WP-Safety

Social Icons Widget & Block – Social Media Icons & Share Buttons Security & Risk Analysis

wordpress.org/plugins/social-icons-widget-by-wpzoom

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K active installs v4.5.9 PHP 7.4+ WP 6.5+ Updated Mar 12, 2026
share-buttonssocial-iconssocial-media-iconssocial-media-widgetsocial-sharing
96
A · Safe
CVEs total3
Unpatched0
Last CVEMar 12, 2026
Plugin page Download
Safety Verdict

Is Social Icons Widget & Block – Social Media Icons & Share Buttons Safe to Use in 2026?

Generally Safe

Score 96/100

Social Icons Widget & Block – Social Media Icons & Share Buttons has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 12, 2026Updated 21d ago
Risk Assessment

The social-icons-widget-by-wpzoom plugin version 4.5.9 presents a mixed security posture. While it demonstrates some good practices, such as using prepared statements for all SQL queries and having no known unpatched vulnerabilities, several concerning areas exist. The static analysis reveals a relatively small attack surface with two entry points, but critically, one of these is an unprotected AJAX handler. This unprotected entry point, combined with the presence of the `unserialize` function, creates a potential avenue for attacks if not handled with extreme care. The plugin also exhibits a moderate rate of improperly escaped output, which can lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed. The vulnerability history shows three past medium-severity vulnerabilities, primarily related to XSS and missing authorization. While currently unpatched vulnerabilities are zero, the recurring pattern of these vulnerability types in the past suggests a need for ongoing vigilance and robust input validation, especially concerning user-generated content that might be processed by the `unserialize` function or rendered without adequate escaping.

Key Concerns

  • AJAX handler without authentication check
  • Dangerous function 'unserialize' used
  • 48% of outputs not properly escaped
  • 3 medium severity vulnerabilities historically
Vulnerabilities
3

Social Icons Widget & Block – Social Media Icons & Share Buttons Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-4063medium · 4.3Missing Authorization

Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation

Mar 12, 2026 Patched in 4.5.9 (1d)
CVE-2024-2189medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Icons Widget & Block <= 4.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 30, 2024 Patched in 4.2.18 (14d)
CVE-2024-30464medium · 4.3Missing Authorization

Social Icons Widget & Block by WPZOOM <= 4.2.15 - Missing Authorization

Mar 28, 2024 Patched in 4.2.16 (7d)
Code Analysis
Analyzed Mar 16, 2026

Social Icons Widget & Block – Social Media Icons & Share Buttons Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
111
103 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialised_data = unserialize( $serialised_data[0] ); // phpcs:ignore WordPress.PHP.DiscouragedPHincludes\classes\class-wpzoom-social-icons-shortcode.php:129

Output Escaping

48% escaped214 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wpzoom_social_icons_hide_notice (social-icons-widget-by-wpzoom.php:431)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Social Icons Widget & Block – Social Media Icons & Share Buttons Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_wpz_dismiss_bf_bannerincludes\classes\class-wpzoom-marketing-banner.php:26

