WP-Safety

Social News Center Security & Risk Analysis

wordpress.org/plugins/social-news-center

Display latest Posts from social media sites like Facebook, Instagram & Twitter. Perform actions such as view profiles, Like, Share, Favorite &amp …

10 active installs v0.0.8 PHP + WP 4.0+ Updated Jul 11, 2017
facebooksocial-mediasocial-networkssocial-newssocial-posts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Social News Center Safe to Use in 2026?

Generally Safe

Score 85/100

Social News Center has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "social-news-center" plugin version 0.0.8 exhibits a significantly concerning security posture due to a large number of unprotected entry points. With 32 out of 37 total entry points lacking any authentication or capability checks, this plugin is highly susceptible to unauthorized access and manipulation. The presence of the "unserialize" dangerous function, while not directly linked to a taint flow in this analysis, is a known vector for remote code execution if user-supplied data is deserialized without proper sanitization. The static analysis also reveals that 100% of SQL queries utilize prepared statements, which is a positive indicator for preventing SQL injection. However, the output escaping is only at 45%, suggesting a potential for cross-site scripting (XSS) vulnerabilities. The absence of any recorded vulnerabilities in its history is a strength, implying a good track record. Despite the positive aspect of secure SQL handling and the lack of known CVEs, the overwhelming number of unprotected AJAX handlers and the presence of a dangerous function like unserialize, coupled with insufficient output escaping, presents a substantial risk. This plugin requires immediate attention to secure its entry points and review output sanitization practices.

Key Concerns

  • AJAX handlers unprotected
  • Dangerous function unserialize
  • Low output escaping percentage
  • Missing nonce checks on AJAX
  • Missing capability checks
Vulnerabilities
None known

Social News Center Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Social News Center Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
19 prepared
Unescaped Output
23
19 escaped
Nonce Checks
0
Capability Checks
0
File Operations
19
External Requests
7
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = unserialize( file_get_contents( $cacheFile ) );facebook.php:70
unserialize$otherData = unserialize( file_get_contents( $cacheFile ) );facebook.php:83
unserialize$data = unserialize( file_get_contents( $cacheFile ) );instagram.php:76
unserialize$otherData = unserialize( file_get_contents( $cacheFile ) );instagram.php:89
unserialize$data = unserialize( file_get_contents( $cacheFile ) );twitter.php:70
unserialize$otherData = unserialize( file_get_contents( $cacheFile ) );twitter.php:83

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared19 total queries

Output Escaping

45% escaped42 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

11 flows11 with unsanitized paths
snc_doBhwwSslTemplateRedirect (includes\functions-wp.php:910)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
32 unprotected

Social News Center Attack Surface

Entry Points37
Unprotected32

AJAX Handlers 32

authwp_ajax_snc_empty_cachesocial-news-center.php:215
noprivwp_ajax_snc_empty_cachesocial-news-center.php:216
authwp_ajax_snc_facebook_postssocial-news-center.php:363
noprivwp_ajax_snc_facebook_postssocial-news-center.php:364
authwp_ajax_snc_facebook_verify_credssocial-news-center.php:425
noprivwp_ajax_snc_facebook_verify_credssocial-news-center.php:426
authwp_ajax_snc_instagram_postssocial-news-center.php:763
noprivwp_ajax_snc_instagram_postssocial-news-center.php:764
authwp_ajax_snc_get_instagram_codesocial-news-center.php:791
noprivwp_ajax_snc_get_instagram_codesocial-news-center.php:792
authwp_ajax_snc_get_instagram_access_tokensocial-news-center.php:903
noprivwp_ajax_snc_get_instagram_access_tokensocial-news-center.php:904
authwp_ajax_snc_instagram_loginsocial-news-center.php:944
noprivwp_ajax_snc_instagram_loginsocial-news-center.php:945
authwp_ajax_snc_instagram_oauthsocial-news-center.php:1044
noprivwp_ajax_snc_instagram_oauthsocial-news-center.php:1045
authwp_ajax_snc_instagram_logoutsocial-news-center.php:1079
noprivwp_ajax_snc_instagram_logoutsocial-news-center.php:1080
authwp_ajax_snc_instagram_verify_credssocial-news-center.php:1125
noprivwp_ajax_snc_instagram_verify_credssocial-news-center.php:1126
authwp_ajax_snc_instagram_save_settingssocial-news-center.php:1152
noprivwp_ajax_snc_instagram_save_settingssocial-news-center.php:1153
authwp_ajax_snc_twitter_postssocial-news-center.php:1365
noprivwp_ajax_snc_twitter_postssocial-news-center.php:1366
authwp_ajax_snc_twitter_loginsocial-news-center.php:1442
noprivwp_ajax_snc_twitter_loginsocial-news-center.php:1443
authwp_ajax_snc_twitter_oauthsocial-news-center.php:1524
noprivwp_ajax_snc_twitter_oauthsocial-news-center.php:1525
authwp_ajax_snc_twitter_logoutsocial-news-center.php:1560
noprivwp_ajax_snc_twitter_logoutsocial-news-center.php:1561
authwp_ajax_snc_twitter_verify_credssocial-news-center.php:1613
noprivwp_ajax_snc_twitter_verify_credssocial-news-center.php:1614

