WP-Safety

Social Share Icons & Social Share Buttons Security & Risk Analysis

wordpress.org/plugins/ultimate-social-media-plus

Social sharing plugin adding social buttons.

10K active installs v3.7.1 PHP + WP 3.0+ Updated Mar 11, 2025
shareshare-buttonshare-buttonsshare-social-mediasharing
90
A · Safe
CVEs total2
Unpatched0
Last CVEApr 29, 2024
Plugin page Download
Safety Verdict

Is Social Share Icons & Social Share Buttons Safe to Use in 2026?

Generally Safe

Score 90/100

Social Share Icons & Social Share Buttons has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 29, 2024Updated 1yr ago
Risk Assessment

The Ultimate Social Media Plus plugin, version 3.7.1, presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and including nonce and capability checks for all identified entry points, there are significant areas of concern. The presence of 4 AJAX handlers without authentication checks creates a notable attack surface, leaving these endpoints vulnerable to unauthorized actions. Furthermore, the use of the `unserialize` function is a critical risk, as it can lead to remote code execution if processing untrusted input.

The vulnerability history, with 2 known CVEs including a high and a medium severity issue, and both currently patched, indicates a pattern of past security weaknesses, particularly related to missing authorization. While no unpatched vulnerabilities are currently present, this history suggests the plugin has had issues that attackers may seek to exploit if older, unpatched versions are in use. The taint analysis, showing a flow with unsanitized paths, reinforces the risk associated with potentially unsafe data handling, even if no critical or high-severity taint flows were identified in this specific analysis.

Overall, the plugin has strengths in its database query security and general endpoint protection checks. However, the unauthenticated AJAX endpoints, the dangerous `unserialize` function, and the history of past authorization vulnerabilities necessitate caution. Users should ensure they are on the latest version and be aware of the potential for attacks targeting the unprotected AJAX handlers or the `unserialize` functionality.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function unserialize found
  • High severity vulnerability in history
  • Medium severity vulnerability in history
  • Flow with unsanitized paths found
  • Low percentage of properly escaped output
Vulnerabilities
2

Social Share Icons & Social Share Buttons Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-32820medium · 5.3Missing Authorization

Social Share Icons & Social Share Buttons <= 3.6.2 - Missing Authorization to Notice Dismissal

Apr 29, 2024 Patched in 3.6.3 (1d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-ultimate-social-media-plushigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 3.0.4 (1793d)
Code Analysis
Analyzed Mar 16, 2026

Social Share Icons & Social Share Buttons Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
439
353 escaped
Nonce Checks
11
Capability Checks
12
File Operations
4
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->values = is_array($raw) ? $raw : @unserialize($raw);analyst\src\Cache\DatabaseCache.php:47

Output Escaping

45% escaped792 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<sfsi_plugin_lists> (views\sfsi_plugin_lists.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Social Share Icons & Social Share Buttons Attack Surface

Entry Points12
Unprotected4

AJAX Handlers 11

authwp_ajax_analyst_notification_dismissanalyst\src\Mutator.php:100
authwp_ajax_inisev_installationbanner\misc.php:65
authwp_ajax_inisev_installation_widgetbanner\misc.php:66
authwp_ajax_tifm_notice_actionsmodules\tryOutPlugins\tryOutPlugins.php:36
authwp_ajax_insPP_ajaxpromotion\misc.php:88
authwp_ajax_sfsi_plus_dismiss_lang_noticeultimate_social_media_icons.php:1298
authwp_ajax_sfsi_pplus_dismiss_error_reporting_noticeultimate_social_media_icons.php:1400
authwp_ajax_sfsi_plus_dismiss_addThis_icon_noticeultimate_social_media_icons.php:1443
authwp_ajax_wpse1_6817_btnultimate_social_media_icons.php:1590
authwp_ajax_wpse1_6817_installultimate_social_media_icons.php:1605
authwp_ajax_tifm_save_decisionultimate_social_media_icons.php:2191

Shortcodes 1

[DISPLAY_ULTIMATE_PLUS] ultimate_social_media_icons.php:141
WordPress Hooks 34
actioninitanalyst\main.php:65
actioninitanalyst\src\Analyst.php:80
actionadmin_footeranalyst\src\Mutator.php:56
actionadmin_noticesanalyst\src\Mutator.php:74
actionadmin_enqueue_scriptsanalyst\src\Mutator.php:86
actionadmin_menubanner\misc.php:110
actionadmin_menubanner\misc.php:123
actionins_global_print_carrouselbanner\misc.php:165
actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:64
actionadmin_noticesmodules\tryOutPlugins\tryOutPlugins.php:68
actionadmin_headmodules\tryOutPlugins\tryOutPlugins.php:69
actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:70
filterplugin_install_action_linksmodules\tryOutPlugins\tryOutPlugins.php:361
actionadmin_noticespromotion\misc.php:82
actionadmin_enqueue_scriptspromotion\misc.php:85
actioninitultimate_social_media_icons.php:116
actionafter_setup_themeultimate_social_media_icons.php:206
actionwp_headultimate_social_media_icons.php:209
actioninitultimate_social_media_icons.php:283
filterthe_contentultimate_social_media_icons.php:308
filterthe_excerptultimate_social_media_icons.php:371
filterthe_contentultimate_social_media_icons.php:372
actionadmin_noticesultimate_social_media_icons.php:621
actionadmin_initultimate_social_media_icons.php:777
actionplugins_loadedultimate_social_media_icons.php:954
actionadmin_footerultimate_social_media_icons.php:1001
actionwpultimate_social_media_icons.php:1079
actionadmin_initultimate_social_media_icons.php:1082
actionadmin_enqueue_scriptsultimate_social_media_icons.php:1453
actionadmin_noticesultimate_social_media_icons.php:1496
actionadmin_footerultimate_social_media_icons.php:1673
filterthe_content_feedultimate_social_media_icons.php:2144
actionadmin_noticesultimate_social_media_icons.php:2167
actionplugins_loadedultimate_social_media_icons.php:2175

