Does Sociality have any unpatched vulnerabilities?

No. All known vulnerabilities in Sociality have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sociality compatible with WordPress 6.7.5?

According to WordPress.org data, Sociality 1.3.5 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Sociality compatible with PHP 7.2+?

Sociality requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sociality updated?

Sociality was last updated on Nov 27, 2024. Frequent updates are generally a positive security signal.

What is Sociality's security score?

Sociality has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sociality Security & Risk Analysis

wordpress.org/plugins/sociality

Social features for the theme authors.

1K active installs v1.3.5 PHP 7.2+ WP 5.6+ Updated Nov 27, 2024

post-author-blocksharesocial

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Sociality Safe to Use in 2026?

Generally Safe

Score 92/100

Sociality has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'sociality' plugin version 1.3.5, based on this static analysis, presents a generally positive security posture. It demonstrates good practices by utilizing prepared statements for all SQL queries and lacks any recorded historical vulnerabilities, indicating a history of security awareness or a lack of past exploitation. The plugin also exhibits a relatively small attack surface with all identified entry points appearing to have some form of authentication or permission checks. Furthermore, there are no identified critical or high-severity taint flows, suggesting that user-supplied input is not being mishandled in a way that could lead to immediate exploitation.

However, there are areas for improvement. The presence of a dangerous function like `create_function` is a significant concern, as it can be exploited for code injection if not used with extreme caution and proper sanitization, although no direct taint flows were found originating from it. More notably, a substantial portion of output (37%) is not properly escaped. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected and executed within the user's browser, potentially leading to session hijacking or other harmful actions. While the number of entry points is low, the lack of explicit nonce checks on all AJAX handlers (though the analysis states 0 unprotected AJAX handlers, the presence of a single nonce check for 2 handlers implies one might not have one) and capability checks on all shortcodes (again, inferring from the single capability check for 2 shortcodes) could still represent potential weaknesses if these checks are not robust.

In conclusion, 'sociality' v1.3.5 has a strong foundation in terms of SQL query handling and vulnerability history. The primary weaknesses lie in the potential for XSS due to unescaped output and the presence of the `create_function` function. Addressing these issues, particularly the output escaping, should be a priority to significantly enhance the plugin's security.

Key Concerns

Dangerous function: create_function detected
37% of outputs not properly escaped (XSS risk)
Potential insufficient nonce/capability checks

Vulnerabilities

None known

Sociality Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sociality Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function( '', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";'classes\class-settings-api.php:110

Output Escaping

63% escaped82 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

wechat_share_render (classes\class-sharing.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sociality Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

noprivwp_ajax_sociality-like-actionclasses\class-likes.php:48

authwp_ajax_sociality-like-actionclasses\class-likes.php:49

Shortcodes 2

[sociality_author_bio] classes\class-author-bio.php:51

[sociality_sharing] classes\class-sharing.php:55

WordPress Hooks 21

actionsociality_author_bioclasses\class-author-bio.php:44

actionsociality-author-bioclasses\class-author-bio.php:45

filterthe_contentclasses\class-author-bio.php:48

actionshow_user_profileclasses\class-author-bio.php:54

actionedit_user_profileclasses\class-author-bio.php:55

actionpersonal_options_updateclasses\class-author-bio.php:58

actionedit_user_profile_updateclasses\class-author-bio.php:59

actionsociality_likesclasses\class-likes.php:44

actionsociality-likesclasses\class-likes.php:45

actionadmin_enqueue_scriptsclasses\class-settings-api.php:32

actionadmin_initclasses\class-settings.php:74

actionadmin_menuclasses\class-settings.php:75

actionwpclasses\class-sharing.php:44

actiontemplate_redirectclasses\class-sharing.php:45

actionsociality_sharingclasses\class-sharing.php:48

actionsociality-sharingclasses\class-sharing.php:49

filterthe_contentclasses\class-sharing.php:52

actioninitsociality.php:123

actionadmin_initsociality.php:124

actionwp_enqueue_scriptssociality.php:125

actionplugins_loadedsociality.php:275

Maintenance & Trust

Sociality Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 27, 2024

PHP min version7.2

Downloads39K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

Sociality Alternatives

AddToAny Share Buttons

add-to-any

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs

Social Sharing Plugin – Sassy Social Share

sassy-social-share

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs

Social Media Share Buttons & Social Sharing Icons

ultimate-social-media-icons

Share buttons and pop up share icons for social media sharing

100K 11 CVEs

Wp Social Login and Register Social Counter

wp-social

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K 5 CVEs

Developer Profile

Sociality Developer Profile

Danny van Kooten

90 plugins · 2.1M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

522 days

View full developer profile

Detection Fingerprints

How We Detect Sociality

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sociality/assets/sociality.min.css/wp-content/plugins/sociality/assets/sociality.min.js/wp-content/plugins/sociality/assets/sociality-share/sociality-share.min.js

Script Paths

/wp-content/plugins/sociality/assets/sociality.min.js/wp-content/plugins/sociality/assets/sociality-share/sociality-share.min.js

Version Parameters

sociality/assets/sociality.min.css?ver=1.3.5sociality/assets/sociality.min.js?ver=1.3.5sociality/assets/sociality-share/sociality-share.min.js?ver=1.3.5

HTML / DOM Fingerprints

JS Globals

socialityData

FAQ