WP-Safety

Scriptless Social Sharing Security & Risk Analysis

wordpress.org/plugins/scriptless-social-sharing

This plugin adds super simple social sharing buttons to your content.

10K active installs v3.3.1 PHP 7.4+ WP 6.2+ Updated Jul 19, 2025
sharing-buttonssocial-networkssocial-sharing
98
A · Safe
CVEs total2
Unpatched0
Last CVEApr 16, 2025
Plugin page Download
Safety Verdict

Is Scriptless Social Sharing Safe to Use in 2026?

Generally Safe

Score 98/100

Scriptless Social Sharing has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 16, 2025Updated 8mo ago
Risk Assessment

The scriptless-social-sharing plugin, version 3.3.1, exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers and REST API routes without authentication checks, coupled with 100% proper output escaping and the use of prepared statements for all SQL queries, are significant strengths. Furthermore, the presence of nonce and capability checks on its limited entry points (one shortcode) indicates thoughtful implementation regarding access control.

However, the plugin's vulnerability history is a notable concern. With two known medium-severity CVEs, both related to Cross-Site Scripting (XSS), this pattern suggests recurring weaknesses in how user-supplied data is handled. While there are currently no unpatched vulnerabilities, the historical trend of XSS issues warrants caution, as similar vulnerabilities could reappear if not addressed comprehensively. The file operations present a potential, albeit small, attack vector if not managed securely. The total lack of taint analysis results is also unusual and might indicate limitations in the analysis performed rather than a complete absence of risk.

In conclusion, while the current version of scriptless-social-sharing appears to implement many security best practices, its past vulnerability record, particularly concerning XSS, necessitates careful monitoring and a proactive approach to security. The limited attack surface and good sanitization practices are positive, but the historical context of XSS should not be overlooked.

Key Concerns

  • Two medium severity CVEs historically
  • Historical XSS vulnerability type
  • One file operation detected
  • Zero taint flows analyzed
Vulnerabilities
2

Scriptless Social Sharing Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-39529medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Scriptless Social Sharing <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2025 Patched in 3.3.1 (97d)
CVE-2023-0377medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options

Feb 9, 2023 Patched in 3.2.2 (348d)
Code Analysis
Analyzed Mar 16, 2026

Scriptless Social Sharing Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
97 escaped
Nonce Checks
3
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped97 total outputs
Attack Surface

Scriptless Social Sharing Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[scriptless] includes\class-scriptlesssocialsharing.php:92
WordPress Hooks 26
filterscriptlesssocialsharing_networksincludes\class-scriptlesssocialsharing-button-maker.php:55
filterscriptlesssocialsharing_svg_iconsincludes\class-scriptlesssocialsharing-button-maker.php:59
filterscriptlesssocialsharing_link_targetincludes\class-scriptlesssocialsharing-button-maker.php:62
actioninitincludes\class-scriptlesssocialsharing-button-maker.php:166
actionadmin_menuincludes\class-scriptlesssocialsharing.php:79
actioninitincludes\class-scriptlesssocialsharing.php:81
actionadd_meta_boxesincludes\class-scriptlesssocialsharing.php:84
actionsave_postincludes\class-scriptlesssocialsharing.php:85
actionadmin_enqueue_scriptsincludes\class-scriptlesssocialsharing.php:86
filterkses_allowed_protocolsincludes\class-scriptlesssocialsharing.php:89
actionwp_enqueue_scriptsincludes\class-scriptlesssocialsharing.php:90
actionloop_startincludes\class-scriptlesssocialsharing.php:91
actioninitincludes\class-scriptlesssocialsharing.php:93
filterthe_contentincludes\class-scriptlesssocialsharing.php:94
filterwp_kses_allowed_htmlincludes\class-scriptlesssocialsharing.php:95
filterscriptlesssocialsharing_get_settingincludes\class-scriptlesssocialsharing.php:98
filterscriptlesssocialsharing_get_buttonsincludes\class-scriptlesssocialsharing.php:99
actionenqueue_block_editor_assetsincludes\class-scriptlesssocialsharing.php:155
actionenqueue_block_editor_assetsincludes\output\class-scriptlesssocialsharing-output-block.php:40
filterwp_kses_allowed_htmlincludes\output\class-scriptlesssocialsharing-output-svg.php:28
actionwp_footerincludes\output\class-scriptlesssocialsharing-output-svg.php:61
actionadmin_footer-post.phpincludes\output\class-scriptlesssocialsharing-output-svg.php:62
filterscriptlesssocialsharing_pinterest_dataincludes\output\class-scriptlesssocialsharing-output.php:300
actionadmin_initincludes\settings\class-scriptlesssocialsharing-settings.php:36
actionadmin_noticesincludes\settings\class-scriptlesssocialsharing-settings.php:49
actionadmin_enqueue_scriptsincludes\settings\class-scriptlesssocialsharing-settings.php:50
Maintenance & Trust

Scriptless Social Sharing Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 19, 2025
PHP min version7.4
Downloads196K

Community Trust

Rating100/100
Number of ratings68
Active installs10K
Alternatives

Scriptless Social Sharing Alternatives

Social Sharing Plugin – Social Warfare

Social Sharing Plugin – Social Warfare

social-warfare

B
84

The most beautiful, responsive, lightning fast social share buttons built to boost shares and drive more traffic without slowing down your site.

20K 8 CVEs
Social Sharing Buttons

Social Sharing Buttons

social-sharing-buttons

A
100

Social Share Buttons – Customize style, size, color and location of social sharing icons. 10+ Social Accounts. Light and Fast loading. Responsive.

200 No CVEs
Social Sharing Buttons by ThemesMatic

Social Sharing Buttons by ThemesMatic

social-sharing-themesmatic

A
85

Plugin Documentation: https://www.themesmatic.com/documentation/social-sharing-buttons

100 No CVEs
SGS Social Sharing Buttons

SGS Social Sharing Buttons

sgs-social-sharing-buttons

A
92

SGS Social Sharing Buttons is a lightweight plugin that adds fixed social media sharing buttons to your WordPress site.

20 No CVEs
Super Share

Super Share

super-share

A
85

Super Share wordpress social plugin by MasterBlogster shows the social sharing buttons in a popup box only when reader reaches the end of the article.

10 No CVEs
Developer Profile

Scriptless Social Sharing Developer Profile

Robin Cornett

4 plugins · 17K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
223 days
View full developer profile
Detection Fingerprints

How We Detect Scriptless Social Sharing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scriptless-social-sharing/css/scriptlesssocialsharing-style.css/wp-content/plugins/scriptless-social-sharing/css/scriptlesssocialsharing-fontawesome.css
Version Parameters
scriptless-social-sharing/css/scriptlesssocialsharing-style.css?ver=scriptlesssocialsharing-fa-icons?ver=

HTML / DOM Fingerprints

CSS Classes
scriptlesssocialsharing-buttonssss-namebuttonscriptlesssocialsharing__buttons
Data Attributes
data-buttondata-iddata-labeldata-share-urldata-titledata-description+1 more
JS Globals
scriptless_social_sharing_params
Shortcode Output
[scriptless_social_sharing]
FAQ

Frequently Asked Questions about Scriptless Social Sharing