WP-Safety

Social Counter & Sharer Security & Risk Analysis

wordpress.org/plugins/social-counter

Ultra-lightweight plugin for sharing content on social networks. Optimized for speed with minimal impact on site performance.

300 active installs v3.1 PHP 5.6+ WP 3.6+ Updated Jan 3, 2026
facebooksocial-buttonssocial-countersocial-iconsocial-share
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 24, 2025
Plugin page Download
Safety Verdict

Is Social Counter & Sharer Safe to Use in 2026?

Generally Safe

Score 99/100

Social Counter & Sharer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 24, 2025Updated 3mo ago
Risk Assessment

The "social-counter" v3.1 plugin exhibits a generally positive security posture, with a strong emphasis on using prepared statements for SQL queries and proper output escaping. The lack of identified AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks suggests a limited attack surface. Nonce and capability checks are present, indicating an effort to secure the limited entry points.

However, the presence of the `unserialize` function is a significant concern, especially in conjunction with taint analysis indicating five flows with unsanitized paths. While no critical or high-severity taint flows were explicitly reported, the potential for deserialization vulnerabilities is a known risk. The vulnerability history, though showing no currently unpatched CVEs, points to a past medium-severity vulnerability related to deserialization, reinforcing the importance of vigilance in this area.

Overall, the plugin demonstrates good security practices in several areas, but the `unserialize` function and the identified unsanitized paths in taint analysis represent a notable weakness. The plugin's past vulnerability history further highlights the need for careful management of deserialization risks. Users should be aware of this potential, even though the current version may appear clean.

Key Concerns

  • Dangerous function unserialize present
  • Taint analysis shows unsanitized paths
  • Past medium severity vulnerability (Deserialization)
Vulnerabilities
1

Social Counter & Sharer Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-46473medium · 6.6Deserialization of Untrusted Data

Social Counter <= 2.0.5 - Authenticated (Administrator+) PHP Object Injection

Apr 24, 2025 Patched in 2.1 (23d)
Code Analysis
Analyzed Mar 16, 2026

Social Counter & Sharer Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
1
27 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialize = @unserialize($to_unserialize, array('allowed_classes' => false));classes\admin.class.php:363

Output Escaping

96% escaped28 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
renderCSS (classes\common.class.php:78)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Social Counter & Sharer Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_initclasses\admin.class.php:10
actionadmin_headclasses\admin.class.php:11
actionplugins_loadedclasses\admin.class.php:12
filterplugin_action_linksclasses\admin.class.php:13
actionadmin_menuclasses\admin.class.php:100
actionwidgets_initclasses\common.class.php:613
actionwp_enqueue_scriptsclasses\main.class.php:8
actionwp_footerclasses\main.class.php:899
actionwp_enqueue_scriptsclasses\main.class.php:900
Maintenance & Trust

Social Counter & Sharer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 3, 2026
PHP min version5.6
Downloads22K

Community Trust

Rating100/100
Number of ratings5
Active installs300
Alternatives

Social Counter & Sharer Alternatives

Social Share Buttons

Social Share Buttons

share-button

A
99

Our Share Button addon to MaxButtons and MaxButtons Pro plugins gets you up and sharing within minutes. It's easy to setup and offers flexibility &hellip;

1K 1 CVE
Genesis Optimized Social Share

Genesis Optimized Social Share

genesis-optimized-social-share

A
85

Genesis Optimized Social Share loads Popular Social Share Counters without affecting your page Loading Time & PageSpeed Score.

70 No CVEs
Super Simple Social Share Icons

Super Simple Social Share Icons

super-simple-social-share-icons

A
100

A lightweight and powerful solution for adding beautiful social sharing buttons to your WordPress site.

60 No CVEs
MRZ Social

MRZ Social

mrz-social

A
85

Just another social icons plugin, but with funky likes, followers, +1 counter and childishly simple configuration!

10 No CVEs
Wp Social Login and Register Social Counter

Wp Social Login and Register Social Counter

wp-social

A
89

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K 5 CVEs
Developer Profile

Social Counter & Sharer Developer Profile

Prisna

4 plugins · 8K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
47 days
View full developer profile
Detection Fingerprints

How We Detect Social Counter & Sharer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-counter/styles/admin.css/wp-content/plugins/social-counter/javascript/common.class.js/wp-content/plugins/social-counter/javascript/admin.class.js
Script Paths
/wp-content/plugins/social-counter/javascript/common.class.js/wp-content/plugins/social-counter/javascript/admin.class.js
Version Parameters
social-counter/styles/admin.css?ver=social-counter/javascript/common.class.js?ver=social-counter/javascript/admin.class.js?ver=

HTML / DOM Fingerprints

Data Attributes
prisna_tabprisna_tab_2prisna_tab_3prisna_tab_4prisna-social-counter-nonce
FAQ

Frequently Asked Questions about Social Counter & Sharer