Does Social Hashtags have any unpatched vulnerabilities?

Yes — Social Hashtags currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Social Hashtags compatible with WordPress 4.1.42?

According to WordPress.org data, Social Hashtags 3.0.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Social Hashtags updated?

Social Hashtags was last updated on Feb 13, 2015. Frequent updates are generally a positive security signal.

What is Social Hashtags's security score?

Social Hashtags has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Social Hashtags Security & Risk Analysis

wordpress.org/plugins/social-hashtags

Grabs images & videos matching any hashtag from social APIs like instagram & youtube.

20 active installs v3.0.0 PHP + WP 3.0.1+ Updated Feb 13, 2015

hashtagsinstagramphotosvideosyoutube

C · Use Caution

CVEs total1

Unpatched1

Last CVEOct 2, 2012

Download

Safety Verdict

Is Social Hashtags Safe to Use in 2026?

Use With Caution

Score 64/100

Social Hashtags has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Oct 2, 2012Updated 11yr ago

Risk Assessment

The "social-hashtags" plugin v3.0.0 presents a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and having no file operations or external HTTP requests, significant concerns arise from its attack surface and output sanitization. The presence of an unprotected AJAX handler is a critical vulnerability, as it provides an entry point for unauthenticated attackers to potentially exploit the plugin.

Furthermore, the static analysis reveals that 100% of its nine output operations are not properly escaped. This is a severe weakness that makes the plugin highly susceptible to Cross-Site Scripting (XSS) attacks. The vulnerability history, which includes a medium severity XSS vulnerability from 2012, reinforces these concerns, indicating a recurring pattern of input sanitization issues. While the plugin lacks a large attack surface and complex taint flows, the combination of an unprotected AJAX endpoint and widespread unescaped output creates a substantial risk of compromise.

Key Concerns

Unprotected AJAX handler
No properly escaped output
Unpatched CVE (medium severity)

Vulnerabilities

Social Hashtags Security Vulnerabilities

CVEs by Year

1 CVE in 2012 · unpatched

2012

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-959ece75-b7a6-4729-abe8-1df9398d95f4-social-hashtagsmedium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Hashtags <= 3.0.0 - Cross-Site Scripting

Oct 2, 2012Unpatched

Code Analysis

Analyzed Mar 16, 2026

Social Hashtags Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped9 total outputs

Attack Surface

1 unprotected

Social Hashtags Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_social_hashtag_run_manuallysocial_hashtag.php:203

WordPress Hooks 7

actioninitsocial_hashtag.php:24

actionadmin_initsocial_hashtag.php:37

actionwp_enqueue_scriptssocial_hashtag.php:44

actionadmin_menusocial_hashtag.php:59

filtercron_schedulessocial_hashtag.php:77

actionsocial_hashtag_cronsocial_hashtag.php:98

filterwp_get_attachment_urlsocial_hashtag.php:174

Scheduled Events 3

social_hashtag_cron

Maintenance & Trust

Social Hashtags Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedFeb 13, 2015

PHP min version

Downloads7K

Community Trust

Rating80/100

Number of ratings5

Active installs20

Alternatives

Social Hashtags Alternatives

SocialFeeds

socialfeeds

100

YouTube feeds for WordPress with simple Setup and Settings options.

4K No CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs

Feed Them Social – Social Media Feeds, Video, and Photo Galleries

feed-them-social

Custom social media feeds for Instagram, Facebook, TikTok, & YouTube. Works with Elementor, Beaver Builder, and Gutenberg blocks.

20K 12 CVEs

Developer Profile

Social Hashtags Developer Profile

shanaver

2 plugins · 40 total installs

trust score

Avg Security Score

64/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Social Hashtags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/social-hashtags/lib/social_hashtag.css

HTML / DOM Fingerprints

JS Globals

social_hashtag_ajax

FAQ