[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCDqoM9MZMfjM7Roq1wlQUWYklTlmO5IjMZs9tg2caIE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":92,"crawl_stats":37,"alternatives":98,"analysis":191,"fingerprints":471},"wp-social-widget","WP Social Widget","2.3.1","catchsquare","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatchsquare\u002F","\u003Cp>WP Social Widget is a plugin which takes a simple, extendable approach to display links along with social icons to your social networking  profiles in WordPress\u003C\u002Fp>\n\u003Cp>You will find following widget with options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Background Color\u003C\u002Fli>\n\u003Cli>Background Hover Color\u003C\u002Fli>\n\u003Cli>Icon Color\u003C\u002Fli>\n\u003Cli>Icon Hover Color\u003C\u002Fli>\n\u003Cli>Icon to circle\u003C\u002Fli>\n\u003Cli>Input fields to input your social profile links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>From ver 2.0.0, we also have added shortcode feature . You can use shortcode => \u003Ccode>[wpsw]\u003C\u002Fcode> to produce the social icons.\u003Cbr \u002F>\nBefore that you need to assign social link in the shortcode.\u003Cbr \u002F>\nFor example \u003Ccode>[wpsw background_color = \"#ffffff\" facebook=\"your_profile_url\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Here are the parameters of the shortcode given below\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>background_color        [default: #ffffff ]       \u003C\u002Fli>\n\u003Cli>background_hover_color  [default: #000000 ]  \u003C\u002Fli>\n\u003Cli>icon_color              [default: #000000 ]           \u003C\u002Fli>\n\u003Cli>icon_hover_color        [default: #ffffff ]    \u003C\u002Fli>\n\u003Cli>target                  [default: _blank options: same as \u003Ccode>\u003Ca>\u003C\u002Fcode> tag’s target attribute  ]\u003C\u002Fli>\n\u003Cli>icon_circle             [default: “no” | options: yes,no ] \u003C\u002Fli>\n\u003Cli>title                   \u003C\u002Fli>\n\u003Cli>facebook              \u003C\u002Fli>\n\u003Cli>twitter               \u003C\u002Fli>\n\u003Cli>behance               \u003C\u002Fli>\n\u003Cli>dribbble              \u003C\u002Fli>\n\u003Cli>flickr                \u003C\u002Fli>\n\u003Cli>foursquare            \u003C\u002Fli>\n\u003Cli>github                \u003C\u002Fli>\n\u003Cli>google                \u003C\u002Fli>\n\u003Cli>instagram             \u003C\u002Fli>\n\u003Cli>linkedin              \u003C\u002Fli>\n\u003Cli>mail                  \u003C\u002Fli>\n\u003Cli>pinterest             \u003C\u002Fli>\n\u003Cli>rss                   \u003C\u002Fli>\n\u003Cli>skype                 \u003C\u002Fli>\n\u003Cli>soundcloud            \u003C\u002Fli>\n\u003Cli>stumbleupon           \u003C\u002Fli>\n\u003Cli>tumblr                \u003C\u002Fli>\n\u003Cli>vimeo                 \u003C\u002Fli>\n\u003Cli>vine                  \u003C\u002Fli>\n\u003Cli>vk                    \u003C\u002Fli>\n\u003Cli>xing                  \u003C\u002Fli>\n\u003Cli>yelp                  \u003C\u002Fli>\n\u003Cli>youtube\u003C\u002Fli>\n\u003C\u002Ful>\n","A widget to add links of social networking sites.",4000,121857,94,11,"2025-05-25T08:42:00.000Z","6.7.5","2.8","",[20,21,22,23,4],"social-icons","social-links","social-media","social-network","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-social-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-social-widget.2.3.1.zip",74,5,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32,46,57,69,80],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-57981","wp-social-widget-authenticated-contributor-stored-cross-site-scripting-3","WP Social Widget \u003C= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.3.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 16:11:13",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff8e4df9d-ff7c-403f-abc9-0fad8d7e44d3?