WP-Safety

Ultimate Social Media Share Security & Risk Analysis

wordpress.org/plugins/ultimate-social-share

Ultimate Social Share lets users easily share content on Facebook, Twitter, LinkedIn, WhatsApp, Pinterest, Reddit, and 100+ social platforms.

10 active installs v1.0.4 PHP + WP 5.5+ Updated Dec 15, 2025
facebook-social-shareshareshare-facebooksocial-media-sharesocial-sharing
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ultimate Social Media Share Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate Social Media Share has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "ultimate-social-share" plugin version 1.0.4 demonstrates a generally strong security posture, particularly concerning its handling of database queries and a notable absence of known vulnerabilities. The static analysis reveals a commendable use of prepared statements for all SQL queries, significantly mitigating the risk of SQL injection. Furthermore, the plugin's taint analysis shows no critical or high-severity issues with unsanitized paths, suggesting careful input handling. The vulnerability history being completely clear is a very positive indicator of mature and secure development practices over time.

However, there are areas for improvement. While the total number of entry points is low, the fact that none are explicitly flagged as unprotected is good, but the reporting states 0 without auth checks and 0 without permission callbacks. This phrasing is contradictory and needs clarification. If there truly are unprotected entry points, this would be a significant concern. A more pressing issue is the output escaping rate, where only 68% of outputs are properly escaped. This leaves a substantial portion of user-facing output potentially vulnerable to cross-site scripting (XSS) attacks. The presence of a bundled library (TinyMCE) could also be a potential concern if it's not kept up-to-date, although the provided data doesn't offer information on its version or patch status. The capability check count of 1 is also very low for a plugin with AJAX handlers and shortcodes, suggesting potential gaps in authorization enforcement.

In conclusion, this plugin has a solid foundation with secure database practices and a clean vulnerability record. The primary weakness identified is the insufficient output escaping, creating a significant XSS risk. The ambiguity around unprotected entry points and the limited capability checks also warrant further investigation and potential improvement. The plugin's strengths lie in its SQL handling and lack of past vulnerabilities, while its weaknesses are primarily in output sanitization and potentially authorization.

Key Concerns

  • Low output escaping rate
  • Ambiguity regarding unprotected entry points
  • Low number of capability checks
Vulnerabilities
None known

Ultimate Social Media Share Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Ultimate Social Media Share Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
209
440 escaped
Nonce Checks
12
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared16 total queries

Output Escaping

68% escaped649 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
csf_export (admin\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ultimate Social Media Share Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 5

authwp_ajax_csf-get-iconsadmin\functions\actions.php:50
authwp_ajax_csf-exportadmin\functions\actions.php:87
authwp_ajax_csf-importadmin\functions\actions.php:123
authwp_ajax_csf-resetadmin\functions\actions.php:150
authwp_ajax_csf-chosenadmin\functions\actions.php:189

