset_detailsiconsets.php:185

Shortcodes 1

[zm_sh_btn] shortcode.php:5
WordPress Hooks 17
filterzm_sh_placeholderfilters.php:7
filterzm_sh_ico_linkfilters.php:8
actioninithtml-social-share.php:81
actionwp_footerhtml-social-share.php:135
actionplugins_loadedhtml-social-share.php:141
filterthe_contenthtml-social-share.php:144
actionwphtml-social-share.php:146
actionload-post.phpmetabox.php:11
actionload-post-new.phpmetabox.php:12
actionadd_meta_boxesmetabox.php:24
actionsave_postmetabox.php:25
actioninitsettings_page.php:3
actionadmin_menusettings_page.php:24
actionadmin_initsettings_page.php:26
actionadmin_enqueue_scriptssettings_page.php:28
actionvc_before_initvc-integration.php:3
actionwidgets_initwidget.php:6
Maintenance & Trust

Html Social share buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version7.0
Downloads28K

Community Trust

Rating94/100
Number of ratings15
Active installs80
Alternatives

Html Social share buttons Alternatives

Lightweight Contact Form

Lightweight Contact Form

lightweight-contact-form

A
85

The most lightweight Contact Form plugin for WordPress. No CSS files, no overhead, no SPAM. The goal is fastest page speed.

100 No CVEs
Genesis Optimized Social Share

Genesis Optimized Social Share

genesis-optimized-social-share

A
85

Genesis Optimized Social Share loads Popular Social Share Counters without affecting your page Loading Time & PageSpeed Score.

70 No CVEs
Raw HTML Modal Window

Raw HTML Modal Window

raw-html-modal-window

A
85

This plugin is intended for folks who prefer to use HTML/CSS for ultimate control of the layout for a pop-up window. It uses minimum sys resources

0 No CVEs
Instant Indexing for Google

Instant Indexing for Google

fast-indexing-api

A
100

A very efficient yet simple plugin to take care of your indexing woos and helps get your content crawled by search bots instantly.

200K No CVEs
User Switching

User Switching

user-switching

A
100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs
Developer Profile

Html Social share buttons Developer Profile

Alimuzzaman Alim

1 plugin · 80 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect Html Social share buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/html-social-share-buttons/iconset/default/style.css

HTML / DOM Fingerprints

CSS Classes
zmshbt
Data Attributes
data-titledata-urldata-descriptiondata-image
JS Globals
zm_sh
FAQ

Frequently Asked Questions about Html Social share buttons