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":51,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":52,"updated_date":53,"references":54,"days_to_patch":56},"CVE-2025-49306","wp-social-widget-authenticated-contributor-stored-cross-site-scripting-2","WP Social Widget \u003C= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.3","2025-06-05 00:00:00","2025-06-11 21:12:14",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7ba9b813-c6eb-47da-9fc1-1992413fc9a3?source=api-prod",7,{"id":58,"url_slug":59,"title":60,"description":61,"plugin_slug":4,"theme_slug":37,"affected_versions":62,"patched_in_version":63,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":64,"updated_date":65,"references":66,"days_to_patch":68},"CVE-2025-30610","wp-social-widget-authenticated-contributor-stored-cross-site-scripting","WP Social Widget \u003C= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.2.6","2.2.7","2025-03-24 00:00:00","2025-04-30 14:08:14",[67],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F358b595b-9e4b-4bf9-ac4f-03683c284078?source=api-prod",38,{"id":70,"url_slug":71,"title":72,"description":73,"plugin_slug":4,"theme_slug":37,"affected_versions":74,"patched_in_version":75,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":76,"updated_date":77,"references":78,"days_to_patch":28},"CVE-2024-27189","wp-social-widget-authenticated-contributor-stored-cross-site-scripting-via-shortcode","WP Social Widget \u003C= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode","The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.2.5","2.2.6","2024-02-28 00:00:00","2024-02-28 19:31:04",[79],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1df421ac-c8fc-4505-989e-1d822ca6de7a?source=api-prod",{"id":81,"url_slug":82,"title":83,"description":84,"plugin_slug":4,"theme_slug":37,"affected_versions":85,"patched_in_version":86,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":87,"updated_date":88,"references":89,"days_to_patch":91},"CVE-2023-0074","wp-social-widget-authenticated-contributor-stored-cross-site-scripting-via-shortcode-2","WP Social Widget \u003C= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=2.2.3","2.2.4","2023-01-06 00:00:00","2024-01-22 19:56:02",[90],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbebedaa9-6689-4863-91c6-2ab52a9353db?source=api-prod",382,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":93,"avg_security_score":94,"avg_patch_time_days":95,"trust_score":96,"computed_at":97},10030,84,159,68,"2026-04-03T23:26:38.001Z",[99,118,132,152,172],{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":115,"download_link":116,"security_score":117,"vuln_count":109,"unpatched_count":109,"last_vuln_date":37,"fetched_at":30},"social-tools","Social Tools","1.0.1","desishe","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesishe\u002F","\u003Cp>Social Tools is a free plugin which creates nice widgets allowing to display links and icons to your social networking  profiles in your WordPress site. Now you can integrate your accounts in the most popular social media (Facebook, Instagram, Twitter, Pinterest, YouTube) into your website and customize the widgets in a few clicks.\u003C\u002Fp>\n\u003Cp>The plugin creates the following widgets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Social Tools Facebook Likebox:\u003C\u002Fstrong> here you can add a title and a Facebook page link to show how many likes the page has and how many friends like it.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Tools Instagram Feed:\u003C\u002Fstrong> here you can add titles, Instagram username or tag, select the number of photos to be shown, choose the size of the photo and the option of opening links in a current window or a new one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Tools Social Icons:\u003C\u002Fstrong> here you can add links to your accounts in the most popular social networks – Facebook, Instagram, Twitter, Pinterest, YouTube.