WP-Safety

Social Share, Social Login and Social Comments Plugin – Super Socializer Security & Risk Analysis

wordpress.org/plugins/super-socializer

The unique Social Plugin to let you integrate Social Login, Social Share, Social Comments and Social Media follow at your website

20K active installs v7.14.5 PHP + WP 2.5.0+ Updated Sep 26, 2025
chatgptfacebook-commentsgroksocial-loginsocial-share
92
A · Safe
CVEs total10
Unpatched0
Last CVEJan 20, 2025
Plugin page Download
Safety Verdict

Is Social Share, Social Login and Social Comments Plugin – Super Socializer Safe to Use in 2026?

Generally Safe

Score 92/100

Social Share, Social Login and Social Comments Plugin – Super Socializer has a strong security track record. Known vulnerabilities have been patched promptly.

10 known CVEsLast CVE: Jan 20, 2025Updated 6mo ago
Risk Assessment

The "super-socializer" plugin exhibits a mixed security posture. While it demonstrates some good practices, such as a high percentage of properly escaped outputs and a significant number of capability checks, there are notable areas of concern. The static analysis reveals a substantial attack surface with 7 AJAX handlers lacking authentication checks, which presents a direct pathway for unauthorized actions. Furthermore, the taint analysis highlights 2 high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if not properly handled. The plugin's vulnerability history is a significant red flag, with 10 known CVEs, including a past critical vulnerability. While there are currently no unpatched vulnerabilities, the pattern of SQL injection, improper authentication, CSRF, and authentication bypass suggests recurring security weaknesses that require diligent and timely patching from users. The plugin's strengths lie in its output escaping and capability checks, but the unprotected entry points and past critical vulnerabilities warrant caution.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • History of SQL injection vulnerabilities
  • History of Improper Authentication vulnerabilities
  • History of CSRF vulnerabilities
  • History of Cross-Site Scripting vulnerabilities
  • History of Authentication Bypass vulnerabilities
  • SQL queries without prepared statements
Vulnerabilities
10

Social Share, Social Login and Social Comments Plugin – Super Socializer Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
2 CVEs in 2022
2022
4 CVEs in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
8

10 total CVEs

CVE-2024-13230medium · 5.3Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey'

Jan 20, 2025 Patched in 7.14.1 (1d)
CVE-2024-9946high · 8.1Improper Authentication

Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider

Nov 5, 2024 Patched in 7.14 (107d)
CVE-2024-2836medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.63 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 7.13.64 (31d)
CVE-2023-41802medium · 4.3Cross-Site Request Forgery (CSRF)

Super Socializer <= 7.13.54 - Cross-Site Request Forgery

Sep 5, 2023 Patched in 7.13.55 (140d)
WF-755454cc-b1a8-4a38-9e73-c47a6ef562a2-super-socializermedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Super Socializer <= 7.13.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jul 11, 2023 Patched in 7.13.54 (196d)
CVE-2023-35882medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jun 19, 2023 Patched in 7.13.53 (218d)
CVE-2023-2779medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Share, Social Login and Social Comments <= 7.13.51 - Reflected Cross-Site Scripting

May 29, 2023 Patched in 7.13.52 (239d)
CVE-2022-4484medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Dec 23, 2022 Patched in 7.13.45 (396d)
CVE-2021-24987medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Share, Social Login and Social Comments < 7.13.30 - Reflected Cross-Site Scripting

Mar 15, 2022 Patched in 7.13.30 (679d)
WF-cdbf2658-b819-4fd3-ac89-8b90a7e3a2cf-super-socializercritical · 9.8Authentication Bypass Using an Alternate Path or Channel

