WP-Safety

Wp Social Login and Register Social Counter Security & Risk Analysis

wordpress.org/plugins/wp-social

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K active installs v3.1.8 PHP 7.4+ WP 5.0+ Updated Feb 18, 2026
socialsocial-countersocial-loginsocial-sharewordpress-social-login-and-register
89
A · Safe
CVEs total5
Unpatched0
Last CVEDec 4, 2025
Plugin page Download
Safety Verdict

Is Wp Social Login and Register Social Counter Safe to Use in 2026?

Generally Safe

Score 89/100

Wp Social Login and Register Social Counter has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 4, 2025Updated 1mo ago
Risk Assessment

The wp-social plugin version 3.1.8 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and performing a significant number of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The plugin also has a relatively low number of file operations and external HTTP requests. However, significant concerns arise from the attack surface analysis, specifically the presence of 5 REST API routes without permission callbacks, making them directly exploitable without proper authorization. The taint analysis reveals 4 flows with unsanitized paths, though thankfully none are categorized as critical or high severity. The plugin's vulnerability history is a major red flag, with 5 known CVEs, including one critical and four medium, particularly highlighting issues with Authentication Bypass and Missing Authorization. The recency of the last vulnerability (2025-12-04) suggests ongoing security challenges within the plugin's development.

While the presence of prepared statements and a high percentage of output escaping are strengths, the exposed REST API endpoints and the historical pattern of authentication and authorization vulnerabilities represent substantial risks. The unsanitized paths in the taint analysis, even if not critical, point to potential weaknesses that could be exploited in conjunction with other issues. The plugin's development seems to struggle with consistently securing its entry points, as evidenced by both the static analysis of unprotected REST API routes and the historical vulnerability types. Users should be extremely cautious and ensure they are aware of any available patches, though the provided data indicates no currently unpatched CVEs.

Key Concerns

  • 5 REST API routes without permission callbacks
  • 4 flows with unsanitized paths
  • 1 critical CVE in history
  • 4 medium CVEs in history
  • Common vulnerability type: Authentication Bypass
  • Common vulnerability type: Missing Authorization
Vulnerabilities
5

Wp Social Login and Register Social Counter Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
4

5 total CVEs

CVE-2025-13620medium · 5.3Missing Authorization

Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering

Dec 4, 2025 Patched in 3.1.4 (62d)
CVE-2025-1506medium · 4.3Cross-Site Request Forgery (CSRF)

Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update

Feb 27, 2025 Patched in 3.1.1 (1d)
CVE-2024-9501critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider

Oct 25, 2024 Patched in 3.0.8 (117d)
CVE-2024-1763medium · 6.5Missing Authorization

Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status Update

Feb 29, 2024 Patched in 3.0.1 (14d)
CVE-2022-47160medium · 6.8Cross-Site Request Forgery (CSRF)

Wp Social <= 1.9.0 - Authenticated (Subscriber+) Information Disclosure

Dec 14, 2022 Patched in 2.0 (681d)
Code Analysis
Analyzed Mar 16, 2026

Wp Social Login and Register Social Counter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
174
998 escaped
Nonce Checks
20
Capability Checks
15
File Operations
5
External Requests
4
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared3 total queries

Output Escaping

85% escaped1172 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

18 flows4 with unsanitized paths
<admin-custom-function> (inc\admin-custom-function.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Wp Social Login and Register Social Counter Attack Surface

Entry Points13
Unprotected5

AJAX Handlers 5

authwp_ajax_export_users_content_csvinc\admin-settings.php:48
authwp_ajax_sort_providers_logininc\admin-settings.php:50
authwp_ajax_sort_providers_shareinc\admin-settings.php:52
authwp_ajax_sort_providers_counterinc\admin-settings.php:54
authwp_ajax_wp_social_admin_consent_actioninc\admin-settings.php:55

REST API Routes 5

GET/wp-json/wslu-social-login/type/(?P<data>\w+)/inc\admin-rest-api.php:46
POST/wp-json/wslu/v1/check_cache/(?P<type>\w+)/inc\admin-rest-api.php:55
POST/wp-json/wslu/v1/save_cache/(?P<type>\w+)/inc\admin-rest-api.php:63
GET/wp-json/wslu-social-counter/type/(?P<data>\w+)/inc\admin-rest-api.php:71
GET/wp-json/wp-socialuser/metainc\login.php:54