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Fully customizable titles, colors, icon and photo sizes, padding, border radius, etc.\u003Cbr \u002F>\n– Input fields for your social profile links\u003Cbr \u002F>\n– No need to enter passwords or log into your social accounts\u003Cbr \u002F>\n– Shortcodes for creating widgets in any place of your site\u003Cbr \u002F>\n– You need only WordPress to use this tool, no additional plugins required\u003Cbr \u002F>\n– Compatible with WooCommerce and AliDropship\u003C\u002Fp>\n\u003Ch4>Minimum Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>WordPress 4.9.5 or greater\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>PHP version 5.6 or greater\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>In case you have any questions or need technical assistance, please use support forum.\u003C\u002Fp>\n","The plugin creates three widgets for displaying various social media sites: Social Icons, Facebook Likebox, Instagram Feed.",10,1507,0,"2021-03-10T05:59:00.000Z","5.7.15","4.9.5","5.6",[20,21,22,23,4],"https:\u002F\u002Fyellowduck.me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-tools.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":109,"downloaded":126,"rating":109,"num_ratings":109,"last_updated":127,"tested_up_to":128,"requires_at_least":17,"requires_php":18,"tags":129,"homepage":130,"download_link":131,"security_score":117,"vuln_count":109,"unpatched_count":109,"last_vuln_date":37,"fetched_at":30},"wp-social-followers-count","WP Social Follower","1.0.0","Mahfuzur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Frakib3784\u002F","\u003Cp>WP Social Follower is a plugin which takes a simple, extendable approach to display links along with social icons to your social networking  profiles in WordPress.\u003Cbr \u002F>\nIt allows you to share your social contacts and news feeds through your WordPress website.\u003C\u002Fp>\n\u003Cp>You will find following plugin with options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Background Color\u003C\u002Fli>\n\u003Cli>Background Hover Color\u003C\u002Fli>\n\u003Cli>Icon Color\u003C\u002Fli>\n\u003Cli>Icon Hover Color\u003C\u002Fli>\n\u003Cli>Icon to circle\u003C\u002Fli>\n\u003Cli>Input fields to input your social profile links\u003C\u002Fli>\n\u003Cli>Input fields to input your social profile informations\u003C\u002Fli>\n\u003Cli>Widget Usage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Here are the social networks to share your contacts are given below\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>facebook              \u003C\u002Fli>\n\u003Cli>twitter                               \u003C\u002Fli>\n\u003Cli>dribbble                              \u003C\u002Fli>\n\u003Cli>google                                    \u003C\u002Fli>\n\u003Cli>youtube\u003C\u002Fli>\n\u003C\u002Ful>\n","A widget plugin to add links of social networking sites.",1333,"2017-06-23T18:30:00.000Z","4.8.28",[20,21,22,23,4],"http:\u002F\u002Fplugins.jeweltheme.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-social-followers-count.1.0.0.zip",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":13,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":150,"download_link":151,"security_score":117,"vuln_count":109,"unpatched_count":109,"last_vuln_date":37,"fetched_at":30},"lightweight-social-icons","Lightweight Social Icons","1.1","Tom","https:\u002F\u002Fprofiles.wordpress.org\u002Fedge22\u002F","\u003Cp>Lightweight Social Icons is an easy to use, lightweight social icon widget which lets you display your favorite social profile icons.\u003C\u002Fp>\n\u003Cp>The icons use an icon font, meaning you can choose the size, border radius (roundess), color and hover color of your icons!