WP Social Proof Security & Risk Analysis
wordpress.org/plugins/wp-social-proofGet Social Proof for your WordPress website! Show recent purchases, latest products and user registrations, integrated with WooCommerce.
Is WP Social Proof Safe to Use in 2026?
Generally Safe
Score 92/100WP Social Proof has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-social-proof" v1.0.1 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to output escaping best practices, with all identified outputs being properly escaped. It also shows no history of known vulnerabilities, suggesting a potentially stable codebase in that regard. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a seemingly secure foundation.
However, a significant concern arises from the presence of an unprotected REST API route. This represents a direct entry point that is not secured by any permission checks, leaving it open to potential exploitation by unauthenticated users. While the static analysis did not reveal any critical taint flows or raw SQL queries without prepared statements, the single unprotected entry point is a notable weakness. The lack of capability checks on this entry point, combined with its presence in the attack surface, warrants attention.
In conclusion, the plugin has strengths in output handling and a clean vulnerability history. Nevertheless, the exposed REST API route is a clear security risk that needs to be addressed to improve the overall security posture. Future development should prioritize implementing proper authentication and authorization mechanisms for all entry points.
Key Concerns
- Unprotected REST API route
- REST API route without permission callback
- No capability checks on entry points
WP Social Proof Security Vulnerabilities
WP Social Proof Code Analysis
SQL Query Safety
Output Escaping
WP Social Proof Attack Surface
REST API Routes 1
WordPress Hooks 3
Maintenance & Trust
WP Social Proof Maintenance & Trust
Maintenance Signals
Community Trust
WP Social Proof Alternatives
NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar
notificationx
Want to boost business trust & conversions? 97% of visitors hesitate to buy because of credibility. Instantly succeed with WooCommerce Sales Alert!
FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin
trustpulse-api
TrustPulse is a FOMO social proof plugin that leverages the power of social proof to instantly boost site conversions by up to 15%!
ProveSource Social Proof
provesource
ProveSource Social Proof increases conversions by up to 17%, boost trust with woocommerce sales notifications and reviews, increase your credibility!
WiserNotify – Social Proof & FOMO Notifications, WooCommerce Sales Popups, Reviews & Announcement Bar
wiser-notify
Boost trust & sales with WiserNotify! Show sign-ups, sales popups & reviews. Convert faster with Social proof & FOMO widgets.
WP Live Social-Proof
wp-real-time-social-proof
The best animated, live, social-proof plugin for WooCommerce, Easy Digital Downloads or webinars and subscriptions to compel buyer action.
WP Social Proof Developer Profile
1 plugin · 10 total installs
How We Detect WP Social Proof
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-social-proof/assets/css/admin.css/wp-content/plugins/wp-social-proof/assets/js/admin.js/wp-content/plugins/wp-social-proof/assets/css/style.css/wp-content/plugins/wp-social-proof/assets/js/manager.js/wp-content/plugins/wp-social-proof/assets/js/admin.js/wp-content/plugins/wp-social-proof/assets/js/manager.jswp-social-proof/assets/css/admin.css?ver=wp-social-proof/assets/js/admin.js?ver=wp-social-proof/assets/css/style.css?ver=wp-social-proof/assets/js/manager.js?ver=HTML / DOM Fingerprints
WPSP/wp-json/wpsp/v1/data