Scheduled Events 1

sfsi_plus_sf_instagram_count_fetcher
Maintenance & Trust

Social Share Icons & Social Share Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 11, 2025
PHP min version
Downloads2.6M

Community Trust

Rating98/100
Number of ratings1,911
Active installs10K
Alternatives

Social Share Icons & Social Share Buttons Alternatives

Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Shariff Wrapper

Shariff Wrapper

shariff

A
86

Shariff provides share buttons that respect the privacy of your visitors and follow the General Data Protection Regulation (GDPR).

40K 6 CVEs
ShareThis Share Buttons

ShareThis Share Buttons

sharethis-share-buttons

A
99

Grow your website traffic and engagement by enabling one-click sharing with the free ShareThis Share Buttons plugin. The plugin is free (no upgrades a &hellip;

20K 1 CVE
Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
97

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 7 CVEs
Social Sharing Plugin – Social Warfare

Social Sharing Plugin – Social Warfare

social-warfare

B
84

The most beautiful, responsive, lightning fast social share buttons built to boost shares and drive more traffic without slowing down your site.

20K 8 CVEs
Developer Profile

Social Share Icons & Social Share Buttons Developer Profile

Inisev

6 plugins · 620K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
480 days
View full developer profile
Detection Fingerprints

How We Detect Social Share Icons & Social Share Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-social-media-plus/css/sfsi_plus_feedaggregator.css/wp-content/plugins/ultimate-social-media-plus/css/sfsi_plus_public.css/wp-content/plugins/ultimate-social-media-plus/css/sfsi_plus_responsive.css/wp-content/plugins/ultimate-social-media-plus/js/sfsi_plus_counters.js/wp-content/plugins/ultimate-social-media-plus/js/sfsi_plus_imageslider.js/wp-content/plugins/ultimate-social-media-plus/js/sfsi_plus_loader.js/wp-content/plugins/ultimate-social-media-plus/js/sfsi_plus_main.js/wp-content/plugins/ultimate-social-media-plus/js/sfsi_plus_share.js+2 more
Script Paths
/wp-content/plugins/ultimate-social-media-plus/admin/js/custom.js/wp-content/plugins/ultimate-social-media-plus/admin/js/sfsi_plus_buttons.js/wp-content/plugins/ultimate-social-media-plus/admin/js/sfsi_plus_icons.js/wp-content/plugins/ultimate-social-media-plus/admin/js/sfsi_plus_upload_icons.js/wp-content/plugins/ultimate-social-media-plus/libs/sfsi_init.js/wp-content/plugins/ultimate-social-media-plus/js/socialShare.js
Version Parameters
ultimate-social-media-plus/css/sfsi_plus_feedaggregator.css?ver=ultimate-social-media-plus/css/sfsi_plus_public.css?ver=ultimate-social-media-plus/css/sfsi_plus_responsive.css?ver=ultimate-social-media-plus/js/sfsi_plus_counters.js?ver=ultimate-social-media-plus/js/sfsi_plus_imageslider.js?ver=ultimate-social-media-plus/js/sfsi_plus_loader.js?ver=ultimate-social-media-plus/js/sfsi_plus_main.js?ver=ultimate-social-media-plus/js/sfsi_plus_share.js?ver=ultimate-social-media-plus/js/sfsi_plus_social_counts.js?ver=ultimate-social-media-plus/js/sfsi_plus_sticky_container.js?ver=

HTML / DOM Fingerprints

CSS Classes
sfsi_plus_widgetsfsi_plus_wDivsfsi_plus_facebook_sharesfsi_plus_twitter_sharesfsi_plus_linkedin_sharesfsi_plus_pinterest_sharesfsi_plus_instagram_sharesfsi_plus_youtube_share+3 more
HTML Comments
<!-- THIS FUNCTION WAS JUST TO CHECK IF THERE ARE ANY OTHER PLUGIN CONFLICTS --><!-- SHORTCODE FOR THE ULTIMATE SOCIAL ICONS --><!--Adding some meta tags for facebook news feed --><!--checking for disabling -->
Data Attributes
sfsi_plus_linkedin_urlsfsi_plus_twitter_urlsfsi_plus_facebook_urlsfsi_plus_email_urlsfsi_plus_pinterest_urlsfsi_plus_youtube_url+1 more
JS Globals
sfsi_plus_share_buttons_instancesfsi_plus_facebook_share_instancesfsi_plus_twitter_share_instancesfsi_plus_linkedin_share_instancesfsi_plus_pinterest_share_instancesfsi_plus_instagram_share_instance+4 more
Shortcode Output
Kindly go to setting page and check the option "Place them manually"
FAQ

Frequently Asked Questions about Social Share Icons & Social Share Buttons