\u003C\u002Fp>\n\u003Cp>Check out GeneratePress, our awesome WordPress theme! (https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgeneratepress)\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose your own order\u003C\u002Fli>\n\u003Cli>Icon size\u003C\u002Fli>\n\u003Cli>Border radius\u003C\u002Fli>\n\u003Cli>Background color\u003C\u002Fli>\n\u003Cli>Text\u002Ficon color\u003C\u002Fli>\n\u003Cli>Background color on hover\u003C\u002Fli>\n\u003Cli>Text\u002Ficon color on hover\u003C\u002Fli>\n\u003Cli>Open links in new window\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable tooltips\u003C\u002Fli>\n\u003Cli>Alignment of icons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Included icons:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Google+\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Flickr\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>RSS\u003C\u002Fli>\n\u003Cli>Stumbleupon\u003C\u002Fli>\n\u003Cli>Tumblr\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003Cli>Github\u003C\u002Fli>\n\u003Cli>Soundcloud\u003C\u002Fli>\n\u003Cli>DeviantArt\u003C\u002Fli>\n\u003Cli>Phone\u003C\u002Fli>\n\u003Cli>Skype\u003C\u002Fli>\n\u003Cli>Dribbble\u003C\u002Fli>\n\u003Cli>Foursquare\u003C\u002Fli>\n\u003Cli>Reddit\u003C\u002Fli>\n\u003Cli>Spotify\u003C\u002Fli>\n\u003Cli>Digg\u003C\u002Fli>\n\u003Cli>Vine\u003C\u002Fli>\n\u003Cli>Codepen\u003C\u002Fli>\n\u003Cli>Delicious\u003C\u002Fli>\n\u003Cli>JSFiddle\u003C\u002Fli>\n\u003Cli>Stack Overflow\u003C\u002Fli>\n\u003Cli>WordPress\u003C\u002Fli>\n\u003Cli>Dropbox\u003C\u002Fli>\n\u003Cli>Steam\u003C\u002Fli>\n\u003Cli>Behance\u003C\u002Fli>\n\u003Cli>iTunes\u003C\u002Fli>\n\u003Cli>Yelp\u003C\u002Fli>\n\u003Cli>500px\u003C\u002Fli>\n\u003Cli>AngelList\u003C\u002Fli>\n\u003Cli>Blog Lovin’\u003C\u002Fli>\n\u003Cli>Paper Plane (Newsletter)\u003C\u002Fli>\n\u003Cli>VK\u003C\u002Fli>\n\u003Cli>Xing\u003C\u002Fli>\n\u003Cli>Bandcamp\u003C\u002Fli>\n\u003Cli>BitBucket\u003C\u002Fli>\n\u003Cli>Snapchat\u003C\u002Fli>\n\u003Cli>Trip Advisor\u003C\u002Fli>\n\u003Cli>Houzz\u003C\u002Fli>\n\u003Cli>Mixcloud\u003C\u002Fli>\n\u003Cli>Last.fm\u003C\u002Fli>\n\u003C\u002Ful>\n","Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.",30000,464772,63,"2020-03-18T17:14:00.000Z","5.4.19","4.5",[147,20,22,148,149],"social-icon-widget","social-networking","social-profiles","http:\u002F\u002Fgeneratepress.com\u002Flightweight-social-icons","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightweight-social-icons.1.1.zip",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":160,"downloaded":161,"rating":162,"num_ratings":163,"last_updated":164,"tested_up_to":165,"requires_at_least":166,"requires_php":18,"tags":167,"homepage":169,"download_link":170,"security_score":171,"vuln_count":109,"unpatched_count":109,"last_vuln_date":37,"fetched_at":30},"socials-ignited","Socials Ignited","2.0.0","Anastis Sourgoutsidis","https:\u002F\u002Fprofiles.wordpress.org\u002Fanastis\u002F","\u003Cp>Brought to you by the \u003Ca href=\"https:\u002F\u002Fwww.cssigniter.com\u002F\" title=\"Premium WordPress Themes\" rel=\"nofollow ugc\">CSSIgniter\u003C\u002Fa> folks, the Socials Ignited\u003Cbr \u002F>\nplugin allows you to display and link icons on your website of more than 50 social networks, just by dragging a widget.\u003C\u002Fp>\n\u003Cp>The plugin supports all FontAwesome 5.x free icons providing you with hundreds of options to display your social profiles, contact methods and more.\u003C\u002Fp>\n\u003Cp>A preconfigured list of the most popular social networks can be found under Customize -> Socials Ignited for you to fill in. Alternatively you can create custom sets of icons right on the widget.