WP-Safety

Social Rocket – Social Sharing Plugin Security & Risk Analysis

wordpress.org/plugins/social-rocket

Add fully-customizable social sharing buttons to your site. Easy to use and packed with many additional social networking features.

1K active installs v1.3.5 PHP 5.5+ WP 4.4+ Updated Feb 23, 2026
share-countssocial-buttonssocial-mediasocial-sharesocial-share-buttons
94
A · Safe
CVEs total6
Unpatched0
Last CVEJan 6, 2025
Download
Safety Verdict

Is Social Rocket – Social Sharing Plugin Safe to Use in 2026?

Generally Safe

Score 94/100

Social Rocket – Social Sharing Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 6, 2025Updated 1mo ago
Risk Assessment

The "social-rocket" v1.3.5 plugin exhibits a mixed security posture, with several areas of concern despite some good practices. The static analysis reveals a notable attack surface with 10 AJAX handlers, 5 of which lack authentication checks, presenting a direct path for potential unauthorized actions. Additionally, the presence of the `unserialize` function is a significant red flag, as it can lead to remote code execution vulnerabilities if not handled with extreme care, especially when dealing with user-controlled input. While taint analysis shows no critical or high severity flows, the 3 flows with unsanitized paths warrant further investigation.

The vulnerability history indicates a recurring pattern of security weaknesses, with 6 known CVEs including high and medium severity issues such as Missing Authorization, Cross-Site Scripting, and Cross-Site Request Forgery. The fact that all previous vulnerabilities are currently patched is positive, but the repeated occurrence of these types of flaws suggests ongoing development or architectural issues that need continuous attention. While the plugin does implement nonce and capability checks on a portion of its entry points, the unprotected AJAX handlers and the potential for `unserialize` abuse are significant weaknesses that could be exploited.

In conclusion, "social-rocket" v1.3.5 has a concerning number of unprotected entry points and uses a dangerous function. The historical vulnerability data further amplifies these concerns, pointing to a need for more robust security practices throughout the development lifecycle. While the absence of unpatched CVEs and the presence of some security checks are strengths, the identified weaknesses pose a tangible risk that should be addressed.

Key Concerns

  • Unprotected AJAX handlers (5/10)
  • Dangerous function: unserialize present
  • SQL queries: 62% without prepared statements
  • Output escaping: 44% not properly escaped
  • History of 6 CVEs (2 High, 4 Medium)
  • Flows with unsanitized paths (3)
Vulnerabilities
6

Social Rocket – Social Sharing Plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2020
2020
1 CVE in 2022
2022
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
4

6 total CVEs

CVE-2024-9697medium · 5.3Missing Authorization

Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update

Jan 6, 2025 Patched in 1.3.4.1 (372d)
CVE-2024-9702medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 6, 2025 Patched in 1.3.4.1 (372d)
CVE-2024-37258medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Rocket <= 1.3.3 - Reflected Cross-Site Scripting

Jun 27, 2024 Patched in 1.3.4 (6d)
CVE-2022-3136medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 19, 2022 Patched in 1.3.3 (491d)
WF-1e8060bc-900f-4f2d-a24e-13dc1d830fc1-social-rockethigh · 8.8Cross-Site Request Forgery (CSRF)

Social Rocket <= 1.2.9 - Cross-Site Request Forgery

Jul 22, 2020 Patched in 1.2.10 (1280d)
CVE-2020-5611high · 8.8Cross-Site Request Forgery (CSRF)

Social Rocket – Social Sharing Plugin < 1.2.10 - Cross-Site Request Forgery

Jul 22, 2020 Patched in 1.2.10 (1416d)
Code Analysis
Analyzed Mar 16, 2026

Social Rocket – Social Sharing Plugin Code Analysis

Dangerous Functions
5
Raw SQL Queries
13
8 prepared
Unescaped Output
190
237 escaped
Nonce Checks
10
Capability Checks
13
File Operations
8
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta( $postmeta['post_id'], $postmeta['meta_key'], is_serialized( $postmeta['meta_value'admin\includes\class-social-rocket-admin.php:3850
unserializeupdate_term_meta( $termmeta['term_id'], $termmeta['meta_key'], is_serialized( $termmeta['meta_value'admin\includes\class-social-rocket-admin.php:3856
unserializeupdate_user_meta( $postmeta['user_id'], $postmeta['meta_key'], is_serialized( $postmeta['meta_value'admin\includes\class-social-rocket-admin.php:3862
unserialize$value = unserialize( $result['data'] );includes\class-social-rocket-background-process.php:222
unserialize$return = unserialize( $data['data'] );includes\class-social-rocket.php:399

