WP-Safety

Social Media Aggregator Security & Risk Analysis

wordpress.org/plugins/social-media-aggregator

Aggregate social media content from Facebook, Twitter, YouTube, Vimeo, Instagram, and RSS Feeds into WordPress and use PHP or Ajax to retrieve.

10 active installs v1.2 PHP + WP 3.0.1+ Updated Sep 12, 2014
social-feed-aggregationsocial-media
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Social Media Aggregator Safe to Use in 2026?

Generally Safe

Score 85/100

Social Media Aggregator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "social-media-aggregator" plugin v1.2 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and having no recorded vulnerabilities, there are significant concerns stemming from its attack surface and output escaping.

The plugin has a relatively small attack surface with 5 entry points, but critically, 4 of these (all AJAX handlers) lack authentication checks. This opens the door to potential unauthorized actions if an attacker can trigger these handlers. Furthermore, only 30% of output escaping is properly implemented, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where unsanitized data could be injected into the browser.

Given the lack of past vulnerabilities, it's possible the plugin developers have been fortunate or that past versions did not expose these weaknesses as prominently. However, the current analysis reveals a clear need for improvement in authentication for its AJAX endpoints and more robust output sanitization to prevent XSS attacks. The absence of any recorded CVEs is a positive sign, but the identified code issues represent significant weaknesses that should be addressed.

Key Concerns

  • AJAX handlers without authentication
  • Insufficient output escaping
  • No nonce checks on AJAX
  • No capability checks
Vulnerabilities
None known

Social Media Aggregator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Social Media Aggregator Release Timeline

v1.2Current
v1.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

Social Media Aggregator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

30% escaped10 total outputs
Attack Surface
4 unprotected

Social Media Aggregator Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

noprivwp_ajax_get_feedsim-social-aggregator.php:51
authwp_ajax_get_feedsim-social-aggregator.php:52
authwp_ajax_fetch_social_feedsim-social-aggregator.php:55
authwp_ajax_reset_since_timesim-social-aggregator.php:56

Shortcodes 1

[imsa] im-social-aggregator.php:82
WordPress Hooks 9
actionadd_meta_boxesim-social-aggregator.php:44
actionadmin_menuim-social-aggregator.php:45
actionadmin_initim-social-aggregator.php:46
actioninitim-social-aggregator.php:47
filtercron_schedulesim-social-aggregator.php:59
actionrun_cronim-social-aggregator.php:60
filtersa/helpers/get_plugin_urlim-social-aggregator.php:63
actionwp_enqueue_scriptsim-social-aggregator.php:75
actionadmin_enqueue_scriptsim-social-aggregator.php:84

Scheduled Events 1

run_cron
Maintenance & Trust

Social Media Aggregator Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedSep 12, 2014
PHP min version
Downloads4K

Community Trust

Rating30/100
Number of ratings2
Active installs10
Alternatives

Social Media Aggregator Alternatives

AddToAny Share Buttons

AddToAny Share Buttons

add-to-any

A
99

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs
Astra Widgets

Astra Widgets

astra-widgets

A
96

Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.

200K 3 CVEs
Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Simple Social Icons

Simple Social Icons

simple-social-icons

A
100

This plugin provides two ways to display social icons: a traditional widget (available on all WordPress versions) and block variations for the core So …

100K No CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Developer Profile

Social Media Aggregator Developer Profile

ryac

2 plugins · 10 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Social Media Aggregator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-media-aggregator/css/style.css/wp-content/plugins/social-media-aggregator/js/script.js/wp-content/plugins/social-media-aggregator/css/admin-style.css
Script Paths
/wp-content/plugins/social-media-aggregator/js/script.js
Version Parameters
social-media-aggregator/style.css?ver=social-media-aggregator/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sa-social-feedim-social-aggregator-wrapsocial-media-aggregator-container
HTML Comments
<!-- Social Media Aggregator Start --><!-- Social Media Aggregator End -->
Data Attributes
data-feed-typedata-feed-id
JS Globals
IMSA_AJAX_URLIMSA_SETTINGS
REST Endpoints
/wp-json/imsa/v1/feeds
Shortcode Output
<div class="im-social-aggregator-wrap">
FAQ

Frequently Asked Questions about Social Media Aggregator