Shortcodes 1

[wpzoom_social_icons] includes\classes\class-wpzoom-social-icons-shortcode.php:222
WordPress Hooks 55
actioninitblock\src\init.php:145
filterblock_categoriesblock\src\init.php:501
filterblock_categories_allblock\src\init.php:503
actionwp_enqueue_scriptsblock\src\init.php:554
actionenqueue_block_assetsblock\src\init.php:727
actionelementor/initelementor\wpzoom-social-icons-elementor.php:49
actionelementor/elements/categories_registeredelementor\wpzoom-social-icons-elementor.php:66
actionelementor/widgets/registerelementor\wpzoom-social-icons-elementor.php:67
actionelementor/editor/before_enqueue_scriptselementor\wpzoom-social-icons-elementor.php:69
actionadmin_menuincludes\classes\class-wpzoom-floating-buttons-upsell.php:42
actionadmin_enqueue_scriptsincludes\classes\class-wpzoom-floating-buttons-upsell.php:43
actionadmin_noticesincludes\classes\class-wpzoom-marketing-banner.php:23
actionadmin_menuincludes\classes\class-wpzoom-share-analytics-upsell.php:42
actionadmin_enqueue_scriptsincludes\classes\class-wpzoom-share-analytics-upsell.php:43
actionadmin_headincludes\classes\class-wpzoom-share-analytics-upsell.php:44
filterwpzoom_notice_center_noticesincludes\classes\class-wpzoom-sharing-buttons-notice.php:31
actionadmin_menuincludes\classes\class-wpzoom-social-icons-settings.php:61
actionadmin_initincludes\classes\class-wpzoom-social-icons-settings.php:62
actionadmin_enqueue_scriptsincludes\classes\class-wpzoom-social-icons-settings.php:63
actioninitincludes\classes\class-wpzoom-social-icons-shortcode.php:33
actionedit_form_after_titleincludes\classes\class-wpzoom-social-icons-shortcode.php:34
actionsave_post_wpzoom-shortcodeincludes\classes\class-wpzoom-social-icons-shortcode.php:35
actionmanage_wpzoom-shortcode_posts_columnsincludes\classes\class-wpzoom-social-icons-shortcode.php:36
actionmanage_wpzoom-shortcode_posts_custom_columnincludes\classes\class-wpzoom-social-icons-shortcode.php:37
actioninitincludes\classes\class-wpzoom-social-icons-shortcode.php:38
actionadmin_menuincludes\classes\class-wpzoom-social-icons-upsell.php:42
actionadmin_enqueue_scriptsincludes\classes\class-wpzoom-social-icons-upsell.php:43
actioninitincludes\classes\class-wpzoom-social-sharing-buttons.php:48
actionadmin_menuincludes\classes\class-wpzoom-social-sharing-buttons.php:51
filterparent_fileincludes\classes\class-wpzoom-social-sharing-buttons.php:54
filtersubmenu_fileincludes\classes\class-wpzoom-social-sharing-buttons.php:55
actionadd_meta_boxesincludes\classes\class-wpzoom-social-sharing-buttons.php:58
actionadmin_enqueue_scriptsincludes\classes\class-wpzoom-social-sharing-buttons.php:64
actionenqueue_block_editor_assetsincludes\classes\class-wpzoom-social-sharing-buttons.php:67
filterthe_contentincludes\classes\class-wpzoom-social-sharing-buttons.php:70
actionwp_enqueue_scriptsincludes\classes\class-zoom-social-icons-widget.php:115
actioncurrent_screenincludes\classes\class-zoom-social-icons-widget.php:125
actionwp_enqueue_scriptsincludes\classes\class-zoom-social-icons-widget.php:126
actionsiteorigin_panel_enqueue_admin_scriptsincludes\classes\class-zoom-social-icons-widget.php:129
actionsiteorigin_panel_enqueue_admin_scriptsincludes\classes\class-zoom-social-icons-widget.php:130
actionwp_enqueue_scriptsincludes\classes\class-zoom-social-icons-widget.php:133
actionwp_footerincludes\classes\class-zoom-social-icons-widget.php:134
actionelementor/editor/before_enqueue_scriptsincludes\classes\class-zoom-social-icons-widget.php:137
actionadmin_enqueue_scriptsincludes\classes\class-zoom-social-icons-widget.php:291
actionadmin_print_footer_scriptsincludes\classes\class-zoom-social-icons-widget.php:292
actionwidgets_initsocial-icons-widget-by-wpzoom.php:73
filterwidget_types_to_hide_from_legacy_widget_blocksocial-icons-widget-by-wpzoom.php:165
actioninitsocial-icons-widget-by-wpzoom.php:230
actionwp_enqueue_scriptssocial-icons-widget-by-wpzoom.php:240
filterstyle_loader_tagsocial-icons-widget-by-wpzoom.php:241
actioninitsocial-icons-widget-by-wpzoom.php:244
filterplugin_row_metasocial-icons-widget-by-wpzoom.php:313
actionadmin_headsocial-icons-widget-by-wpzoom.php:399
actionadmin_noticessocial-icons-widget-by-wpzoom.php:421
actionwp_loadedsocial-icons-widget-by-wpzoom.php:447
Maintenance & Trust

Social Icons Widget & Block – Social Media Icons & Share Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 12, 2026
PHP min version7.4
Downloads3.7M

Community Trust

Rating98/100
Number of ratings143
Active installs100K
Alternatives

Social Icons Widget & Block – Social Media Icons & Share Buttons Alternatives

ShareThis Share Buttons

ShareThis Share Buttons

sharethis-share-buttons

A
99

Grow your website traffic and engagement by enabling one-click sharing with the free ShareThis Share Buttons plugin. The plugin is free (no upgrades a &hellip;

20K 1 CVE
Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
97

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 7 CVEs
Social Sharing Plugin – Social Warfare

Social Sharing Plugin – Social Warfare

social-warfare

B
84

The most beautiful, responsive, lightning fast social share buttons built to boost shares and drive more traffic without slowing down your site.

20K 8 CVEs
WP Socializer – Simple & Easy Social Media Share Icons

WP Socializer – Simple & Easy Social Media Share Icons

wp-socializer

A
92

Simple & easy plugin to add social media sharing icons, buttons like Facebook, Twitter, WhatsApp, Instagram & more

10K 1 CVE
Social Share Buttons & Analytics Plugin – GetSocial.io

Social Share Buttons & Analytics Plugin – GetSocial.io

wp-share-buttons-analytics-by-getsocial

C
69

Free share buttons for 30+ of your favorite social networks. Increase traffic through social sharing with GetSocial buttons.

2K 1 unpatched
Developer Profile

Social Icons Widget & Block – Social Media Icons & Share Buttons Developer Profile

WPZOOM

24 plugins · 337K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
102 days
View full developer profile
Detection Fingerprints

How We Detect Social Icons Widget & Block – Social Media Icons & Share Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/academicons.woff2/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/fontawesome-webfont.woff2/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/fa-brands-400.woff2/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/fa-regular-400.woff2/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/fa-solid-900.woff2/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/Genericons.woff/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/socicon.woff2
Version Parameters
social-icons-widget-by-wpzoom/assets/font/academicons.woff2?v=1.9.2social-icons-widget-by-wpzoom/assets/font/fontawesome-webfont.woff2?v=4.7.0social-icons-widget-by-wpzoom/assets/font/socicon.woff2?v=

HTML / DOM Fingerprints

CSS Classes
wpzoom-social-iconswpzoom-social-icons-listwpzoom-social-icons-itemwpzoom-social-icons-linkwpzoom-social-icons-textwpzoom-social-icons-icon
Data Attributes
data-lazy-loaddata-typedata-categorydata-title
JS Globals
wpzoom_social_icons_settings
FAQ

Frequently Asked Questions about Social Icons Widget & Block – Social Media Icons & Share Buttons