SQL Query Safety

38% prepared21 total queries

Output Escaping

56% escaped427 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths
ajax_get_floating_buttons (includes\class-social-rocket.php:106)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Social Rocket – Social Sharing Plugin Attack Surface

Entry Points13
Unprotected5

AJAX Handlers 10

authwp_ajax_social_rocket_hide_noticeadmin\includes\class-social-rocket-admin-notices.php:41
authwp_ajax_social_rocket_recalc_alladmin\includes\class-social-rocket-admin.php:40
authwp_ajax_social_rocket_tweet_settings_deleteadmin\includes\class-social-rocket-admin.php:41
authwp_ajax_social_rocket_tweet_settings_loadadmin\includes\class-social-rocket-admin.php:42
authwp_ajax_social_rocket_tweet_settings_saveadmin\includes\class-social-rocket-admin.php:43
authwp_ajax_social_rocket_tweet_settings_updateadmin\includes\class-social-rocket-admin.php:44
authwp_ajax_social_rocket_get_inline_buttonsincludes\class-social-rocket.php:70
noprivwp_ajax_social_rocket_get_inline_buttonsincludes\class-social-rocket.php:71
authwp_ajax_social_rocket_get_floating_buttonsincludes\class-social-rocket.php:72
noprivwp_ajax_social_rocket_get_floating_buttonsincludes\class-social-rocket.php:73

Shortcodes 3

[socialrocket] includes\social-rocket-shortcodes.php:7
[socialrocket-floating] includes\social-rocket-shortcodes.php:68
[socialrocket-tweet] includes\social-rocket-shortcodes.php:87
WordPress Hooks 60
actionswitch_themeadmin\includes\class-social-rocket-admin-notices.php:32
actionsocial_rocket_activatedadmin\includes\class-social-rocket-admin-notices.php:33
actionwp_loadedadmin\includes\class-social-rocket-admin-notices.php:34
actionshutdownadmin\includes\class-social-rocket-admin-notices.php:35
actionadmin_print_stylesadmin\includes\class-social-rocket-admin-notices.php:38
actionadmin_noticesadmin\includes\class-social-rocket-admin-notices.php:190
actionadmin_noticesadmin\includes\class-social-rocket-admin-notices.php:192
actionadmin_enqueue_scriptsadmin\includes\class-social-rocket-admin.php:31
actionadmin_enqueue_scriptsadmin\includes\class-social-rocket-admin.php:32
actionadmin_menuadmin\includes\class-social-rocket-admin.php:35
actionadmin_initadmin\includes\class-social-rocket-admin.php:36
actionadmin_initadmin\includes\class-social-rocket-admin.php:37
filterattachment_fields_to_editadmin\includes\class-social-rocket-admin.php:47
filterattachment_fields_to_saveadmin\includes\class-social-rocket-admin.php:48
filterwp_prepare_attachment_for_jsadmin\includes\class-social-rocket-admin.php:49
filtermanage_posts_columnsadmin\includes\class-social-rocket-admin.php:52
filtermanage_pages_columnsadmin\includes\class-social-rocket-admin.php:53
actionmanage_posts_custom_columnadmin\includes\class-social-rocket-admin.php:54
actionmanage_pages_custom_columnadmin\includes\class-social-rocket-admin.php:55
filtermanage_edit-post_sortable_columnsadmin\includes\class-social-rocket-admin.php:56
filtermanage_edit-page_sortable_columnsadmin\includes\class-social-rocket-admin.php:57
actionpre_get_postsadmin\includes\class-social-rocket-admin.php:58
actionadd_meta_boxesadmin\includes\class-social-rocket-admin.php:61
actionsave_postadmin\includes\class-social-rocket-admin.php:62
actionadmin_initadmin\includes\class-social-rocket-admin.php:65
actionedit_termadmin\includes\class-social-rocket-admin.php:66
filtermce_buttonsadmin\includes\class-social-rocket-admin.php:69
filtermce_external_pluginsadmin\includes\class-social-rocket-admin.php:70
filtertiny_mce_versionadmin\includes\class-social-rocket-admin.php:71
actionedit_user_profileadmin\includes\class-social-rocket-admin.php:74
actionshow_user_profileadmin\includes\class-social-rocket-admin.php:75
actionedit_user_profile_updateadmin\includes\class-social-rocket-admin.php:76
actionpersonal_options_updateadmin\includes\class-social-rocket-admin.php:77
actionshutdownincludes\class-social-rocket-background-process.php:91
filtercron_schedulesincludes\class-social-rocket-background-process.php:93
filtersocial_rocket_insert_floating_dataincludes\class-social-rocket-compatibility.php:20
filtersocial_rocket_insert_inline_dataincludes\class-social-rocket-compatibility.php:21
actionsocial_rocket_cronincludes\class-social-rocket-cron.php:19
actionwp_enqueue_scriptsincludes\class-social-rocket.php:76
actionwp_enqueue_scriptsincludes\class-social-rocket.php:77
filterget_the_excerptincludes\class-social-rocket.php:80
filterget_the_excerptincludes\class-social-rocket.php:81
actiontemplate_redirectincludes\class-social-rocket.php:82
actiontemplate_redirectincludes\class-social-rocket.php:83
actionwp_loadedincludes\class-social-rocket.php:89
actionwp_headincludes\class-social-rocket.php:90
filtersocial_rocket_archives_url_use_first_pageincludes\class-social-rocket.php:2724
filterjetpack_enable_open_graphincludes\class-social-rocket.php:3152
filterjetpack_disable_twitter_cardsincludes\class-social-rocket.php:3159
filtersocial_rocket_get_share_urlincludes\networks\class-social-rocket-email.php:116
filtersocial_rocket_get_share_urlincludes\networks\class-social-rocket-email.php:117
filtersocial_rocket_get_share_urlincludes\networks\class-social-rocket-pinterest.php:101
filtersocial_rocket_get_share_urlincludes\networks\class-social-rocket-pinterest.php:102
filtersocial_rocket_get_share_urlincludes\networks\class-social-rocket-reddit.php:101
filtersocial_rocket_get_share_urlincludes\networks\class-social-rocket-twitter.php:103
actioncheck_admin_refererincludes\social-rocket-update.php:7
actioncheck_ajax_refererincludes\social-rocket-update.php:8
actioninitincludes\social-rocket-update.php:180
actioninitsocial-rocket.php:82
actioninitsocial-rocket.php:83

