WP-Safety

Social Media Share Buttons & Social Sharing Icons Security & Risk Analysis

wordpress.org/plugins/ultimate-social-media-icons

Share buttons and pop up share icons for social media sharing

100K active installs v2.9.7 PHP + WP 3.5+ Updated Feb 6, 2026
shareshare-iconssocialsocial-mediawidget
96
A · Safe
CVEs total11
Unpatched0
Last CVEOct 31, 2024
Plugin page Download
Safety Verdict

Is Social Media Share Buttons & Social Sharing Icons Safe to Use in 2026?

Generally Safe

Score 96/100

Social Media Share Buttons & Social Sharing Icons has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

11 known CVEsLast CVE: Oct 31, 2024Updated 3mo ago
Risk Assessment

The "ultimate-social-media-icons" plugin exhibits a mixed security posture. While it demonstrates good practices such as 100% use of prepared statements for SQL queries and a significant proportion of properly escaped outputs, several concerning areas warrant attention. The presence of two unprotected AJAX handlers significantly increases the attack surface, potentially allowing unauthorized actions without proper authentication. Furthermore, the use of the `unserialize` function is a known security risk, especially if the data being unserialized originates from untrusted user input. The plugin's vulnerability history is a major red flag, with 11 known CVEs, including a significant number of medium severity and one high severity issue in the past. While there are currently no unpatched vulnerabilities, the pattern of past issues, particularly Cross-Site Scripting, CSRF, and Missing Authorization, suggests a recurring tendency for security weaknesses. This indicates a need for more rigorous security testing and code review during development to prevent future vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • High number of past CVEs
  • Past high severity CVEs
  • Flows with unsanitized paths
  • Output escaping not fully implemented
Vulnerabilities
11 published

Social Media Share Buttons & Social Sharing Icons Security Vulnerabilities

CVEs by Year

2 CVEs in 2015
2015
1 CVE in 2016
2016
1 CVE in 2019
2019
4 CVEs in 2023
2023
3 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
10

11 total CVEs

CVE-2024-10362medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Media Share Buttons & Social Sharing Icons <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 31, 2024 Patched in 2.9.1 (209d)
CVE-2024-37552medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Media & Share Icons <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 6, 2024 Patched in 2.9.2 (13d)
CVE-2024-2118medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Media Share Buttons <= 2.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 27, 2024 Patched in 2.8.9 (21d)
CVE-2023-5602medium · 4.3Cross-Site Request Forgery (CSRF)

Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Cross-Site Request Forgery

Oct 16, 2023 Patched in 2.8.6 (99d)
CVE-2023-5070medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure

Oct 16, 2023 Patched in 2.8.6 (99d)
CVE-2023-41238medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting

Aug 29, 2023 Patched in 2.8.4 (147d)
CVE-2023-34009medium · 4.3Missing Authorization

Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation

Jun 2, 2023 Patched in 2.8.2 (235d)
WF-b09c98f2-6492-41e1-8d87-e10ed2ef5f9f-ultimate-social-media-iconsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Media Share Buttons & Social Sharing Icons <= 2.1.7 - Reflected Cross-Site Scripting

Mar 27, 2019 Patched in 2.1.9 (1763d)
WF-86167b8c-6d4e-495d-96f7-8cda8e2c80b8-ultimate-social-media-iconsmedium · 5.4Missing Authorization

Social Media Share Buttons & Social Sharing Icons <= 1.5.1 - Arbitrary Options Deletion

Jun 28, 2016 Patched in 1.5.2 (2765d)
WF-f771cf62-3aa9-472e-beb5-011a4f28e335-ultimate-social-media-iconshigh · 7.3Missing Authorization

Social Media Share Buttons & Social Sharing Icons <= 1.2.1 - Unspecified Vulnerabilities

Jul 20, 2015 Patched in 1.2.2 (3109d)
WF-c0d79ae1-e9e4-4798-aa29-519b80759be6-ultimate-social-media-iconsmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Media Share Buttons & Social Sharing Icons < 1.1.1.12 - Authenticated Stored Cross-Site Scripting