Social Share, Social Login and Social Comments <= 7.10.6 - Authentication Bypass

Mar 3, 2018 Patched in 7.11 (2152d)
Version History

Social Share, Social Login and Social Comments Plugin – Super Socializer Release Timeline

v7.14.5Current
v7.14.4
v7.14.3
v7.14.2
v7.14.1
v7.141 CVE
CVE-2024-13230
v7.13.682 CVEs
CVE-2024-13230 CVE-2024-9946
v7.13.672 CVEs
CVE-2024-13230 CVE-2024-9946
v7.13.662 CVEs
CVE-2024-13230 CVE-2024-9946
v7.13.652 CVEs
CVE-2024-13230 CVE-2024-9946
v7.13.642 CVEs
CVE-2024-13230 CVE-2024-9946
v7.13.633 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.623 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.613 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.603 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.593 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.573 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.563 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.553 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2024-9946
v7.13.544 CVEs
CVE-2024-2836 CVE-2024-13230 CVE-2023-41802 +1 more
Code Analysis
Analyzed Mar 16, 2026

Social Share, Social Login and Social Comments Plugin – Super Socializer Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
10 prepared
Unescaped Output
461
1465 escaped
Nonce Checks
14
Capability Checks
17
File Operations
9
External Requests
62
Bundled Libraries
0

SQL Query Safety

59% prepared17 total queries

Output Escaping

76% escaped1926 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

13 flows11 with unsanitized paths
the_champ_notify (helper.php:330)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Social Share, Social Login and Social Comments Plugin – Super Socializer Attack Surface

Entry Points26
Unprotected7

AJAX Handlers 20

noprivwp_ajax_the_champ_notifyhelper.php:339
authwp_ajax_the_champ_unlinkhelper.php:790
authwp_ajax_the_champ_clear_shorturl_cachehelper.php:1044
authwp_ajax_heateor_ss_clear_share_count_cachehelper.php:1056
authwp_ajax_heateor_ss_delete_social_profilehelper.php:1203
noprivwp_ajax_the_champ_ask_emailinc\social_login.php:1175
noprivwp_ajax_the_champ_save_emailinc\social_login.php:1240
authwp_ajax_the_champ_sharing_countinc\social_sharing.php:1159
noprivwp_ajax_the_champ_sharing_countinc\social_sharing.php:1160
authwp_ajax_the_champ_save_facebook_sharesinc\social_sharing.php:1243
noprivwp_ajax_the_champ_save_facebook_sharesinc\social_sharing.php:1244
authwp_ajax_heateor_ss_twitcount_notification_readsuper_socializer.php:3040
authwp_ajax_heateor_ss_gdpr_notification_readsuper_socializer.php:3051
authwp_ajax_heateor_ss_fb_redirection_notification_readsuper_socializer.php:3062
authwp_ajax_heateor_ss_twitter_callback_notification_readsuper_socializer.php:3073
authwp_ajax_heateor_ss_linkedin_redirect_url_notification_readsuper_socializer.php:3084
authwp_ajax_heateor_ss_fb_count_notification_readsuper_socializer.php:3095
authwp_ajax_heateor_ss_twitter_new_callback_notification_readsuper_socializer.php:3106
authwp_ajax_heateor_ss_linkedin_redirection_notification_readsuper_socializer.php:3117
authwp_ajax_heateor_ss_google_redirection_notification_readsuper_socializer.php:3128

