WP-Safety

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Security & Risk Analysis

wordpress.org/plugins/social-web-suite

Social media auto post, social media auto publish, schedule, share, and promote your new, and re-share your old posts to Instagram, X(Twitter), Facebo …

600 active installs v4.1.12 PHP 7.4+ WP 4.9.0+ Updated Sep 21, 2024
social-media-auto-postsocial-media-auto-publishsocial-media-postsocial-media-schedulingsocial-media-share
90
A · Safe
CVEs total1
Unpatched0
Last CVEOct 2, 2024
Plugin page Download
Safety Verdict

Is Social Web Suite – Social Media Auto Post, Social Media Auto Publish Safe to Use in 2026?

Generally Safe

Score 90/100

Social Web Suite – Social Media Auto Post, Social Media Auto Publish has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 2, 2024Updated 1yr ago
Risk Assessment

The social-web-suite plugin version 4.1.12 exhibits a concerning security posture, primarily due to a large number of unprotected AJAX endpoints. While the plugin demonstrates good practices in SQL query handling with 100% prepared statements and a majority of proper output escaping, the sheer volume of unprotected entry points creates a significant attack surface. The single critical taint flow identified, though not explicitly detailed as a critical severity, suggests a potential for path traversal, which is further corroborated by its past vulnerability history involving this specific type of vulnerability.

The vulnerability history, while showing no currently unpatched CVEs, does indicate a past high-severity issue related to Path Traversal. This, combined with the presence of a taint flow with unsanitized paths in the current analysis, strongly suggests that path traversal remains a persistent risk. The plugin's strengths lie in its secure database interactions and a decent percentage of properly escaped output, but these are overshadowed by the immediate risks posed by insecure AJAX handlers and the lingering threat of path-related vulnerabilities.

Key Concerns

  • 11 unprotected AJAX handlers
  • Flow with unsanitized paths (taint analysis)
  • Past high-severity path traversal vulnerability
  • 77% properly escaped output
  • 2 File operations
Vulnerabilities
1

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-8352high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download

Oct 2, 2024 Patched in 4.1.12 (1d)
Code Analysis
Analyzed Mar 16, 2026

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
34
114 escaped
Nonce Checks
4
Capability Checks
2
File Operations
2
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

77% escaped148 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class-socialwebsuite-admin> (includes\admin\class-socialwebsuite-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Attack Surface

Entry Points12
Unprotected11

AJAX Handlers 12

noprivwp_ajax_sws_activateincludes\admin\class-socialwebsuite-admin.php:49
noprivwp_ajax_sws_refresh_settingsincludes\admin\class-socialwebsuite-admin.php:52
noprivwp_ajax_sws_list_categoriesincludes\admin\class-socialwebsuite-admin.php:55
noprivwp_ajax_sws_list_postsincludes\admin\class-socialwebsuite-admin.php:58
noprivwp_ajax_sws_list_post_typesincludes\admin\class-socialwebsuite-admin.php:61
noprivwp_ajax_sws_get_contentincludes\admin\class-socialwebsuite-admin.php:64
noprivwp_ajax_sws_get_single_postincludes\admin\class-socialwebsuite-admin.php:67
noprivwp_ajax_sws_get_post_imageincludes\admin\class-socialwebsuite-admin.php:70
noprivwp_ajax_sws_unlinkincludes\admin\class-socialwebsuite-admin.php:73
noprivwp_ajax_sws_pingincludes\admin\class-socialwebsuite-admin.php:76
authwp_ajax_sws_submit_uninstall_reasonincludes\admin\class-socialwebsuite-admin.php:79
authwp_ajax_sws_notice_rateincludes\admin\class-socialwebsuite-admin.php:82
WordPress Hooks 24
actionadmin_menuincludes\admin\class-socialwebsuite-admin.php:28
actioninitincludes\admin\class-socialwebsuite-admin.php:35
actionadmin_initincludes\admin\class-socialwebsuite-admin.php:36
actionadmin_enqueue_scriptsincludes\admin\class-socialwebsuite-admin.php:139
actionpost_submitbox_misc_actionsincludes\admin\class-socialwebsuite-admin.php:146
actionadd_meta_boxesincludes\admin\class-socialwebsuite-admin.php:147
actionsave_postincludes\admin\class-socialwebsuite-admin.php:149
actionpending_to_publishincludes\admin\class-socialwebsuite-admin.php:171
actionnew_to_publishincludes\admin\class-socialwebsuite-admin.php:172
actiondraft_to_publishincludes\admin\class-socialwebsuite-admin.php:173
actionauto-draft_to_publishincludes\admin\class-socialwebsuite-admin.php:174
actiontransition_post_statusincludes\admin\class-socialwebsuite-admin.php:179
actionsave_postincludes\admin\class-socialwebsuite-admin.php:182
actionpending_to_publishincludes\admin\class-socialwebsuite-admin.php:185
actionnew_to_publishincludes\admin\class-socialwebsuite-admin.php:186
actiondraft_to_publishincludes\admin\class-socialwebsuite-admin.php:187
actionauto-draft_to_publishincludes\admin\class-socialwebsuite-admin.php:188
actioninitincludes\class-socialwebsuite.php:1302
actionactivated_pluginincludes\class-socialwebsuite.php:1303
filterplugin_action_linksincludes\class-socialwebsuite.php:1357
actionadmin_footerincludes\class-socialwebsuite.php:1358
actionfuture_to_publishincludes\class-socialwebsuite.php:1364
actiontrash_postincludes\class-socialwebsuite.php:1368
actionplugins_loadedsocial-web-suite.php:56
Maintenance & Trust