May 30, 2015 Patched in 1.1.1.12 (3160d)
Version History

Social Media Share Buttons & Social Sharing Icons Release Timeline

v2.9.7Current
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.11 CVE
CVE-2024-37552
v2.9.02 CVEs
CVE-2024-10362 CVE-2024-37552
v2.8.92 CVEs
CVE-2024-10362 CVE-2024-37552
v2.8.83 CVEs
CVE-2024-10362 CVE-2024-37552 CVE-2024-2118
v2.8.73 CVEs
CVE-2024-10362 CVE-2024-37552 CVE-2024-2118
v2.8.63 CVEs
CVE-2024-10362 CVE-2024-37552 CVE-2024-2118
v2.8.55 CVEs
CVE-2024-10362 CVE-2024-37552 CVE-2023-5602 +2 more
v2.8.45 CVEs
CVE-2024-10362 CVE-2024-37552 CVE-2023-5602 +2 more
v2.8.36 CVEs
CVE-2024-10362 CVE-2023-41238 CVE-2024-37552 +3 more
v2.8.26 CVEs
CVE-2024-10362 CVE-2023-41238 CVE-2024-37552 +3 more
v2.8.17 CVEs
CVE-2024-10362 CVE-2023-34009 CVE-2023-41238 +4 more
v2.8.07 CVEs
CVE-2024-10362 CVE-2023-34009 CVE-2023-41238 +4 more
v2.7.97 CVEs
CVE-2024-10362 CVE-2023-34009 CVE-2023-41238 +4 more
v2.7.87 CVEs
CVE-2024-10362 CVE-2023-34009 CVE-2023-41238 +4 more
Code Analysis
Analyzed Mar 16, 2026

Social Media Share Buttons & Social Sharing Icons Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
0 prepared
Unescaped Output
510
530 escaped
Nonce Checks
8
Capability Checks
9
File Operations
4
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->values = is_array($raw) ? $raw : @unserialize($raw);analyst\src\Cache\DatabaseCache.php:47
unserialize$arrdbDisplay = unserialize($option1['sfsi_custom_files']);helpers\common_helper.php:38
unserialize$icons = ($option1['sfsi_custom_files']) ? unserialize($option1['sfsi_custom_files']) : array();views\sfsi_option_view1.php:486
unserialize$icons = ($option1['sfsi_custom_files']) ? unserialize($option1['sfsi_custom_files']) : array();views\sfsi_option_view1.php:555
unserialize$costom_links = unserialize($option2['sfsi_CustomIcon_links']);views\sfsi_option_view2.php:846
unserialize$icons = ( $option1['sfsi_custom_files'] ) ? unserialize( $option1['sfsi_custom_files']views\sfsi_option_view5.php:3
unserialize$custom_icons_order = unserialize( $option5['sfsi_CustomIcons_order'] );views\sfsi_option_view5.php:6
unserialize$sfsiMouseOverTexts = unserialize( $option5['sfsi_custom_MouseOverTexts'] );views\sfsi_option_view5.php:1745
unserialize$option7 = @unserialize( $option7 );views\sfsi_option_view7.php:7
unserialize$select = isset( $option7['sfsi_Show_popupOn_PageIDs'] ) ? unserialize( $option7['sfsi_Show_popupOn_views\sfsi_option_view7.php:617
unserialize$arrDefaultIcons = unserialize( SFSI_ALLICONS );views\subviews\que4\animatethem.php:65

Output Escaping

51% escaped1040 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<sfsi_plugin_lists> (views\sfsi_plugin_lists.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Social Media Share Buttons & Social Sharing Icons Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 8

authwp_ajax_analyst_notification_dismissanalyst\src\Mutator.php:100
authwp_ajax_inisev_installationbanner\misc.php:65
authwp_ajax_inisev_installation_widgetbanner\misc.php:66
authwp_ajax_tifm_notice_actionsmodules\tryOutPlugins\tryOutPlugins.php:36
authwp_ajax_sfsi_dismiss_lang_noticeultimate_social_media_icons.php:1515
authwp_ajax_sfsi_dismiss_addThis_icon_noticeultimate_social_media_icons.php:1557
authwp_ajax_sfsi_dismiss_error_reporting_noticeultimate_social_media_icons.php:1641
authwp_ajax_tifm_save_decisionultimate_social_media_icons.php:2163

Shortcodes 1

[DISPLAY_ULTIMATE_SOCIAL_ICONS] ultimate_social_media_icons.php:159
WordPress Hooks 27
actioninitanalyst\main.php:65
actioninitanalyst\src\Analyst.php:80
actionadmin_footeranalyst\src\Mutator.php:56
actionadmin_noticesanalyst\src\Mutator.php:74
actionadmin_enqueue_scriptsanalyst\src\Mutator.php:86
actionadmin_menubanner\misc.php:110
actionadmin_menubanner\misc.php:123
actionins_global_print_carrouselbanner\misc.php:165
actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:64
actionadmin_noticesmodules\tryOutPlugins\tryOutPlugins.php:68
actionadmin_headmodules\tryOutPlugins\tryOutPlugins.php:69
actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:70
filterplugin_install_action_linksmodules\tryOutPlugins\tryOutPlugins.php:361
actioninitultimate_social_media_icons.php:128
actionadmin_initultimate_social_media_icons.php:131
actionwoocommerce_single_product_summaryultimate_social_media_icons.php:208
actionafter_setup_themeultimate_social_media_icons.php:250
actionwp_headultimate_social_media_icons.php:252
actioninitultimate_social_media_icons.php:344
actionadmin_initultimate_social_media_icons.php:374
actionplugins_loadedultimate_social_media_icons.php:395
actionwp_footerultimate_social_media_icons.php:417
actionadmin_noticesultimate_social_media_icons.php:653
actionadmin_initultimate_social_media_icons.php:977
actionadmin_footerultimate_social_media_icons.php:1207
actionwpultimate_social_media_icons.php:2146
actionplugins_loadedultimate_social_media_icons.php:2152

