Does Share This Image have any unpatched vulnerabilities?

No. All known vulnerabilities in Share This Image have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Share This Image compatible with WordPress 6.9.4?

According to WordPress.org data, Share This Image 2.13 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Share This Image updated?

Share This Image was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Share This Image's security score?

Share This Image has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Share This Image Security & Risk Analysis

wordpress.org/plugins/share-this-image

Image sharing plugin for WordPress. Share exactly needed images with fully customizable content.

1K active installs v2.13 PHP + WP 4.0+ Updated Mar 11, 2026

facebookimagesharingsocial-buttonstwitter

A · Safe

CVEs total7

Unpatched0

Last CVEJan 25, 2026

Plugin page Download

Safety Verdict

Is Share This Image Safe to Use in 2026?

Generally Safe

Score 92/100

Share This Image has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jan 25, 2026Updated 23d ago

Risk Assessment

The "share-this-image" plugin v2.13 presents a mixed security posture. On one hand, the static analysis shows a commendable effort in securing its entry points, with all identified AJAX handlers and REST API routes having associated authorization checks. The presence of nonce checks and capability checks further bolsters this. However, the significant percentage of improperly escaped output (39%) raises a concern about potential Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while not revealing critical or high-severity issues, did identify flows with unsanitized paths, which could be a precursor to vulnerabilities if not properly handled. The vulnerability history is a significant red flag. With a total of 7 known CVEs, including one high-severity vulnerability and six medium-severity ones, the plugin has a history of introducing security flaws. The common types of past vulnerabilities (Missing Authorization, Open Redirect, XSS) are recurring themes in WordPress plugin security and suggest persistent oversight in specific areas. The fact that there are currently no unpatched vulnerabilities is positive, but the frequent discovery of issues indicates a need for more rigorous security testing and development practices. The presence of bundled libraries like Select2 and Freemius v1.0 could also introduce risks if they are outdated and contain known vulnerabilities, though this is not explicitly detailed in the provided data.

Key Concerns

Significant percentage of improperly escaped output
Taint flows with unsanitized paths
History of 7 known CVEs
History of 1 high severity vulnerability
History of 6 medium severity vulnerabilities
Bundled outdated library (Freemius v1.0)

Vulnerabilities

Share This Image Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

5 CVEs in 2024

2024

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2026-25010medium · 5.3Missing Authorization

Share This Image <= 2.09 - Missing Authorization

Jan 25, 2026 Patched in 2.10 (9d)

CVE-2024-47326medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Share This Image <= 2.01 - Reflected Cross-Site Scripting

Sep 25, 2024 Patched in 2.02 (8d)

CVE-2024-8761high · 7.2URL Redirection to Untrusted Site ('Open Redirect')

Share This Image <= 2.03 - Open Redirect via link Parameter

Sep 16, 2024 Patched in 2.04 (1d)

CVE-2024-8363medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode

Sep 4, 2024 Patched in 2.03 (1d)

CVE-2024-8108medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Share This Image <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter

Aug 30, 2024 Patched in 2.02 (1d)

CVE-2024-33930medium · 5.4URL Redirection to Untrusted Site ('Open Redirect')

Share This Image <= 1.98 - Open Redirect

Apr 29, 2024 Patched in 1.99 (23d)

CVE-2017-18015medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Share This Image < 1.04 - Cross-Site Scripting

Dec 18, 2017 Patched in 1.04 (2227d)

Code Analysis

Analyzed Mar 16, 2026

Share This Image Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

137

215 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

80% prepared5 total queries

Output Escaping

61% escaped352 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths

generate_fields (includes\admin\class-sti-admin-fields.php:54)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Share This Image Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 6