\u003C\u002Fp>\n","The Socials Ignited plugin gives you a widget, allowing you to display and link icons on your website of more than 50 social networks.",2000,84550,86,4,"2025-04-25T13:09:00.000Z","6.8.5","5.2",[20,22,148,149,168],"social-widgets","https:\u002F\u002Fwww.cssigniter.com\u002Fsocials-ignited\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocials-ignited.2.0.0.zip",100,{"slug":173,"name":174,"version":175,"author":176,"author_profile":177,"description":178,"short_description":179,"active_installs":180,"downloaded":181,"rating":109,"num_ratings":109,"last_updated":182,"tested_up_to":183,"requires_at_least":184,"requires_php":185,"tags":186,"homepage":189,"download_link":190,"security_score":117,"vuln_count":109,"unpatched_count":109,"last_vuln_date":37,"fetched_at":30},"social-network-widget","Social Network Widget","1.1.1","Mahdi Yazdani","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahdiyazdani\u002F","\u003Cp>A simple widget that allows you easily add icons for the most popular social networks to your sidebar or other widget area.\u003C\u002Fp>\n","A simple customizable social networks widget for your sidebars.",20,1552,"2020-11-08T15:06:00.000Z","5.5.18","5.0","7.2.0",[20,22,187,149,188],"social-networks","widget","https:\u002F\u002Fwww.mypreview.one","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-network-widget.1.1.1.zip",{"attackSurface":192,"codeSignals":219,"taintFlows":457,"riskAssessment":458,"analyzedAt":470},{"hooks":193,"ajaxHandlers":211,"restRoutes":212,"shortcodes":213,"cronEvents":218,"entryPointCount":28,"unprotectedCount":109},[194,199,201,206],{"type":195,"name":196,"callback":197,"file":198,"line":163},"action","admin_enqueue_scripts","wpsw_social_admin_css_styles","inc\\include_file.php",{"type":195,"name":200,"callback":197,"file":198,"line":27},"wp_enqueue_scripts",{"type":202,"name":203,"callback":204,"file":205,"line":163},"filter","widget_text","do_shortcode","inc\\shortcodes.php",{"type":195,"name":207,"callback":208,"file":209,"line":210},"widgets_init","wpsw_register_social_network","inc\\social-widget.php",651,[],[],[214],{"tag":215,"callback":216,"file":205,"line":217},"wpsw","wpsw_shortcode",178,[],{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":223,"fileOperations":109,"externalRequests":109,"nonceChecks":28,"capabilityChecks":109,"bundledLibraries":456},[],{"prepared":109,"raw":109,"locations":222},[],{"escaped":224,"rawEcho":225,"locations":226},180,130,[227,230,231,233,234,236,237,239,240,242,243,245,246,248,249,251,253,255,256,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,343,344,346,348,349,351,353,354,356,358,359,361,363,364,366,368,369,371,373,374,376,378,379,381,383,384,386,388,389,391,393,394,396,398,399,401,403,404,406,408,409,411,413,414,416,418,419,421,423,424,426,428,429,431,433,434,436,438,439,441,443,444,446,448,449,451,453,454],{"file":209,"line":228,"context":229},112,"raw output",{"file":209,"line":228,"context":229},{"file":209,"line":232,"context":229},119,{"file":209,"line":232,"context":229},{"file":209,"line":235,"context":229},131,{"file":209,"line":235,"context":229},{"file":209,"line":238,"context":229},138,{"file":209,"line":238,"context":229},{"file":209,"line":241,"context":229},146,{"file":209,"line":241,"context":229},{"file":209,"line":244,"context":229},152,{"file":209,"line":244,"context":229},{"file":209,"line":247,"context":229},161,{"file":209,"line":247,"context":229},{"file":209,"line":250,"context":229},172,{"file":209,"line":252,"context":229},174,{"file":209,"line":254,"context":229},176,{"file":209,"line":217,"context":229},{"file":209,"line":224,"context":229},{"file":209,"line":258,"context":229},182,{"file":209,"line":260,"context":229},184,{"file":209,"line":262,"context":229},186,{"file":209,"line":264,"context":229},188,{"file":209,"line":266,"context":229},190,{"file":209,"line":268,"context":229},192,{"file":209,"line":270,"context":229},194,{"file":209,"line":272,"context":229},196,{"file":209,"line":274,"context":229},198,{"file":209,"line":276,"context":229},200,{"file":209,"line":278,"context":229},202,{"file":209,"line":280,"context":229},204,{"file":209,"line":282,"context":229},206,{"file":209,"line":284,"context":229},208,{"file":209,"line":286,"context":229},210,{"file":209,"line":288