WP-Safety

Sharing Plus – Social Sharing Icons Security & Risk Analysis

wordpress.org/plugins/sharing-plus

Sharing Plus adds an advanced set of social media sharing buttons to your WordPress sites, such as: Google+, Facebook, WhatsApp, Viber, Twitter, Reddi …

0 active installs v1.0.1 PHP + WP 4.0+ Updated Jul 5, 2019
linkedinsocial-buttonssocial-shareviberwhatsapp
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sharing Plus – Social Sharing Icons Safe to Use in 2026?

Generally Safe

Score 85/100

Sharing Plus – Social Sharing Icons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "sharing-plus" v1.0.1 plugin exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries using prepared statements and a relatively high percentage of properly escaped outputs, significant concerns arise from its attack surface and taint analysis.

A major weakness lies in the presence of 6 unprotected AJAX handlers, representing a substantial portion of its entry points. This opens the door for unauthenticated users to potentially interact with sensitive functionalities. Furthermore, the taint analysis reveals 2 high-severity flows with unsanitized paths, indicating a risk of data being processed without adequate validation or sanitization, which could lead to various vulnerabilities depending on the context.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator of past security diligence. However, the static analysis findings, particularly the unprotected AJAX handlers and high-severity taint flows, suggest that current security practices may not be sufficient to prevent future vulnerabilities. The presence of `create_function` is also a concern, as it can be a source of security issues if not handled with extreme care. In conclusion, while the plugin has a clean history and some good coding habits, the identified attack surface vulnerabilities and taint issues require immediate attention to strengthen its overall security.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized paths
  • Dangerous function: create_function
  • Partially unescaped output
Vulnerabilities
None known

Sharing Plus – Social Sharing Icons Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sharing Plus – Social Sharing Icons Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Sharing Plus – Social Sharing Icons Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
94
357 escaped
Nonce Checks
3
Capability Checks
5
File Operations
1
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');admin\tcy-strucutre.php:97

SQL Query Safety

100% prepared1 total queries

Output Escaping

79% escaped451 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
review_notice_message (admin\tcy-admin.php:259)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Sharing Plus – Social Sharing Icons Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_sharing_plus_exportinc\core\tcy-settings.php:18
authwp_ajax_sharing_plus_importinc\core\tcy-settings.php:19
authwp_ajax_sharing_plus_fetch_datasharing-plus.php:158
noprivwp_ajax_sharing_plus_fetch_datasharing-plus.php:159
authwp_ajax_sharing_plus_facebook_shares_updatesharing-plus.php:169
noprivwp_ajax_sharing_plus_facebook_shares_updatesharing-plus.php:170

Shortcodes 1

[SHARING_PLUS] sharing-plus.php:166
WordPress Hooks 31
actionsharing_plus_settings_innersidebar_metaboxadmin\tcy-admin-hooks.php:41
actionsharing_plus_settings_sidebaradmin\tcy-admin-hooks.php:68
actionsharing_plus_general_settings_contentadmin\tcy-admin-hooks.php:92
actionsharing_plus_advanced_settings_contentadmin\tcy-admin-hooks.php:115
actionadd_meta_boxesadmin\tcy-admin.php:18
actionsave_postadmin\tcy-admin.php:19
filterplugin_action_linksadmin\tcy-admin.php:21
actionadmin_initadmin\tcy-admin.php:25
actionadmin_enqueue_scriptsadmin\tcy-admin.php:26
actionin_admin_headeradmin\tcy-admin.php:27
actionadmin_noticesadmin\tcy-admin.php:249
actionadmin_enqueue_scriptsadmin\tcy-strucutre.php:21
actionadmin_initinc\core\tcy-settings.php:16
actionadmin_menuinc\core\tcy-settings.php:17
actioninitinc\upgrade-routine.php:2
filterhttps_ssl_verifyinc\widgets\tcy-follower-widget.php:580
filterhttps_ssl_verifyinc\widgets\tcy-follower-widget.php:601
actionwidgets_initinc\widgets\tcy-initialize-widgets.php:37
actioninitsharing-plus.php:87
actionplugins_loadedsharing-plus.php:118
filterthe_contentsharing-plus.php:143
filterthe_excerptsharing-plus.php:145
filterplugin_row_metasharing-plus.php:147
filterwp_trim_wordssharing-plus.php:149
actionwp_enqueue_scriptssharing-plus.php:151
actionwp_footersharing-plus.php:154
filtersharing_plus_footer_scriptssharing-plus.php:156
actionwp_footersharing-plus.php:161
actionwp_headsharing-plus.php:162
actionwp_footersharing-plus.php:164
actionwp_headsharing-plus.php:167
Maintenance & Trust

Sharing Plus – Social Sharing Icons Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedJul 5, 2019
PHP min version
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Sharing Plus – Social Sharing Icons Alternatives

Hubbub Lite – Fast, free social sharing and follow buttons

Hubbub Lite – Fast, free social sharing and follow buttons

social-pug

A
94

Your content is worth sharing. Let's makes it easier!

30K 9 CVEs
Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
95

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 8 CVEs
Custom Share Buttons with Floating Sidebar

Custom Share Buttons with Floating Sidebar

custom-share-buttons-with-floating-sidebar

A
85

Share buttons with extra features to sharing your website posts/pages on Facebook, Twitter, Instagram, Whatsapp, Pinterest etc.

5K 1 CVE
Spice Social Share

Spice Social Share

spice-social-share

A
92

Effortlessly add social share buttons to your posts.

5K No CVEs
Cresta Social Share Counter

Cresta Social Share Counter

cresta-social-share-counter

A
100

Share your posts and pages quickly and easily with Cresta Social Share Counter and show share counts.

2K No CVEs
Developer Profile

Sharing Plus – Social Sharing Icons Developer Profile

Theme Century

3 plugins · 810 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sharing Plus – Social Sharing Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sharing-plus/css/style.css/wp-content/plugins/sharing-plus/js/sharing-plus.js/wp-content/plugins/sharing-plus/js/script.js/wp-content/plugins/sharing-plus/admin/css/admin.css
Script Paths
/wp-content/plugins/sharing-plus/js/sharing-plus.js/wp-content/plugins/sharing-plus/js/script.js
Version Parameters
sharing-plus/css/style.css?ver=sharing-plus/js/sharing-plus.js?ver=sharing-plus/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sharing_plus_inline_wrapper
HTML Comments
<!-- Sharing Plus --><!-- Sharing Plus End -->
Data Attributes
data-sharing-plus-post-id
JS Globals
sharing_plus_ajax_object
Shortcode Output
[SHARING_PLUS]
FAQ

Frequently Asked Questions about Sharing Plus – Social Sharing Icons