WP-Safety

Share on Pixelfed Security & Risk Analysis

wordpress.org/plugins/share-on-pixelfed

Automatically share WordPress (image) posts on Pixelfed.

70 active installs v0.9.0 PHP + WP + Updated Feb 7, 2026
adopt-mecrosspostfediversepixelfedshare
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Share on Pixelfed Safe to Use in 2026?

Generally Safe

Score 100/100

Share on Pixelfed has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'share-on-pixelfed' plugin version 0.9.0 exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent adherence to security best practices by employing prepared statements for all SQL queries, ensuring 100% proper output escaping, and implementing nonce and capability checks on all identified entry points. The absence of dangerous functions and critical/high severity taint flows further bolsters its security. The plugin also has no recorded vulnerability history, indicating a consistent track record of security.

However, a minor concern arises from the presence of external HTTP requests. While not inherently a vulnerability, such requests can introduce risks if not properly validated or if they communicate with untrusted endpoints, especially if any data is being transmitted unsanitized. The single file operation, without further context, is also a potential area to monitor, though it's unlikely to be a significant risk given the other strong security signals.

In conclusion, 'share-on-pixelfed' v0.9.0 appears to be a secure plugin with robust protections in place. The minimal potential risks associated with external HTTP requests and file operations are outweighed by the strong implementation of fundamental security controls and the clean vulnerability history.

Key Concerns

  • External HTTP requests present a potential attack vector
Vulnerabilities
None known

Share on Pixelfed Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Share on Pixelfed Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
0
39 escaped
Nonce Checks
6
Capability Checks
10
File Operations
1
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

100% escaped39 total outputs
Attack Surface

Share on Pixelfed Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_share_on_pixelfed_unlink_urlincludes\class-post-handler.php:42

REST API Routes 1

GET/wp-json/share-on-pixelfed/v1/urlincludes\class-block-editor.php:73
WordPress Hooks 18
actionenqueue_block_editor_assetsincludes\class-block-editor.php:20
actionrest_api_initincludes\class-block-editor.php:21
actionrest_api_initincludes\class-block-editor.php:22
filtermicropub_syndicate-toincludes\class-micropub-compat.php:19
actionmicropub_syndicationincludes\class-micropub-compat.php:20
actionadmin_menuincludes\class-options-handler.php:134
actionadmin_enqueue_scriptsincludes\class-options-handler.php:135
actionadmin_post_share_on_pixelfedincludes\class-options-handler.php:136
actionshare_on_pixelfed_refresh_tokenincludes\class-options-handler.php:138
actionshare_on_pixelfed_refresh_tokenincludes\class-options-handler.php:139
actionadmin_initincludes\class-options-handler.php:155
actionadd_meta_boxesincludes\class-post-handler.php:40
actionadmin_enqueue_scriptsincludes\class-post-handler.php:41
actionshare_on_pixelfed_postincludes\class-post-handler.php:52
filterredirect_post_locationincludes\class-post-handler.php:318
filterredirect_post_locationincludes\class-post-handler.php:325
actionplugins_loadedincludes\class-share-on-pixelfed.php:86
actioninitincludes\class-share-on-pixelfed.php:87

Scheduled Events 2

share_on_pixelfed_post
share_on_pixelfed_refresh_token
Maintenance & Trust

Share on Pixelfed Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 7, 2026
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs70
Alternatives

Share on Pixelfed Alternatives

Share on Mastodon

Share on Mastodon

share-on-mastodon

A
100

Automatically share WordPress posts on Mastodon.

1K No CVEs
AddToAny Share Buttons

AddToAny Share Buttons

add-to-any

A
99

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs
Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

themeisle-companion

B
83

Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.

100K 20 CVEs
Developer Profile

Share on Pixelfed Developer Profile

Jan Boddez

4 plugins · 1K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Share on Pixelfed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/share-on-pixelfed/assets/block-editor.js

HTML / DOM Fingerprints

REST Endpoints
/wp-json/share-on-pixelfed/v1/url
FAQ

Frequently Asked Questions about Share on Pixelfed