Shortcodes 6

[TheChamp-Sharing] inc\shortcode.php:104
[TheChamp-Counter] inc\shortcode.php:193
[TheChamp-Login] inc\shortcode.php:238
[TheChamp-FB-Comments] inc\shortcode.php:277
[TheChamp-Social-Linking] inc\shortcode.php:299
[TheChamp-Social-Follow] inc\shortcode.php:459
WordPress Hooks 81
actionsave_posthelper.php:216
actionadmin_inithelper.php:219
filterplugin_action_links_super-socializer/super_socializer.phphelper.php:317
actionwpmu_new_bloghelper.php:527
actionupdate_option_the_champ_loginhelper.php:543
actionupdate_option_the_champ_facebookhelper.php:544
actionupdate_option_the_champ_sharinghelper.php:545
actionadmin_noticeshelper.php:745
actionbp_setup_navhelper.php:746
actionbp_template_contenthelper.php:819
actionbp_includehelper.php:830
filtersanitize_userhelper.php:985
actionbp_before_profile_avatar_upload_contenthelper.php:1032
filterauthenticatehelper.php:1076
filterlogin_errorshelper.php:1089
filtermanage_users_columnshelper.php:1118
filtermanage_users_custom_columnhelper.php:1142
actionadmin_enqueue_scriptshelper.php:1155
actionadmin_headhelper.php:1189
filtersafe_style_csshelper.php:1224
filterparse_requesthelper.php:1252
actionlogin_forminc\social_login.php:83
actionbp_before_sidebar_login_forminc\social_login.php:84
actionregister_forminc\social_login.php:87
actionafter_signup_forminc\social_login.php:88
actionbp_before_account_details_fieldsinc\social_login.php:89
actioncomment_form_must_log_in_afterinc\social_login.php:94
actioncomment_form_topinc\social_login.php:96
actionwoocommerce_before_customer_login_forminc\social_login.php:100
actionwoocommerce_login_forminc\social_login.php:103
actionwoocommerce_register_forminc\social_login.php:106
actionwoocommerce_checkout_before_customer_detailsinc\social_login.php:109
actionastra_checkout_login_field_beforeinc\social_login.php:111
filterget_avatarinc\social_login.php:451
filterbp_core_fetch_avatarinc\social_login.php:452
filterget_avatar_urlinc\social_login.php:489
actionthe_champ_before_registrationinc\social_login.php:1265
filterlogin_messageinc\social_login.php:1304
filterthe_contentinc\social_sharing.php:919
filterthe_excerptinc\social_sharing.php:920
actionbp_activity_entry_metainc\social_sharing.php:922
actionbp_before_group_headerinc\social_sharing.php:925
filterbbp_get_reply_contentinc\social_sharing.php:927
filterbbp_template_before_single_foruminc\social_sharing.php:928
filterbbp_template_before_single_topicinc\social_sharing.php:929
filterbbp_template_before_lead_topicinc\social_sharing.php:930
filterbbp_template_after_single_foruminc\social_sharing.php:931
filterbbp_template_after_single_topicinc\social_sharing.php:932
filterbbp_template_after_lead_topicinc\social_sharing.php:933
actionwoocommerce_after_shop_loop_iteminc\social_sharing.php:936
actionwoocommerce_shareinc\social_sharing.php:939
actionwoocommerce_thankyouinc\social_sharing.php:942
filterheateor_ss_target_share_url_filterinc\social_sharing.php:1319
filterheateor_ss_target_like_button_url_filterinc\social_sharing.php:1322
actionwidgets_initinc\widget.php:99
actionwidgets_initinc\widget.php:278
actionwidgets_initinc\widget.php:472
actionwidgets_initinc\widget.php:621
actionwidgets_initinc\widget.php:785
actionwidgets_initinc\widget.php:1303
actionwp_enqueue_scriptssuper_socializer.php:211
actionwp_enqueue_scriptssuper_socializer.php:212
actionwp_enqueue_scriptssuper_socializer.php:213
actionlogin_enqueue_scriptssuper_socializer.php:214
actionlogin_enqueue_scriptssuper_socializer.php:215
actionlogin_enqueue_scriptssuper_socializer.php:216
actionparse_requestsuper_socializer.php:217
actionthe_champ_user_successfully_createdsuper_socializer.php:220
actionwp_print_stylessuper_socializer.php:224
actionamp_post_template_csssuper_socializer.php:227
actioninitsuper_socializer.php:230
actionwp_footersuper_socializer.php:2335
actionadmin_menusuper_socializer.php:2670
actionpre_comment_approvedsuper_socializer.php:2688
actionedit_user_profilesuper_socializer.php:2745
actionshow_user_profilesuper_socializer.php:2746
actionpersonal_options_updatesuper_socializer.php:2782
actionedit_user_profile_updatesuper_socializer.php:2783
actionwpmu_new_blogsuper_socializer.php:3029
actionadmin_noticessuper_socializer.php:3515
actionplugins_loadedsuper_socializer.php:3918
Maintenance & Trust

Social Share, Social Login and Social Comments Plugin – Super Socializer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 26, 2025
PHP min version
Downloads3.7M