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 21, 2024
PHP min version7.4
Downloads65K

Community Trust

Rating68/100
Number of ratings13
Active installs600
Alternatives

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Alternatives

ReVivify Social

ReVivify Social

revivify-social

A
100

Plugin that facilitates auto post sharing and scheduling on social networks, keeping the content alive and active.

0 No CVEs
Jetpack Social

Jetpack Social

jetpack-social

A
100

Write once, publish everywhere. Reach your target audience by sharing your content with Jetpack Social!

30K No CVEs
Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
97

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 7 CVEs
Social Sharing Plugin – Social Warfare

Social Sharing Plugin – Social Warfare

social-warfare

B
84

The most beautiful, responsive, lightning fast social share buttons built to boost shares and drive more traffic without slowing down your site.

20K 8 CVEs
Revive Social – Social Media Auto Post and Scheduling Automation Plugin

Revive Social – Social Media Auto Post and Scheduling Automation Plugin

tweet-old-post

A
95

Automatically share your WordPress posts on multiple social networks like Facebook, X (Twitter), LinkedIn, Instagram and more.

20K 3 CVEs
Developer Profile

Social Web Suite – Social Media Auto Post, Social Media Auto Publish Developer Profile

Dejan Markovic

1 plugin · 600 total installs

93
trust score
Avg Security Score
90/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Social Web Suite – Social Media Auto Post, Social Media Auto Publish

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-web-suite/assets/js/backend/script.js/wp-content/plugins/social-web-suite/assets/css/backend/style.css/wp-content/plugins/social-web-suite/assets/js/frontend/script.js/wp-content/plugins/social-web-suite/assets/css/frontend/style.css
Script Paths
/wp-content/plugins/social-web-suite/assets/js/backend/script.js/wp-content/plugins/social-web-suite/assets/js/frontend/script.js
Version Parameters
/wp-content/plugins/social-web-suite/assets/js/backend/script.js?ver=/wp-content/plugins/social-web-suite/assets/css/backend/style.css?ver=/wp-content/plugins/social-web-suite/assets/js/frontend/script.js?ver=/wp-content/plugins/social-web-suite/assets/css/frontend/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
sws-sharing-buttonsws-settings-tab
HTML Comments
<!-- The main page for the Social Web Suite --><!-- Post submitbox misc actions for Social Web Suite -->
Data Attributes
data-sws-post-iddata-sws-nonce
JS Globals
sws_varsSocialWebSuiteAdmin
REST Endpoints
/wp-json/sws/v1/activate/wp-json/sws/v1/refresh-settings/wp-json/sws/v1/list-categories/wp-json/sws/v1/list-posts/wp-json/sws/v1/list-post-types/wp-json/sws/v1/get-content/wp-json/sws/v1/get-single-post/wp-json/sws/v1/get-post-image/wp-json/sws/v1/unlink/wp-json/sws/v1/ping/wp-json/sws/v1/submit-uninstall-reason/wp-json/sws/v1/notice-rate
Shortcode Output
[social_web_suite_display_buttons]
FAQ

Frequently Asked Questions about Social Web Suite – Social Media Auto Post, Social Media Auto Publish