Scheduled Events 1

sfsi_sf_instagram_count_fetcher
Maintenance & Trust

Social Media Share Buttons & Social Sharing Icons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version
Downloads12.2M

Community Trust

Rating96/100
Number of ratings5,332
Active installs100K
Alternatives

Social Media Share Buttons & Social Sharing Icons Alternatives

AddToAny Share Buttons

AddToAny Share Buttons

add-to-any

A
99

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
WPUpper Share Buttons

WPUpper Share Buttons

wpupper-share-buttons

A
90

Free social share buttons, share to Facebook, WhatsApp, Messenger, Twitter, Reddit and much more.

4K 3 CVEs
Easy Share Solution For WordPress

Easy Share Solution For WordPress

easy-share-solution

A
100

A powerful, easy-to-use WordPress social sharing plugin with modern share buttons, built-in analytics, and smooth dashboard integration.

1K No CVEs
Advanced Social icons

Advanced Social icons

advance-social-icons

A
92

Advanced social icons help you quickly add icons with links to your profile on different social media platforms.

100 No CVEs
Developer Profile

Social Media Share Buttons & Social Sharing Icons Developer Profile

Inisev

6 plugins · 610K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
464 days
View full developer profile
Detection Fingerprints

How We Detect Social Media Share Buttons & Social Sharing Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-social-media-icons/css/sfsi-landing-page.css/wp-content/plugins/ultimate-social-media-icons/css/sfsi-mobile.css/wp-content/plugins/ultimate-social-media-icons/css/sfsi-sticky-footer.css/wp-content/plugins/ultimate-social-media-icons/css/sfsi-sticky-icons.css/wp-content/plugins/ultimate-social-media-icons/css/sfsi-widget.css/wp-content/plugins/ultimate-social-media-icons/css/style.css/wp-content/plugins/ultimate-social-media-icons/js/sfsi_commom.js/wp-content/plugins/ultimate-social-media-icons/js/sfsi_custom_social_sharing_data.js+4 more
Script Paths
/wp-content/plugins/ultimate-social-media-icons/js/sfsi_commom.js/wp-content/plugins/ultimate-social-media-icons/js/sfsi_custom_social_sharing_data.js/wp-content/plugins/ultimate-social-media-icons/js/sfsi_float.js/wp-content/plugins/ultimate-social-media-icons/js/sfsi_frontpopUp.js/wp-content/plugins/ultimate-social-media-icons/js/sfsi_subscribe_widget.js/wp-content/plugins/ultimate-social-media-icons/js/sfsi_widget.js
Version Parameters
ultimate-social-media-icons/css/sfsi-landing-page.css?ver=ultimate-social-media-icons/css/sfsi-mobile.css?ver=ultimate-social-media-icons/css/sfsi-sticky-footer.css?ver=ultimate-social-media-icons/css/sfsi-sticky-icons.css?ver=ultimate-social-media-icons/css/sfsi-widget.css?ver=ultimate-social-media-icons/css/style.css?ver=ultimate-social-media-icons/js/sfsi_commom.js?ver=ultimate-social-media-icons/js/sfsi_custom_social_sharing_data.js?ver=ultimate-social-media-icons/js/sfsi_float.js?ver=ultimate-social-media-icons/js/sfsi_frontpopUp.js?ver=ultimate-social-media-icons/js/sfsi_subscribe_widget.js?ver=ultimate-social-media-icons/js/sfsi_widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
sfsi_widgetsfsi_shortcode_containersfsi_wDivsfsi_main_content_containersfsi_social_plugin_containersfsi_actBGsfsi_actBG_boxsfsi_no_specific_alignment
HTML Comments
<!-- Comment for shuffle issue --><!-- IMPORTANT: If you are using elementor then you have to check the below option for loading of the CSS of the plugin -->
Data Attributes
data-id
JS Globals
sfsi_widget_configsfsi_option_arr
Shortcode Output
<div class="sfsi_widget sfsi_shortcode_container"><div id="sfsi_wDiv"></div>
FAQ

Frequently Asked Questions about Social Media Share Buttons & Social Sharing Icons