Shortcodes 1

[ultimatesocialshare_inline_content] inc\functions.php:611
WordPress Hooks 47
actionwp_enqueue_scriptsadmin\classes\abstract.class.php:20
actionadmin_menuadmin\classes\admin-options.class.php:105
actionadmin_bar_menuadmin\classes\admin-options.class.php:106
actionnetwork_admin_menuadmin\classes\admin-options.class.php:110
filteradmin_footer_textadmin\classes\admin-options.class.php:487
actionadd_meta_boxes_commentadmin\classes\comment-options.class.php:37
actionedit_commentadmin\classes\comment-options.class.php:38
actioncustomize_registeradmin\classes\customize-options.class.php:43
actioncustomize_save_afteradmin\classes\customize-options.class.php:44
actionwp_enqueue_scriptsadmin\classes\customize-options.class.php:48
actionadd_meta_boxesadmin\classes\metabox-options.class.php:49
actionsave_postadmin\classes\metabox-options.class.php:50
actionedit_attachmentadmin\classes\metabox-options.class.php:51
actionwp_nav_menu_item_custom_fieldsadmin\classes\nav-menu-options.class.php:30
actionwp_update_nav_menu_itemadmin\classes\nav-menu-options.class.php:31
filterwp_edit_nav_menu_walkeradmin\classes\nav-menu-options.class.php:33
actionadmin_initadmin\classes\profile-options.class.php:30
actionshow_user_profileadmin\classes\profile-options.class.php:42
actionedit_user_profileadmin\classes\profile-options.class.php:43
actionpersonal_options_updateadmin\classes\profile-options.class.php:45
actionedit_user_profile_updateadmin\classes\profile-options.class.php:46
actionafter_setup_themeadmin\classes\setup.class.php:53
actioninitadmin\classes\setup.class.php:54
actionswitch_themeadmin\classes\setup.class.php:55
actionadmin_enqueue_scriptsadmin\classes\setup.class.php:56
actionwp_enqueue_scriptsadmin\classes\setup.class.php:57
actionwp_headadmin\classes\setup.class.php:58
filteradmin_body_classadmin\classes\setup.class.php:59
actionadmin_footeradmin\classes\shortcode-options.class.php:47
actioncustomize_controls_print_footer_scriptsadmin\classes\shortcode-options.class.php:48
actionelementor/editor/before_enqueue_scriptsadmin\classes\shortcode-options.class.php:57
actionelementor/editor/footeradmin\classes\shortcode-options.class.php:58
actionelementor/editor/footeradmin\classes\shortcode-options.class.php:59
actionenqueue_block_editor_assetsadmin\classes\shortcode-options.class.php:299
actionmedia_buttonsadmin\classes\shortcode-options.class.php:303
actionadmin_initadmin\classes\taxonomy-options.class.php:41
actionadmin_footeradmin\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsadmin\fields\icon\icon.php:42
actionadmin_print_footer_scriptsadmin\fields\link\link.php:65
actionprint_default_editor_scriptsadmin\fields\wp_editor\wp_editor.php:62
actionwp_enqueue_scriptsinc\actions.php:25
actionamp_post_template_cssinc\actions.php:41
actionadmin_enqueue_scriptsinc\actions.php:52
filterthe_contentinc\functions.php:600
filterwp_footerinc\functions.php:718
actionwp_headinc\share_counts.php:83
actionplugins_loadedultimatesocialshare.php:26
Maintenance & Trust

Ultimate Social Media Share Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Ultimate Social Media Share Alternatives

Simple Social Media Share Buttons – Social Sharing for Everyone

Simple Social Media Share Buttons – Social Sharing for Everyone

simple-social-buttons

A
97

This Social Share Plugin adds advanced social media sharing buttons to your WordPress sites, such as Facebook, WhatsApp, X, LinkedIn, & Pinterest.

20K 7 CVEs
Social Sharing Plugin – Social Warfare

Social Sharing Plugin – Social Warfare

social-warfare

B
84

The most beautiful, responsive, lightning fast social share buttons built to boost shares and drive more traffic without slowing down your site.

20K 8 CVEs
Catch Social Share

Catch Social Share

catch-social-share

A
100

Catch Social Share - Catch Social Share is a simple yet feature-rich social sharing WordPress plugin that adds social share buttons on your site.

40 No CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Ocean Social Sharing

Ocean Social Sharing

ocean-social-sharing

A
99

Website: https://oceanwp.org/ Support: https://oceanwp.org/support/ Documentation: https://docs.oceanwp.org/ Extensions: https://oceanwp.

70K 1 CVE
Developer Profile

Ultimate Social Media Share Developer Profile

wpclubz

2 plugins · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Social Media Share

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-social-share/assets/css/share.css/wp-content/plugins/ultimate-social-share/assets/js/share.js/wp-content/plugins/ultimate-social-share/assets/js/backend/scripts.js
Script Paths
/wp-content/plugins/ultimate-social-share/assets/js/share.js/wp-content/plugins/ultimate-social-share/assets/js/backend/scripts.js
Version Parameters
ultimate-social-share/assets/css/share.css?ver=ultimate-social-share/assets/js/share.js?ver=ultimate-social-share/assets/js/backend/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
ultimatesocialshare-wrapuss-buttons-wrapper
Data Attributes
data-type="ultimatesocialshare"
JS Globals
ultimatesocialshare_ajax_object
Shortcode Output
[ultimate_social_share]
FAQ

Frequently Asked Questions about Ultimate Social Media Share