Does ProveSource Social Proof have any unpatched vulnerabilities?

No. All known vulnerabilities in ProveSource Social Proof have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ProveSource Social Proof compatible with WordPress 6.8.5?

According to WordPress.org data, ProveSource Social Proof 4.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ProveSource Social Proof compatible with PHP 5.2+?

ProveSource Social Proof requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ProveSource Social Proof updated?

ProveSource Social Proof was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is ProveSource Social Proof's security score?

ProveSource Social Proof has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ProveSource Social Proof Security & Risk Analysis

wordpress.org/plugins/provesource

ProveSource Social Proof increases conversions by up to 17%, boost trust with woocommerce sales notifications and reviews, increase your credibility!

2K active installs v4.0.1 PHP 5.2+ WP 3.0+ Updated Feb 16, 2026

fomosales-popupsocial-prooftestimonialswoocommerces-sales

A · Safe

CVEs total1

Unpatched0

Last CVEAug 21, 2025

Download

Safety Verdict

Is ProveSource Social Proof Safe to Use in 2026?

Generally Safe

Score 99/100

ProveSource Social Proof has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 21, 2025Updated 1mo ago

Risk Assessment

The "provesource" v4.0.1 plugin demonstrates a generally strong security posture based on the provided static analysis. All identified entry points, including AJAX handlers, are protected by authentication checks. The plugin also adheres to best practices by using prepared statements for all SQL queries and properly escaping all output. The absence of any identified dangerous functions, unsanitized taint flows, or file operations further contributes to its secure design.

However, the plugin's vulnerability history presents a significant concern. While there are no currently unpatched CVEs, the single known CVE identified was for "Exposure of Sensitive Information to an Unauthorized Actor," and it was only recently patched or discovered in 2025. This suggests a potential for vulnerabilities of a more serious nature to arise. The presence of external HTTP requests, while not inherently risky, could be a vector for exploitation if not handled with strict validation and sanitization, although no specific issues were flagged here.

In conclusion, "provesource" v4.0.1 excels in its secure coding practices, with robust input validation and output sanitization. The primary weakness lies in its past vulnerability, which points to a historical tendency for information exposure issues. While the current version appears safe from static analysis, the plugin developer should remain vigilant in code reviews and testing to prevent recurrences of sensitive data exposure.

Key Concerns

Past vulnerability: Exposure of Sensitive Information
External HTTP requests (potential vector)

Vulnerabilities

ProveSource Social Proof Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48355medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

ProveSource Social Proof <= 3.1.2 - Unauthenticated Sensitive Information Disclosure

Aug 21, 2025 Patched in 4.0.0 (71d)

Code Analysis

Analyzed Mar 16, 2026

ProveSource Social Proof Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped59 total outputs

Attack Surface

ProveSource Social Proof Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_provesrc_import_ordersprovesrc.php:61

authwp_ajax_provesrc_debug_logprovesrc.php:62

WordPress Hooks 13

actionbefore_woocommerce_initprovesrc.php:37

actionadmin_menuprovesrc.php:42

actionadmin_initprovesrc.php:43

actionadmin_noticesprovesrc.php:44

actionwp_headprovesrc.php:45

actionwoocommerce_new_orderprovesrc.php:48

actionwoocommerce_thankyouprovesrc.php:49

actionwoocommerce_checkout_create_orderprovesrc.php:50

actionwoocommerce_checkout_order_processedprovesrc.php:51

actionwoocommerce_order_status_pendingprovesrc.php:52

actionwoocommerce_order_status_processingprovesrc.php:53

actionwoocommerce_order_status_completedprovesrc.php:54

actionwoocommerce_payment_completeprovesrc.php:55

Maintenance & Trust

ProveSource Social Proof Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 16, 2026

PHP min version5.2

Downloads75K

Community Trust

Rating96/100

Number of ratings72

Active installs2K

Alternatives

ProveSource Social Proof Alternatives

WiserNotify – Social Proof & FOMO Notifications, WooCommerce Sales Popups, Reviews & Announcement Bar

wiser-notify

100

Boost trust & sales with WiserNotify! Show sign-ups, sales popups & reviews. Convert faster with Social proof & FOMO widgets.

1K 1 CVE

NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar

notificationx

Want to boost business trust & conversions? 97% of visitors hesitate to buy because of credibility. Instantly succeed with WooCommerce Sales Alert!

40K 8 CVEs

Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

testimonial-free

A Customizable Testimonial plugin to Automate Collecting, Filtering, and Publishing Customer Reviews. Testimonial Slider, Grid & More to Grow Sales

40K 3 CVEs

FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin

trustpulse-api

100

TrustPulse is a FOMO social proof plugin that leverages the power of social proof to instantly boost site conversions by up to 15%!

20K No CVEs

Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews

gs-testimonial

Showcase and automate customer reviews with ease - sliders, grids, filters, and more to boost trust and sales.

1K 6 CVEs

Developer Profile

ProveSource Social Proof Developer Profile

ProveSource LTD

1 plugin · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

71 days

View full developer profile

Detection Fingerprints

How We Detect ProveSource Social Proof

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/provesource/style.css/wp-content/plugins/provesource/assets/css/dashicons-provesrc.css

Version Parameters

provesource/style.css?ver=/assets/css/dashicons-provesrc.css?ver=

HTML / DOM Fingerprints

CSS Classes

dashicons-provesrc

HTML Comments

Start of Async ProveSource Code (Wordpress / Woocommerce v4.0.1)End of Async ProveSource Code

JS Globals

window.provesrcprovesrc.dqprovesrc.display

REST Endpoints

/wp-ajax-handler/provesrc_import_orders/wp-ajax-handler/provesrc_debug_log

FAQ