,"context":229},212,{"file":209,"line":290,"context":229},214,{"file":209,"line":292,"context":229},216,{"file":209,"line":294,"context":229},218,{"file":209,"line":296,"context":229},220,{"file":209,"line":298,"context":229},222,{"file":209,"line":300,"context":229},224,{"file":209,"line":302,"context":229},226,{"file":209,"line":304,"context":229},228,{"file":209,"line":306,"context":229},230,{"file":209,"line":308,"context":229},232,{"file":209,"line":310,"context":229},234,{"file":209,"line":312,"context":229},236,{"file":209,"line":314,"context":229},238,{"file":209,"line":316,"context":229},240,{"file":209,"line":318,"context":229},242,{"file":209,"line":320,"context":229},244,{"file":209,"line":322,"context":229},246,{"file":209,"line":324,"context":229},248,{"file":209,"line":326,"context":229},250,{"file":209,"line":328,"context":229},252,{"file":209,"line":330,"context":229},254,{"file":209,"line":332,"context":229},256,{"file":209,"line":334,"context":229},258,{"file":209,"line":336,"context":229},260,{"file":209,"line":338,"context":229},262,{"file":209,"line":340,"context":229},268,{"file":209,"line":342,"context":229},271,{"file":209,"line":342,"context":229},{"file":209,"line":345,"context":229},275,{"file":209,"line":347,"context":229},278,{"file":209,"line":347,"context":229},{"file":209,"line":350,"context":229},281,{"file":209,"line":352,"context":229},284,{"file":209,"line":352,"context":229},{"file":209,"line":355,"context":229},288,{"file":209,"line":357,"context":229},291,{"file":209,"line":357,"context":229},{"file":209,"line":360,"context":229},296,{"file":209,"line":362,"context":229},299,{"file":209,"line":362,"context":229},{"file":209,"line":365,"context":229},303,{"file":209,"line":367,"context":229},306,{"file":209,"line":367,"context":229},{"file":209,"line":370,"context":229},310,{"file":209,"line":372,"context":229},313,{"file":209,"line":372,"context":229},{"file":209,"line":375,"context":229},317,{"file":209,"line":377,"context":229},320,{"file":209,"line":377,"context":229},{"file":209,"line":380,"context":229},324,{"file":209,"line":382,"context":229},327,{"file":209,"line":382,"context":229},{"file":209,"line":385,"context":229},331,{"file":209,"line":387,"context":229},334,{"file":209,"line":387,"context":229},{"file":209,"line":390,"context":229},338,{"file":209,"line":392,"context":229},341,{"file":209,"line":392,"context":229},{"file":209,"line":395,"context":229},345,{"file":209,"line":397,"context":229},348,{"file":209,"line":397,"context":229},{"file":209,"line":400,"context":229},352,{"file":209,"line":402,"context":229},355,{"file":209,"line":402,"context":229},{"file":209,"line":405,"context":229},359,{"file":209,"line":407,"context":229},362,{"file":209,"line":407,"context":229},{"file":209,"line":410,"context":229},366,{"file":209,"line":412,"context":229},369,{"file":209,"line":412,"context":229},{"file":209,"line":415,"context":229},373,{"file":209,"line":417,"context":229},376,{"file":209,"line":417,"context":229},{"file":209,"line":420,"context":229},380,{"file":209,"line":422,"context":229},383,{"file":209,"line":422,"context":229},{"file":209,"line":425,"context":229},387,{"file":209,"line":427,"context":229},390,{"file":209,"line":427,"context":229},{"file":209,"line":430,"context":229},394,{"file":209,"line":432,"context":229},397,{"file":209,"line":432,"context":229},{"file":209,"line":435,"context":229},401,{"file":209,"line":437,"context":229},404,{"file":209,"line":437,"context":229},{"file":209,"line":440,"context":229},408,{"file":209,"line":442,"context":229},411,{"file":209,"line":442,"context":229},{"file":209,"line":445,"context":229},415,{"file":209,"line":447,"context":229},418,{"file":209,"line":447,"context":229},{"file":209,"line":450,"context":229},422,{"file":209,"line":452,"context":229},425,{"file":209,"line":452,"context":229},{"file":209,"line":455,"context":229},643,[],[],{"summary":459,"deductions":460},"The wp-social-widget plugin, version 2.3.