Does Shariff Wrapper have any unpatched vulnerabilities?

No. All known vulnerabilities in Shariff Wrapper have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shariff Wrapper compatible with WordPress 6.7.5?

According to WordPress.org data, Shariff Wrapper 4.6.15 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Shariff Wrapper compatible with PHP 7.4+?

Shariff Wrapper requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shariff Wrapper updated?

Shariff Wrapper was last updated on Jan 7, 2025. Frequent updates are generally a positive security signal.

What is Shariff Wrapper's security score?

Shariff Wrapper has a WP-Safety security score of 86/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shariff Wrapper Security & Risk Analysis

wordpress.org/plugins/shariff

Shariff provides share buttons that respect the privacy of your visitors and follow the General Data Protection Regulation (GDPR).

40K active installs v4.6.15 PHP 7.4+ WP 4.9+ Updated Jan 7, 2025

dsgvogdprshare-buttonsshariffsharing

A · Safe

CVEs total6

Unpatched0

Last CVEJun 19, 2024

Plugin page Download

Safety Verdict

Is Shariff Wrapper Safe to Use in 2026?

Generally Safe

Score 86/100

Shariff Wrapper has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jun 19, 2024Updated 1yr ago

Risk Assessment

The Shariff plugin v4.6.15 presents a mixed security posture. While it demonstrates some good practices like a reasonable number of capability checks and a lack of dangerous functions, several concerning areas warrant attention. The static analysis reveals a significant portion of SQL queries are not using prepared statements, which is a common vector for SQL injection vulnerabilities. Furthermore, the presence of unsanitized paths in taint analysis, even if not reaching critical severity, suggests a potential for path traversal issues. The plugin's history of six known CVEs, including one critical and five medium, is a significant red flag. The common vulnerability types highlight a recurring pattern of weaknesses in input sanitization and path handling, indicating a need for more robust security measures in these areas. The most recent vulnerability being in 2024 suggests that these issues are actively being discovered and exploited, and while currently unpatched CVEs are zero, the historical trend is worrying.

Despite the positive aspects, the historical vulnerability data and specific code signals like the lack of prepared statements for SQL queries are the most critical indicators of risk. The attack surface is relatively small, with only one unprotected entry point (a REST API route without permission callbacks), which is a good sign, but the historical trend of vulnerabilities, particularly those related to path traversal and XSS, demands a cautious approach. The plugin's strengths lie in its relatively limited attack surface and absence of inherently dangerous functions, but these are overshadowed by past security failures and ongoing coding concerns.

Key Concerns

SQL queries not using prepared statements
Unsanitized paths in taint flows
REST API route without permission callback
Historical critical CVE
Historical medium CVEs (5)
Output escaping at 56%

Vulnerabilities

Shariff Wrapper Security Vulnerabilities

CVEs by Year

6 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

6 total CVEs

CVE-2024-4098critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

Jun 19, 2024 Patched in 4.6.14 (1d)

CVE-2024-2695medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jun 14, 2024 Patched in 4.6.14 (3d)

CVE-2024-1450medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shariff Wrapper <= 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 12, 2024 Patched in 4.6.11 (9d)

CVE-2024-0966medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shariff Wrapper <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 12, 2024 Patched in 4.6.10 (81d)

CVE-2023-6500medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 12, 2024 Patched in 4.6.10 (140d)

CVE-2024-1106medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shariff Wrapper <= 4.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting

Feb 5, 2024 Patched in 4.6.10 (4d)

Code Analysis

Analyzed Mar 16, 2026

Shariff Wrapper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

198

257 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared10 total queries

Output Escaping

56% escaped455 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<bitcoin> (bitcoin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Shariff Wrapper Attack Surface

Entry Points3

Unprotected1

REST API Routes 1

GET/wp-json/shariff/v1/share_countsshariff.php:190

Shortcodes 2

[shariff] shariff.php:859

[shariffmeta] shariff.php:1557

WordPress Hooks 30

actionadmin_menuadmin\admin-menu.php:19

actionadmin_initadmin\admin-menu.php:20

actioninitadmin\admin-menu.php:21

actionadmin_enqueue_scriptsadmin\admin-menu.php:42

actionload-post.phpadmin\admin-metabox.php:15

actionload-post-new.phpadmin\admin-metabox.php:16

actionadd_meta_boxesadmin\admin-metabox.php:22

actionsave_postadmin\admin-metabox.php:162

actionadmin_noticesadmin\admin-notices.php:51

actionwidgets_initincludes\class-shariff-widget.php:179

actionadmin_initshariff.php:53

actioncli_initshariff.php:55

actionadmin_initshariff.php:73

actioninitshariff.php:157

filterplugin_row_metashariff.php:179

actionrest_api_initshariff.php:217

actionshariff3uu_fill_cacheshariff.php:513

actionshariff3uu_save_statistic_optionsshariff.php:536

filtercron_schedulesshariff.php:555

filterthe_contentshariff.php:654

filterthe_excerptshariff.php:680

filterthe_contentshariff.php:695

filterthe_content_feedshariff.php:709

actionbbp_template_after_forums_loopshariff.php:722

actionbbp_template_after_topics_loopshariff.php:735

actionbbp_theme_after_reply_contentshariff.php:748

actionbbp_template_before_forums_loopshariff.php:761

actionbbp_template_before_topics_loopshariff.php:774

actionbbp_theme_before_reply_contentshariff.php:787

actionamp_post_template_cssshariff.php:856

Scheduled Events 1

shariff3uu_fill_cache

Maintenance & Trust

Shariff Wrapper Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 7, 2025

PHP min version7.4

Downloads1.1M

Community Trust

Rating98/100

Number of ratings102

Active installs40K

Alternatives

Shariff Wrapper Alternatives

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo …

300K 9 CVEs

OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.

host-webfonts-local

OMGF automagically caches the Google Fonts used by your theme/plugins locally. No configuration (or brains) required!

300K 4 CVEs

Disable and Remove Google Fonts | GDPR & DSGVO friendly

disable-remove-google-fonts

100

Improve frontend performance by disabling Google Fonts. GDPR and DSGVO friendly.

100K No CVEs

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs

Self-Hosted Google Fonts

selfhost-google-fonts

Automatically self-host all the Google Fonts on your site. Plug and play.

30K No CVEs

Developer Profile

Shariff Wrapper Developer Profile

3UU

2 plugins · 40K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

40 days

View full developer profile

Detection Fingerprints

How We Detect Shariff Wrapper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shariff/assets/css/admin.css/wp-content/plugins/shariff/assets/css/frontend.css/wp-content/plugins/shariff/assets/js/frontend.js/wp-content/plugins/shariff/assets/js/service.js

Script Paths

/wp-content/plugins/shariff/assets/js/frontend.js/wp-content/plugins/shariff/assets/js/service.js

Version Parameters

shariff/assets/css/admin.css?ver=shariff/assets/css/frontend.css?ver=shariff/assets/js/frontend.js?ver=shariff/assets/js/service.js?ver=

HTML / DOM Fingerprints

CSS Classes

shariff-wrappershariff-buttonsshariff-countshariff-social-button

HTML Comments

Data Attributes

data-urldata-servicesdata-themedata-orientationdata-backend-url

JS Globals

shariff_optionsshariff_services

REST Endpoints

/wp-json/shariff/v1/share_counts

Shortcode Output

[shariff]

FAQ