authwp_ajax_sti-dismissNoticeincludes\admin\class-sti-admin-ajax.php:19

authwp_ajax_sti-hideWelcomeNoticeincludes\admin\class-sti-admin-ajax.php:21

authwp_ajax_sti-getRuleGroupincludes\admin\class-sti-admin-ajax.php:23

authwp_ajax_sti-getSuboptionValuesincludes\admin\class-sti-admin-ajax.php:25

authwp_ajax_sti_shortLinksincludes\class-sti-shortlink.php:63

noprivwp_ajax_sti_shortLinksincludes\class-sti-shortlink.php:64

Shortcodes 2

[sti_image] includes\class-sti-shortcodes.php:39

[sti_buttons] includes\class-sti-shortcodes.php:40

WordPress Hooks 58

actionadmin_noticesincludes\admin\class-sti-admin-notices.php:41

actionadmin_noticesincludes\admin\class-sti-admin-notices.php:44

actionadmin_noticesincludes\admin\class-sti-admin-notices.php:47

actionadmin_initincludes\admin\class-sti-admin-notices.php:50

actioninitincludes\admin\class-sti-admin-notices.php:208

actionadmin_initincludes\admin\class-sti-admin.php:42

actionadmin_menuincludes\admin\class-sti-admin.php:43

actionadmin_enqueue_scriptsincludes\admin\class-sti-admin.php:44

filtersubmenu_fileincludes\admin\class-sti-admin.php:51

actioninitincludes\admin\class-sti-admin.php:217

actionwp_enqueue_scriptsincludes\class-sti-functions.php:39

actionwp_headincludes\class-sti-functions.php:40

filterwp_titleincludes\class-sti-functions.php:44

filterwpseo_opengraph_imageincludes\class-sti-functions.php:46

filterwpseo_twitter_imageincludes\class-sti-functions.php:47

filterwpseo_og_og_image_widthincludes\class-sti-functions.php:49

filterwpseo_og_og_image_heightincludes\class-sti-functions.php:50

filterwpseo_opengraph_titleincludes\class-sti-functions.php:52

filterwpseo_twitter_titleincludes\class-sti-functions.php:53

filterwpseo_titleincludes\class-sti-functions.php:54

filterwpseo_opengraph_descincludes\class-sti-functions.php:56

filterwpseo_twitter_descriptionincludes\class-sti-functions.php:57

filterwpseo_metadescincludes\class-sti-functions.php:58

actionwpseo_headincludes\class-sti-functions.php:60

filterwpseo_canonicalincludes\class-sti-functions.php:62

filterwpseo_opengraph_typeincludes\class-sti-functions.php:64

filterwpseo_output_twitter_cardincludes\class-sti-functions.php:66

actionwp_enqueue_scriptsincludes\class-sti-integrations.php:60

actionwp_headincludes\class-sti-integrations.php:65

actionwp_enqueue_scriptsincludes\class-sti-integrations.php:66

actionwp_headincludes\class-sti-integrations.php:71

actionwp_enqueue_scriptsincludes\class-sti-integrations.php:76

actionwp_enqueue_scriptsincludes\class-sti-integrations.php:81

actionwp_enqueue_scriptsincludes\class-sti-integrations.php:86

filtersti_generated_selectorsincludes\class-sti-integrations.php:91

filtersti_generated_selectorsincludes\class-sti-integrations.php:96

actionwp_enqueue_scriptsincludes\class-sti-integrations.php:97

filtersti_generated_selectorsincludes\class-sti-integrations.php:102

filtersti_generated_selectorsincludes\class-sti-integrations.php:107

filteroption_seopress_social_option_nameincludes\class-sti-integrations.php:111

actiontemplate_redirectincludes\class-sti-shortlink.php:67

actionadmin_initincludes\class-sti-versions.php:263

filtersti_display_rulesincludes\modules\class-sti-metaslider.php:50

filtermetaslider_flex_slider_parametersincludes\modules\class-sti-metaslider.php:52

filtersti_generated_selectorsincludes\modules\class-sti-metaslider.php:54

filtersti_generated_group_selectorincludes\modules\class-sti-metaslider.php:56

actioninitincludes\modules\gutenberg\class-sti-gutenberg-init.php:44

filterblock_categories_allincludes\modules\gutenberg\class-sti-gutenberg-init.php:47

filterblock_categoriesincludes\modules\gutenberg\class-sti-gutenberg-init.php:49

actioninitincludes\modules\gutenberg\class-sti-gutenberg-init.php:52

filterplugin_action_linksshare-this-image.php:68

filterplugin_row_metashare-this-image.php:70

actionadmin_headshare-this-image.php:72

actioninitshare-this-image.php:76

actionafter_uninstallshare-this-image.php:284

filterconnect_message_on_updateshare-this-image.php:300

filterconnect_messageshare-this-image.php:317

filtershow_deactivation_subscription_cancellationshare-this-image.php:319

Maintenance & Trust

Share This Image Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version

Downloads135K

Community Trust

Rating84/100

Number of ratings21

Active installs1K

Alternatives

Share This Image Alternatives

Sharing Image

sharing-image

100

Sharing Image is a WordPress plugin for generating sharing posters in social networks.

600 No CVEs

WP Share

wp-share

Add social sharing buttons to your content in 5 minutes. You can choose from 3 different icon styles including the original ones.

10 No CVEs

Social Media Feather | social media sharing

social-media-feather

Lightweight, modern looking and effective social media sharing and profile buttons and icons. All your social media needs in 1 easy package!

20K 2 CVEs

Social Sharing (by Danny)

dvk-social-sharing

Adds social sharing buttons for Twitter, Facebook and LinkedIn to your blog posts or pages.

2K 1 CVE

WP Social Preview

wp-social-preview

Increase social media engagement by previewing and managing how your content will look on social media sites before sharing it!

900 No CVEs

Developer Profile

Share This Image Developer Profile

ILLID

4 plugins · 81K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

367 days

View full developer profile

Detection Fingerprints

How We Detect Share This Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/share-this-image/assets/css/admin.css/wp-content/plugins/share-this-image/assets/css/frontend.css/wp-content/plugins/share-this-image/assets/js/share-this-image.js

Script Paths

/wp-content/plugins/share-this-image/assets/js/share-this-image.js

Version Parameters

share-this-image/assets/css/admin.css?ver=share-this-image/assets/css/frontend.css?ver=share-this-image/assets/js/share-this-image.js?ver=

HTML / DOM Fingerprints

CSS Classes

sti-stars

HTML Comments

+10 more

JS Globals

STI

FAQ