Shortcodes 3

[xs_social_login] inc\admin-create-shortcode.php:7
[xs_social_counter] inc\counter.php:32
[xs_social_share] inc\share.php:31
WordPress Hooks 82
actionrest_api_initapp\api-routes.php:17
filterget_avatarapp\avatar.php:14
actionrest_api_initbase\api.php:24
actionadd_meta_boxeshelper\share-style-settings.php:92
actionsave_posthelper\share-style-settings.php:93
actionadd_meta_boxeshelper\social-share-style.php:62
actionsave_posthelper\social-share-style.php:86
actioninitinc\admin-create-user.php:423
actioninitinc\admin-create-user.php:466
actioninitinc\admin-create-user.php:488
actioninitinc\admin-create-user.php:521
actionrest_api_initinc\admin-rest-api.php:43
actionadmin_menuinc\admin-settings.php:59
filterwslu/share/style_settinsinc\admin-settings.php:63
filterwslu/counter/style_settingsinc\admin-settings.php:64
actionlogin_enqueue_scriptsinc\admin-social-button.php:53
actionlogin_enqueue_scriptsinc\admin-social-button.php:57
filterlogin_forminc\admin-social-button.php:58
filterlogin_footerinc\admin-social-button.php:61
filterlogin_headinc\admin-social-button.php:65
filterlogin_form_middleinc\admin-social-button.php:68
filterlogin_form_bottominc\admin-social-button.php:71
filterlogin_headinc\admin-social-button.php:74
filterlogin_messageinc\admin-social-button.php:77
actionlogin_enqueue_scriptsinc\admin-social-button.php:80
filterlogin_forminc\admin-social-button.php:81
actionlogin_enqueue_scriptsinc\admin-social-button.php:98
filterregister_forminc\admin-social-button.php:102
actionlogin_enqueue_scriptsinc\admin-social-button.php:105
filterregister_forminc\admin-social-button.php:106
filterlogin_footerinc\admin-social-button.php:109
filterregister_forminc\admin-social-button.php:112
actionlogin_enqueue_scriptsinc\admin-social-button.php:128
actionwfp_login_form_before_outerinc\admin-social-button.php:132
actionwfp_login_form_after_outerinc\admin-social-button.php:136
actionwfp_login_form_before_innerinc\admin-social-button.php:140
actionwfp_login_form_after_innerinc\admin-social-button.php:143
actionwfp_login_form_startinc\admin-social-button.php:146
actionwfp_login_form_endinc\admin-social-button.php:149
actionwfp_login_form_button_beforeinc\admin-social-button.php:152
actionwfp_login_form_button_afterinc\admin-social-button.php:155
actionwfp_login_form_messageinc\admin-social-button.php:158
filterwfp_login_form_button_afterinc\admin-social-button.php:162
filtercomment_form_topinc\admin-social-button.php:181
filtercomment_form_must_log_in_afterinc\admin-social-button.php:184
filtercomment_form_topinc\admin-social-button.php:188
filterwoocommerce_register_forminc\admin-social-button.php:210
filterwoocommerce_register_form_startinc\admin-social-button.php:213
filterwoocommerce_register_form_endinc\admin-social-button.php:216
filterwoocommerce_login_forminc\admin-social-button.php:219
filterwoocommerce_login_form_startinc\admin-social-button.php:222
filterwoocommerce_login_form_endinc\admin-social-button.php:225
filterwoocommerce_before_checkout_billing_forminc\admin-social-button.php:228
filterwoocommerce_after_checkout_billing_forminc\admin-social-button.php:231
filterwoocommerce_login_forminc\admin-social-button.php:234
filterbp_before_register_pageinc\admin-social-button.php:254
filterbp_before_account_details_fieldsinc\admin-social-button.php:257
filterbp_after_register_pageinc\admin-social-button.php:260
filterbp_before_register_pageinc\admin-social-button.php:263
actionelementskit/login_form/renderinc\admin-social-button.php:368
actionelementskit/register_form/renderinc\admin-social-button.php:388
actionwp_enqueue_scriptsinc\admin-social-button.php:398
actioninitinc\counter.php:30
filterhttps_ssl_verifyinc\counter.php:226
actionelementor/elements/categories_registeredinc\elementor\elements.php:29
actionelementor/widgets/widgets_registeredinc\elementor\elements.php:32
actionwp_logininc\login.php:42
actionprofile_updateinc\login.php:44
actioninitinc\login.php:46
actionrest_api_initinc\login.php:53
actionthe_contentinc\share.php:33
actionwp_footerinc\share.php:36
actionadmin_enqueue_scriptsplugin.php:49
actionwp_enqueue_scriptsplugin.php:51
filterhttps_ssl_verifytemplate\admin\counter\providers-counter.php:314
actioninitwp-social.php:135
actionwidgets_initwp-social.php:352
actionwidgets_initwp-social.php:353
actionwidgets_initwp-social.php:354
actionwp-social/pro_awareness/before_grid_contentswp-social.php:395
actionplugins_loadedwp-social.php:400
actioninitwp-social.php:457
Maintenance & Trust