Shortcodes 5

[sncFacebookPosts] social-news-center.php:167
[sncSocialMediaPosts] social-news-center.php:559
[sncInstagramPosts] social-news-center.php:615
[sncTwitterPosts] social-news-center.php:1209
[sncMixedPosts] social-news-center.php:1709
WordPress Hooks 6
actionadmin_menuincludes\functions-wp.php:616
actionadmin_initincludes\functions-wp.php:645
actiontemplate_redirectincludes\functions-wp.php:922
actionadmin_enqueue_scriptssocial-news-center.php:56
actionwp_enqueue_scriptssocial-news-center.php:98
actionplugins_loadedsocial-news-center.php:1913
Maintenance & Trust

Social News Center Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 11, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Social News Center Alternatives

SoGrid Lite

SoGrid Lite

sogrid-lite-social-networks-posts-grid

A
85

SoGrid is a WordPress plugin that displays your social network posts / feed in a functional grid.

10 No CVEs
Open Graph and Twitter Card Tags

Open Graph and Twitter Card Tags

wonderm00ns-simple-facebook-open-graph-tags

A
99

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K 2 CVEs
Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds

Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds

facebook-pagelike-widget

A
99

Floating Social Media Icons, Sticky Share Buttons, Facebook Feeds, & Popup builder. Also, create Call, Email, SMS, & Contact buttons to increa …

50K 2 CVEs
OG — Better Share on Social Media

OG — Better Share on Social Media

og

A
100

The simple method to add Open Graph metadata to your entries so that they look great when shared on sites.

30K No CVEs
Social Media Widget

Social Media Widget

social-media-widget

A
87

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs
Developer Profile

Social News Center Developer Profile

Phil Gowling

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Social News Center

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-news-center/css/magnific-popup.css/wp-content/plugins/social-news-center/css/style.css/wp-content/plugins/social-news-center/js/isotope.pkgd.min.js/wp-content/plugins/social-news-center/js/imagesloaded.pkgd.min.js/wp-content/plugins/social-news-center/js/jquery.magnific-popup.min.js/wp-content/plugins/social-news-center/js/functions.js/wp-content/plugins/social-news-center/js/functions-wp.js/wp-content/plugins/social-news-center/js/facebook.js+2 more
Script Paths
js/isotope.pkgd.min.jsjs/imagesloaded.pkgd.min.jsjs/jquery.magnific-popup.min.jsjs/functions.jsjs/functions-wp.jsjs/facebook.js+2 more

HTML / DOM Fingerprints

JS Globals
FBthe_ajax_scriptsnc_doCheckLoginStatussnc_getSocialMediaPostssnc_doEmptyCache_callbacksnc_getFacebookPosts_callback
REST Endpoints
/wp-json/snc/v1/data
Shortcode Output
<div id="fb-root"></div><script type="text/javascript">window.fbAsyncInit = function() {FB.init({appId
FAQ

Frequently Asked Questions about Social News Center