Scheduled Events 1

social_rocket_cron
Maintenance & Trust

Social Rocket – Social Sharing Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version5.5
Downloads58K

Community Trust

Rating100/100
Number of ratings12
Active installs1K
Alternatives

Social Rocket – Social Sharing Plugin Alternatives

Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Hubbub Lite – Fast, free social sharing and follow buttons

Hubbub Lite – Fast, free social sharing and follow buttons

social-pug

A
92

Your content is worth sharing. Let's makes it easier!

30K 9 CVEs
Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
97

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 7 CVEs
Genesis Optimized Social Share

Genesis Optimized Social Share

genesis-optimized-social-share

A
85

Genesis Optimized Social Share loads Popular Social Share Counters without affecting your page Loading Time & PageSpeed Score.

70 No CVEs
Social Media Share Buttons

Social Media Share Buttons

fny-social-media-share-buttons

A
85

Share Buttons is the best sharing Plugin for WordPress based websites.

40 No CVEs
Developer Profile

Social Rocket – Social Sharing Plugin Developer Profile

socialrocket

1 plugin · 1K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
656 days
View full developer profile
Detection Fingerprints

How We Detect Social Rocket – Social Sharing Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-rocket/admin/css/social-rocket-admin.css/wp-content/plugins/social-rocket/admin/js/social-rocket-admin.js/wp-content/plugins/social-rocket/css/social-rocket.css/wp-content/plugins/social-rocket/js/social-rocket.js
Script Paths
/wp-content/plugins/social-rocket/admin/js/social-rocket-admin.js/wp-content/plugins/social-rocket/js/social-rocket.js
Version Parameters
social-rocket/css/social-rocket.css?ver=social-rocket/js/social-rocket.js?ver=social-rocket-admin.css?ver=social-rocket-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
social-rocket-sharessocial-rocket-shares-containersocial-rocket-floating-barsocial-rocket-floating-bar-leftsocial-rocket-floating-bar-rightsocial-rocket-inline-sharing
HTML Comments
<!-- Social Rocket shares column --><!-- Social Rocket Share count wrapper --><!-- Social Rocket Share count label --><!-- Social Rocket Share count value -->+3 more
Data Attributes
data-sr-id
JS Globals
SocialRocket
REST Endpoints
/wp-json/social-rocket/v1/shares
Shortcode Output
[social_rocket_share][social_rocket_tweet_button][social_rocket_facebook_button][social_rocket_pinterest_button]
FAQ

Frequently Asked Questions about Social Rocket – Social Sharing Plugin