Recommend to a friend Security & Risk Analysis
wordpress.org/plugins/recommend-a-friendPlugin that add a share to friends jQuery Lightbox to your pages or posts. Users will be able to share your content using 2 ways :
Is Recommend to a friend Safe to Use in 2026?
Use With Caution
Score 64/100Recommend to a friend has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "recommend-a-friend" plugin version 2.2.2 exhibits a mixed security posture. While it demonstrates good practices such as 100% SQL query sanitization using prepared statements and a single nonce check, significant concerns arise from other areas. The presence of the dangerous `create_function` function is a notable red flag, as it can be exploited for remote code execution if improperly handled. Furthermore, a substantial portion (64%) of output escaping is not properly implemented, posing a risk of Cross-Site Scripting (XSS) vulnerabilities, which is consistent with its vulnerability history. The plugin's attack surface is small with only one entry point (a shortcode), and this entry point appears to be unprotected from an authorization perspective, though the static analysis doesn't reveal direct issues in this specific version's code beyond the `create_function` usage. The vulnerability history highlights a past medium-severity XSS vulnerability from 2013, and the fact that it remains unpatched for that specific CVE is a critical concern.
Key Concerns
- Unpatched CVE (medium severity)
- High percentage of unescaped output
- Dangerous function used (create_function)
- Shortcode entry point without capability check
Recommend to a friend Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Recommend to a friend <= 2.2.2 - Cross-Site Scripting
Recommend to a friend Code Analysis
Dangerous Functions Found
Output Escaping
Recommend to a friend Attack Surface
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
Recommend to a friend Maintenance & Trust
Maintenance Signals
Community Trust
Recommend to a friend Alternatives
Profile Box Shortcode And Widget
facebook-likebox-widget-and-shortcode
A very easy and simple Facebook like box shortcode and widget plugin with mini profile, like Button, Share Button plugin For WordPress
Sharedaddy
sharedaddy
Future upgrades to Sharedaddy plugin will only be available in Jetpack.
Recommend by mail widget
recommend-by-mail-widget
Recommend the site or the current page to a friend by mail.
Simple Social Bar
simple-social-bar
A simple, easy to use, easy to configure social share bar that follows you down the page for sharing your posts.
Social Icons Widget & Block – Social Media Icons & Share Buttons
social-icons-widget-by-wpzoom
Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.
Recommend to a friend Developer Profile
4 plugins · 1K total installs
How We Detect Recommend to a friend
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/recommend-a-friend/css/raf-admin-styles.css/wp-content/plugins/recommend-a-friend/js/raf_admin.js/wp-content/plugins/recommend-a-friend/js/fancybox/jquery.fancybox-1.3.4.pack.js/wp-content/plugins/recommend-a-friend/js/fancybox/jquery.fancybox-1.3.4.css/wp-content/plugins/recommend-a-friend/css/raf-styles.css/wp-content/plugins/recommend-a-friend/js/raf_script.js/wp-content/plugins/recommend-a-friend/js/raf_admin.js/wp-content/plugins/recommend-a-friend/js/fancybox/jquery.fancybox-1.3.4.pack.js/wp-content/plugins/recommend-a-friend/js/raf_script.jsrecommend-a-friend/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3recommend-a-friend/js/raf_script.js?ver=1.0recommend-a-friend/js/fancybox/jquery.fancybox-1.3.4.css?ver=1.3.4recommend-a-friend/css/raf-styles.css?ver=1.0HTML / DOM Fingerprints
RAF_URL