Does Social Shares have any unpatched vulnerabilities?

No. All known vulnerabilities in Social Shares have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Social Shares compatible with WordPress 4.4.34?

According to WordPress.org data, Social Shares 1.1.3 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Social Shares updated?

Social Shares was last updated on Nov 10, 2015. Frequent updates are generally a positive security signal.

What is Social Shares's security score?

Social Shares has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Social Shares Security & Risk Analysis

wordpress.org/plugins/social-shares

Get the number of Likes and Twitter Tweets for each post. Sort your posts by share count or display the share count.

30 active installs v1.1.3 PHP + WP 3.0+ Updated Nov 10, 2015

facebooklikesharesocialtwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Social Shares Safe to Use in 2026?

Generally Safe

Score 85/100

Social Shares has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "social-shares" plugin v1.1.3 exhibits a mixed security posture. On the positive side, it boasts a minimal attack surface with no direct AJAX handlers, REST API routes, or shortcodes exposed without authentication. This significantly reduces the immediate avenues for attackers to interact with the plugin's core functions. Furthermore, the plugin demonstrates good practices in output escaping, with a high percentage of outputs being properly handled.

However, several concerning signals emerge from the static analysis. The presence of the `unserialize` function is a notable risk, as it can lead to Remote Code Execution (RCE) vulnerabilities if it processes untrusted user input. The taint analysis indicating flows with unsanitized paths, even without critical or high severity classifications, warrants attention, suggesting potential for data leakage or manipulation. The complete lack of nonce checks and capability checks on any entry points is a critical oversight, leaving any function accessible if an attacker can trigger it.

The plugin's vulnerability history is clean, with no recorded CVEs. While this is a positive indicator, it does not negate the risks identified in the static analysis. The absence of past vulnerabilities could be due to low adoption, the plugin's limited complexity, or simply luck. The risk assessment concludes that while the plugin has a small attack surface and good output escaping, the critical lack of authentication checks (nonces and capabilities) and the use of `unserialize` with unsanitized inputs present significant security weaknesses that need to be addressed.

Key Concerns

Unsanitized input for unserialize
Raw SQL queries without prepared statements
Total lack of nonce checks
Total lack of capability checks
Taint flows with unsanitized paths

Vulnerabilities

None known

Social Shares Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Social Shares Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$options=@unserialize(get_option('social_shares'));social_shares.php:31

SQL Query Safety

0% prepared1 total queries

Output Escaping

83% escaped6 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

options_page (social_shares.php:48)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Social Shares Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionsocial_sharessocial_shares.php:323

actionadmin_menusocial_shares.php:325

actionpre_get_postssocial_shares.php:326

actionsave_postsocial_shares.php:327

filterthe_contentsocial_shares.php:328

actioninitsocial_shares.php:329

actionparse_querysocial_shares.php:330

actionwp_headsocial_shares.php:331

actionwp_footersocial_shares.php:332

Scheduled Events 1

social_shares

Maintenance & Trust

Social Shares Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedNov 10, 2015

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

Social Shares Alternatives

Fastershare

fastershare

This plugin allows your visitors to share your posts on Facebook and Twitter, without JavaScript or iFrames.

10 No CVEs

Seed Social

seed-social

Minimal Social Sharing WordPress Plugin (Just Facebook, Twitter and Line)

7K 1 CVE

Custom Share Buttons with Floating Sidebar

custom-share-buttons-with-floating-sidebar

Share buttons with extra features to sharing your website posts/pages on Facebook, Twitter, Instagram, Whatsapp, Pinterest etc.

5K 1 CVE

BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress

facebook-button-plugin

Add Facebook Follow, Like, and Share buttons to WordPress posts, pages, and widgets.

5K 2 CVEs

Spice Social Share

spice-social-share

Effortlessly add social share buttons to your posts.

5K No CVEs

Developer Profile

Social Shares Developer Profile

Waterloo Plugins

4 plugins · 270 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Social Shares

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