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and includes a nonce check. The static analysis also reveals no dangerous functions, file operations, or external HTTP requests, and a relatively small attack surface with only one shortcode entry point, none of which are immediately identified as unprotected. However, a significant concern arises from the code's output escaping, where only 58% of outputs are properly escaped. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history. The vulnerability history is a major red flag, with a total of 5 known CVEs, one of which remains unpatched. The prevalence of medium-severity XSS vulnerabilities in its past suggests a recurring pattern of improper input handling. While no critical or high-severity issues were found in the current static analysis, the history and the partial output escaping suggest a considerable risk of new or existing vulnerabilities being exploitable. The lack of capability checks on the single entry point is also a potential area of concern for privilege escalation or unauthorized access if the shortcode handles sensitive data or actions.",[461,463,466,468],{"reason":462,"points":180},"Unpatched CVEs present",{"reason":464,"points":465},"Significant portion of outputs not properly escaped",15,{"reason":467,"points":107},"No capability checks on entry points",{"reason":469,"points":107},"History of multiple medium severity CVEs","2026-03-16T18:11:14.053Z",{"wat":472,"direct":485},{"assetPaths":473,"generatorPatterns":478,"scriptPaths":479,"versionParams":480},[474,475,476,477],"\u002Fwp-content\u002Fplugins\u002Fwp-social-widget\u002Fassets\u002Fcss\u002Fsocial-icons.css","\u002Fwp-content\u002Fplugins\u002Fwp-social-widget\u002Fassets\u002Fcss\u002Fsocial-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-social-widget\u002Fassets\u002Fjs\u002Fsocial-color_picker.js","\u002Fwp-content\u002Fplugins\u002Fwp-social-widget\u002Fassets\u002Fcss\u002Fsocial-admin_style.css",[],[476],[481,482,483,484],"wp-social-widget\u002Fassets\u002Fcss\u002Fsocial-icons.css?ver=","wp-social-widget\u002Fassets\u002Fcss\u002Fsocial-style.css?ver=","wp-social-widget\u002Fassets\u002Fjs\u002Fsocial-color_picker.js?ver=","wp-social-widget\u002Fassets\u002Fcss\u002Fsocial-admin_style.css?ver=",{"cssClasses":486,"htmlComments":511,"htmlAttributes":512,"restEndpoints":525,"jsGlobals":526,"shortcodeOutput":527},[487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510],"wpsw-social-links-shortcode","social-icon","sicon-behance","sicon-dribbble","sicon-facebook","sicon-flickr","sicon-foursquare","sicon-github","sicon-google","sicon-instagram","sicon-linkedin","sicon-mail","sicon-pinterest","sicon-rss","sicon-skype","sicon-soundcloud","sicon-stumbleupon","sicon-tumblr","sicon-vimeo","sicon-vine","sicon-vk","sicon-xing","sicon-yelp","sicon-youtube",[],[513,514,515,516,517,518,519,520,521,522,523,524],"aria-label=\"Behance\"","aria-label=\"Dribble\"","aria-label=\"facebook\"","aria-label=\"Flickr\"","aria-label=\"Foursquare\"","aria-label=\"github\"","aria-label=\"Google\"","aria-label=\"instagram\"","aria-label=\"Linkedin\"","aria-label=\"Email\"","aria-label=\"Pinterest\"","aria-label=\"RSS\"",[],[],[528,529,530,531,532,533,534,535,536,537,538,539,540],"\u003Cul class='wpsw-social-links-shortcode'>","\u003Cli class=\"behance\">\u003Ca href=\"","\u003Cli class=\"dribbble\">\u003Ca href=\"","\u003Cli class=\"facebook\">\u003Ca href=\"","\u003Cli class=\"flickr\">\u003Ca href=\"","\u003Cli class=\"foursquare\">\u003Ca href=\"","\u003Cli class=\"github\">\u003Ca href=\"","\u003Cli class=\"google\">\u003Ca href=\"","\u003Cli class=\"instagram\">\u003Ca href=\"","\u003Cli class=\"linkedin\">\u003Ca href=\"","\u003Cli class=\"mail\">\u003Ca href=\"mailto:","\u003Cli class=\"pinterest\">\u003Ca href=\"","\u003Cli class=\"rss\">\u003Ca href=\""]