Does XING for WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is XING for WordPress compatible with WordPress 4.1.42?

According to WordPress.org data, XING for WordPress 1.2.4 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is XING for WordPress updated?

XING for WordPress was last updated on Apr 17, 2015. Frequent updates are generally a positive security signal.

What is XING for WordPress's security score?

XING for WordPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XING for WordPress Security & Risk Analysis

wordpress.org/plugins/share-on-xing

Embed the XING Share Button and the Follow Button on your Wordpress website without any hassle.

10 active installs v1.2.4 PHP + WP 3.4+ Updated Apr 17, 2015

pagepostsharesocialxing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is XING for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

XING for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'share-on-xing' plugin version 1.2.4 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the use of prepared statements for all SQL queries are strong indicators of secure coding practices. Furthermore, the plugin has a very small attack surface, with only one shortcode and no documented external requests or file operations, which reduces the potential for exploitation.

However, there are notable areas for improvement. The most significant concern is the lack of proper output escaping for a substantial portion (59%) of its output. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Additionally, the plugin does not implement any nonce checks or capability checks, which are crucial for verifying user permissions and preventing cross-site request forgery (CSRF) attacks, especially if any of its entry points, including the shortcode, handle sensitive data or actions.

In conclusion, while the plugin benefits from a clean vulnerability history and solid SQL sanitization, the unescaped output and absence of nonce/capability checks present a significant risk. Addressing these specific code weaknesses would greatly enhance the plugin's overall security.

Key Concerns

Significant unescaped output found
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

XING for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

XING for WordPress Release Timeline

v1.2.4Current

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

XING for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

41% escaped29 total outputs

Attack Surface

XING for WordPress Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[xing_share] plugin/shortcodes.php:7

WordPress Hooks 13

actionadmin_menusettings.php:45

actionadmin_initsettings.php:46

filterplugin_action_linkssettings.php:48

actionadmin_enqueue_scriptssettings.php:68

actionadmin_noticessettings.php:267

actionupgrader_process_completeshare-on-xing.php:21

actionwidgets_initshare-on-xing.php:35

actionwp_enqueue_scriptsshare-on-xing.php:43

actionwpshare-on-xing.php:44

filterscript_loader_srcshare-on-xing.php:58

actionwp_enqueue_scriptsshare-on-xing.php:87

filterthe_contentshare-on-xing.php:104

actioninitshare-on-xing.php:114

Maintenance & Trust

XING for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedApr 17, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

XING for WordPress Alternatives

Кнопки социальных сетей

svensoft-social-share-buttons

Кнопки "Поделиться в социальных сетях"

100 No CVEs

All Social Share – Sticky & Floating Share Buttons for WordPress

all-social-share

100

Add lightweight, customizable social share buttons for Facebook, Twitter, LinkedIn, WhatsApp, Pinterest, Reddit, and more.

10 No CVEs

Unique Easy Share Posts

unique-easy-share-posts

The Best Social Share Posts plugin ever. The easiest way to share posts on social media links from admin side without refresh.

10 No CVEs

Pluginsify Social Share

pluginsify-social-share

Share post, pages, media, products on social media

0 No CVEs

SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher

wp-scheduled-posts

Automate your WordPress content scheduling with a visual calendar, auto/manual schedulers, missed‑post handler, social sharing options & templates.

10K 3 CVEs

Developer Profile

XING for WordPress Developer Profile

Gaston Salgueiro

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect XING for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/share-on-xing/static/css/styles.css

Script Paths

https://www.xing-share.com/plugins/share.jshttps://www.xing-share.com/plugins/follow.js

HTML / DOM Fingerprints

CSS Classes

xing-share

Data Attributes

data-xing-button

JS Globals

window.xing_share_config

Shortcode Output

[xing_share][xing_follow]

FAQ