Community Trust

Rating96/100
Number of ratings685
Active installs20K
Alternatives

Social Share, Social Login and Social Comments Plugin – Super Socializer Alternatives

Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Wp Social Login and Register Social Counter

Wp Social Login and Register Social Counter

wp-social

A
89

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K 5 CVEs
AI Share & Summarize

AI Share & Summarize

ai-share-summarize

A
100

Share on social media and generate summaries with citations from leading AIs (Claude, ChatGPT, Gemini, Grok, Perplexity, DeepSeek, Copilot, Qwen)

1K No CVEs
Explore with AI

Explore with AI

explore-with-ai

A
100

Add links to explore your content with various AI assistants including ChatGPT, Claude, DeepSeek, Grok, and Perplexity.

0 No CVEs
Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Developer Profile

Social Share, Social Login and Social Comments Plugin – Super Socializer Developer Profile

Rajat Varlani

1 plugin · 20K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
416 days
View full developer profile
Detection Fingerprints

How We Detect Social Share, Social Login and Social Comments Plugin – Super Socializer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/super-socializer/css/social-share.css/wp-content/plugins/super-socializer/css/social-login.css/wp-content/plugins/super-socializer/css/social-comment.css/wp-content/plugins/super-socializer/css/social-media-follow.css/wp-content/plugins/super-socializer/js/social-share.js/wp-content/plugins/super-socializer/js/social-login.js/wp-content/plugins/super-socializer/js/social-comment.js/wp-content/plugins/super-socializer/js/social-media-follow.js+1 more
Script Paths
/wp-content/plugins/super-socializer/library/Twitter/src/Config.php/wp-content/plugins/super-socializer/library/Twitter/src/Response.php/wp-content/plugins/super-socializer/library/Twitter/src/SignatureMethod.php/wp-content/plugins/super-socializer/library/Twitter/src/HmacSha1.php/wp-content/plugins/super-socializer/library/Twitter/src/Consumer.php/wp-content/plugins/super-socializer/library/Twitter/src/Util.php+12 more
Version Parameters
super-socializer/css/social-share.css?ver=super-socializer/css/social-login.css?ver=super-socializer/css/social-comment.css?ver=super-socializer/css/social-media-follow.css?ver=super-socializer/js/social-share.js?ver=super-socializer/js/social-login.js?ver=super-socializer/js/social-comment.js?ver=super-socializer/js/social-media-follow.js?ver=super-socializer/js/social-counter.js?ver=

HTML / DOM Fingerprints

CSS Classes
the_champ_login_containerthe_champ_social_login_providersthe_champ_social_login_providerthe_champ_social_share_containerthe_champ_social_share_networksthe_champ_social_share_networkthe_champ_social_comment_containerthe_champ_social_media_follow_container+1 more
HTML Comments
<!-- THE_CHAMP_SOCIAL_LOGIN_LOGIN_FORM_BEFORE --><!-- THE_CHAMP_SOCIAL_LOGIN_LOGIN_FORM_AFTER --><!-- THE_CHAMP_SOCIAL_SHARING_CONTAINER_BEFORE --><!-- THE_CHAMP_SOCIAL_SHARING_CONTAINER_AFTER -->+6 more
Data Attributes
data-super-socializer-hrefdata-super-socializer-no-countsdata-heateor-ss-offsetdata-heateor-ss-st-countdata-hrefdata-layout+9 more
JS Globals
the_champ_login_optionsthe_champ_sharing_optionsthe_champ_counter_optionsthe_champ_general_optionsthe_champ_social_login_urlthe_champ_social_comment_url+10 more
REST Endpoints
/wp-json/the_champ_rest_api/v1/social_login/wp-json/the_champ_rest_api/v1/social_comment/wp-json/the_champ_rest_api/v1/social_share/wp-json/the_champ_rest_api/v1/social_counter/wp-json/the_champ_rest_api/v1/social_media_follow
Shortcode Output
[the_champ_social_login][the_champ_social_share][the_champ_social_comment][the_champ_social_media_follow]
FAQ

Frequently Asked Questions about Social Share, Social Login and Social Comments Plugin – Super Socializer