Does Simple Share Buttons Adder have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Share Buttons Adder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Share Buttons Adder compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Share Buttons Adder 8.5.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Simple Share Buttons Adder updated?

Simple Share Buttons Adder was last updated on Sep 24, 2025. Frequent updates are generally a positive security signal.

What is Simple Share Buttons Adder's security score?

Simple Share Buttons Adder has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Share Buttons Adder Security & Risk Analysis

wordpress.org/plugins/simple-share-buttons-adder

A simple plugin that enables you to add share buttons to all of your posts and/or pages.

40K active installs v8.5.3 PHP + WP 5.9+ Updated Sep 24, 2025

blueskyfacebookshare-buttonssocial-buttonsthreads

A · Safe

CVEs total6

Unpatched0

Last CVEMay 28, 2024

Plugin page Download

Safety Verdict

Is Simple Share Buttons Adder Safe to Use in 2026?

Generally Safe

Score 94/100

Simple Share Buttons Adder has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: May 28, 2024Updated 6mo ago

Risk Assessment

The overall security posture of the simple-share-buttons-adder plugin shows mixed signals. On the positive side, the static analysis reveals a remarkably small attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed without proper authentication or authorization checks. Furthermore, all SQL queries utilize prepared statements, and file operations are absent, indicating good development practices in these areas. Nonce and capability checks are present, though not extensively applied across all potential entry points.

However, a significant concern arises from the plugin's vulnerability history. With a total of six known CVEs, including two high-severity vulnerabilities (Cross-Site Scripting and CSRF) and four medium-severity ones, this plugin has a track record of security weaknesses. The fact that the most recent vulnerability was identified very recently, even if currently unpatched, suggests ongoing security issues. The static analysis also indicates that 37% of output is not properly escaped, which, while not flagged as a critical taint flow, can contribute to XSS vulnerabilities, especially when combined with the plugin's past.

Key Concerns

High severity past vulnerabilities (XSS/CSRF)
Medium severity past vulnerabilities
Significant percentage of unescaped output
External HTTP requests (potential for SSRF/compromise)

Vulnerabilities

Simple Share Buttons Adder Security Vulnerabilities

CVEs by Year

2 CVEs in 2014

2014

1 CVE in 2015

2015

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2024-4094medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Share Buttons Adder <= 8.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 28, 2024 Patched in 3.5.1 (17d)

CVE-2024-0621medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings

Feb 14, 2024 Patched in 8.4.12 (167d)

CVE-2022-47178medium · 4.3Cross-Site Request Forgery (CSRF)

Simple Share Buttons Adder <= 8.4.6 - Cross-Site Request Forgery

Apr 19, 2023 Patched in 8.4.7 (279d)

CVE-2015-9303medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting

Jun 2, 2015 Patched in 6.0.1 (3157d)

WF-2f72c94f-b0b6-464b-8bc7-df3d75b22edb-simple-share-buttons-adderhigh · 8.1Cross-Site Request Forgery (CSRF)

Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery

Jun 26, 2014 Patched in 4.5 (3498d)

CVE-2014-4717high · 8.8Cross-Site Request Forgery (CSRF)

Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery

Jun 26, 2014 Patched in 4.5 (3498d)

Code Analysis

Analyzed Mar 16, 2026

Simple Share Buttons Adder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

181

312 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

63% escaped493 total outputs

Attack Surface

Simple Share Buttons Adder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

filterthe_contentphp\class-buttons.php:80

filterthe_excerptphp\class-buttons.php:84

filterscript_loader_tagphp\class-styles.php:65

actionadmin_noticessimple-share-buttons-adder.php:31

Maintenance & Trust

Simple Share Buttons Adder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 24, 2025

PHP min version

Downloads4.3M

Community Trust

Rating86/100

Number of ratings626

Active installs40K

Alternatives

Simple Share Buttons Adder Alternatives

Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds

facebook-pagelike-widget

Floating Social Media Icons, Sticky Share Buttons, Facebook Feeds, & Popup builder. Also, create Call, Email, SMS, & Contact buttons to increa …

50K 2 CVEs

ShareThis Share Buttons

sharethis-share-buttons

Grow your website traffic and engagement by enabling one-click sharing with the free ShareThis Share Buttons plugin. The plugin is free (no upgrades a …

20K 1 CVE