WP-Safety

Social Counters Security & Risk Analysis

wordpress.org/plugins/social-counters

It allows to place counters and social sharing links to the most popular social networks like Menéame, Twitter, Facebook, Google Buzz, Tuenti or Bitac …

20 active installs v2.2.9 PHP + WP 2.9+ Updated Mar 29, 2016
counterfacebooksocialsocial-bookmarkingtwitter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Social Counters Safe to Use in 2026?

Generally Safe

Score 85/100

Social Counters has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "social-counters" plugin, version 2.2.9, presents a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs) and boasts a clean vulnerability history. Furthermore, its static analysis shows no obvious entry points like AJAX handlers, REST API routes, or shortcodes that are exposed. All SQL queries are also properly prepared, mitigating SQL injection risks. However, significant concerns arise from the code signals. The presence of the `unserialize` function is a critical red flag, as it can lead to remote code execution if an attacker can control the serialized data. Coupled with this is the complete lack of output escaping, meaning any data processed by the plugin could be injected into the output stream, leading to cross-site scripting (XSS) vulnerabilities. The absence of nonce and capability checks on all code signals is also a major weakness, allowing unauthenticated or unauthorized users to potentially trigger actions or access data.

Key Concerns

  • Presence of unserialize function
  • No output escaping detected
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Social Counters Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Social Counters Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
5
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
8
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize($data);counters\twitter.php:137

Output Escaping

0% escaped5 total outputs
Attack Surface

Social Counters Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 28
filtersocial_counter__defaultscounters\bitacoras.php:13
filtersocial_counters__admin_listcounters\bitacoras.php:29
filtersocial_counter__get__bitacorascounters\bitacoras.php:86
filtersocial_counter__defaultscounters\facebook.php:9
filtersocial_counters__admin_listcounters\facebook.php:24
filtersocial_counter__get__facebookcounters\facebook.php:81
filtersocial_counter__defaultscounters\google-buzz.php:9
filtersocial_counters__admin_listcounters\google-buzz.php:24
filtersocial_counter__get__gbuzzcounters\google-buzz.php:81
filtersocial_counter__defaultscounters\linkedin.php:9
filtersocial_counters__admin_listcounters\linkedin.php:24
filtersocial_counter__get__linkedincounters\linkedin.php:70
actionsocial_counter__wp_headcounters\linkedin.php:96
filtersocial_counter__defaultscounters\meneame.php:9
filtersocial_counters__admin_listcounters\meneame.php:24
filtersocial_counter__get__meneamecounters\meneame.php:88
filtersocial_counter__defaultscounters\tuenti.php:9
filtersocial_counter__get__tuenticounters\tuenti.php:43
filtersocial_counter__defaultscounters\twitter.php:9
filtersocial_counters__admin_listcounters\twitter.php:24
filtersocial_counter__get__twittercounters\twitter.php:73
actionsocial_counter__wp_headcounters\twitter.php:116
filtermanage_edit_columnssocial-counters-admin.php:10
actionmanage_posts_custom_columnsocial-counters-admin.php:25
actionpost_submitbox_misc_actionssocial-counters-admin.php:38
actioninitsocial-counters.php:112
actionwp_headsocial-counters.php:119
filtersocial_counters__the_titlesocial-counters.php:189
Maintenance & Trust

Social Counters Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedMar 29, 2016
PHP min version
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Social Counters Alternatives

Social Counter Widget

Social Counter Widget

social-counter-widget

A
85

This widget will display your RSS subscribers, Twitter followers and Facebook fans in one nice looking box.

20 No CVEs
Total Social Counter

Total Social Counter

total-social-counter

A
85

This widget combines the number of your RSS readers, twitter followers, and fans of your facebook fan page.

10 No CVEs
Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Open Graph and Twitter Card Tags

Open Graph and Twitter Card Tags

wonderm00ns-simple-facebook-open-graph-tags

A
99

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K 2 CVEs
Social Media Widget

Social Media Widget

social-media-widget

A
87

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs
Developer Profile

Social Counters Developer Profile

mortay

4 plugins · 140 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Social Counters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-counters/css/social-counters.css
Version Parameters
social-counters/css/social-counters.css?ver=

HTML / DOM Fingerprints

CSS Classes
social-counterssocial-counters-minisocial-countersocial-counter-lang-dir-bitacoras
Shortcode Output
<div class="social-counters<div class="social-counters social-counters-mini"><span>
FAQ

Frequently Asked Questions about Social Counters