Wp Social Login and Register Social Counter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 18, 2026
PHP min version7.4
Downloads891K

Community Trust

Rating94/100
Number of ratings64
Active installs80K
Alternatives

Wp Social Login and Register Social Counter Alternatives

Social Share, Social Login and Social Comments Plugin – Super Socializer

Social Share, Social Login and Social Comments Plugin – Super Socializer

super-socializer

A
92

The unique Social Plugin to let you integrate Social Login, Social Share, Social Comments and Social Media follow at your website

20K 10 CVEs
Social Counter & Sharer

Social Counter & Sharer

social-counter

A
99

Ultra-lightweight plugin for sharing content on social networks. Optimized for speed with minimal impact on site performance.

300 1 CVE
Genesis Optimized Social Share

Genesis Optimized Social Share

genesis-optimized-social-share

A
85

Genesis Optimized Social Share loads Popular Social Share Counters without affecting your page Loading Time & PageSpeed Score.

70 No CVEs
Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Developer Profile

Wp Social Login and Register Social Counter Developer Profile

Roxnor

15 plugins · 3.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
118 days
View full developer profile
Detection Fingerprints

How We Detect Wp Social Login and Register Social Counter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-social/assets/css/style.css/wp-content/plugins/wp-social/assets/js/frontend.js/wp-content/plugins/wp-social/assets/css/social-login.css/wp-content/plugins/wp-social/assets/js/social-login.js/wp-content/plugins/wp-social/assets/css/social-counter.css/wp-content/plugins/wp-social/assets/js/social-counter.js/wp-content/plugins/wp-social/assets/css/social-share.css/wp-content/plugins/wp-social/assets/js/social-share.js+5 more
Script Paths
/wp-content/plugins/wp-social/assets/js/frontend.js/wp-content/plugins/wp-social/assets/js/social-login.js/wp-content/plugins/wp-social/assets/js/social-counter.js/wp-content/plugins/wp-social/assets/js/social-share.js/wp-content/plugins/wp-social/lib/pro-awareness/assets/js/pro-awareness.js/wp-content/plugins/wp-social/lib/rating/assets/js/rating.js+2 more
Version Parameters
wp-social/assets/css/style.css?ver=wp-social/assets/js/frontend.js?ver=wp-social/assets/css/social-login.css?ver=wp-social/assets/js/social-login.js?ver=wp-social/assets/css/social-counter.css?ver=wp-social/assets/js/social-counter.js?ver=wp-social/assets/css/social-share.css?ver=wp-social/assets/js/social-share.js?ver=wp-social/assets/css/font-awesome.min.css?ver=wp-social/lib/pro-awareness/assets/css/pro-awareness.css?ver=wp-social/lib/rating/assets/css/rating.css?ver=wp-social/lib/banner/assets/css/banner.css?ver=wp-social/lib/notice/assets/css/notice.css?ver=

HTML / DOM Fingerprints

CSS Classes
wslwsl-social-loginwsl-social-sharewsl-social-counterwslu-admin-noticewslu-social-login-wrapwsl-social-login-btnwsl-social-login-btn-icon+6 more
HTML Comments
<!-- Wp Social Login --><!-- Wp Social Share --><!-- Wp Social Counter --><!-- GetGenie AI Powered Content & SEO Assistant -->+3 more
Data Attributes
data-wsl-providerdata-wsl-iddata-wp-social-share-urldata-wp-social-share-titledata-wp-social-share-descriptiondata-wp-social-counter-id
JS Globals
window.WP_Social_Login_Varswindow.WP_Social_Share_Varswindow.WP_Social_Counter_Varswindow.wslu_ajax_object
REST Endpoints
/wp-json/wp-social/v1/login/wp-json/wp-social/v1/share/wp-json/wp-social/v1/counter
Shortcode Output
[wp_social_login][wp_social_share][wp_social_counter]
FAQ

Frequently Asked Questions about Wp Social Login and Register Social Counter