WP-Safety

Post to Social Media – WordPress to Hootsuite Security & Risk Analysis

wordpress.org/plugins/wp-to-hootsuite

Automatically share WordPress Pages, Posts or Custom Post Types to Facebook, Twitter and LinkedIn using your Hootsuite (hootsuite.com) account.

300 active installs v1.6.5 PHP 7.4+ WP 5.0+ Updated Nov 17, 2025
auto-postauto-publishhootsuitesocial-media-automationsocial-media-scheduling
98
A · Safe
CVEs total2
Unpatched0
Last CVEApr 4, 2025
Plugin page Download
Safety Verdict

Is Post to Social Media – WordPress to Hootsuite Safe to Use in 2026?

Generally Safe

Score 98/100

Post to Social Media – WordPress to Hootsuite has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 4, 2025Updated 4mo ago
Risk Assessment

The "wp-to-hootsuite" plugin v1.6.5 exhibits a generally good security posture based on static analysis, with no detected critical or high severity taint flows and a high percentage of properly escaped output. The plugin demonstrates good practices in SQL query handling by exclusively using prepared statements and includes a reasonable number of nonce and capability checks. However, the presence of two historical medium severity CVEs, specifically CSRF and XSS, despite none being currently unpatched, is a notable concern. This history suggests potential vulnerabilities in how user input is handled or actions are authorized, even if current versions appear to have addressed them. While the static analysis reveals no immediate attack vectors like unprotected AJAX handlers or REST API routes, the historical pattern warrants vigilance.

Key Concerns

  • 2 historical medium CVEs (CSRF, XSS)
  • 2 historical medium CVEs (CSRF, XSS)
Vulnerabilities
2

Post to Social Media – WordPress to Hootsuite Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-32267medium · 4.3Cross-Site Request Forgery (CSRF)

Post to Social Media – WordPress to Hootsuite <= 1.5.9 - Cross-Site Request Forgery

Apr 4, 2025 Patched in 1.6.0 (19d)
WF-cd93da2b-a64d-45a0-8d6c-e2a93ef20e13-wp-to-hootsuitemedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress to Hootsuite <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting

Aug 5, 2022 Patched in 1.4.6 (536d)
Code Analysis
Analyzed Mar 16, 2026

Post to Social Media – WordPress to Hootsuite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
66 escaped
Nonce Checks
4
Capability Checks
1
File Operations
5
External Requests
8
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

96% escaped69 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-wpzincdashboardwidget> (_modules\dashboard\class-wpzincdashboardwidget.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post to Social Media – WordPress to Hootsuite Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actioninitincludes\class-wp-to-hootsuite.php:80
actioninitincludes\class-wp-to-hootsuite.php:81
actionwp_to_hootsuite_output_authincludes\class-wp-to-social-pro-hootsuite-api.php:122
actionwp_to_hootsuite_pro_output_authincludes\class-wp-to-social-pro-hootsuite-api.php:123
actionwp_to_hootsuite_log_cleanup_cronincludes\cron.php:27
actionwp_insert_sitewp-to-hootsuite.php:98
actionwpmu_new_blogwp-to-hootsuite.php:100
actionactivate_blogwp-to-hootsuite.php:102
filteradmin_body_class_modules\dashboard\class-wpzincdashboardwidget.php:123
actionadmin_enqueue_scripts_modules\dashboard\class-wpzincdashboardwidget.php:124
actionadmin_notices_modules\dashboard\class-wpzincdashboardwidget.php:137
filteradmin_footer_text_modules\dashboard\class-wpzincdashboardwidget.php:138
actioninit_modules\dashboard\class-wpzincdashboardwidget.php:142
actioninit_modules\dashboard\class-wpzincdashboardwidget.php:143
filterallowed_redirect_hosts_modules\dashboard\class-wpzincdashboardwidget.php:146
Maintenance & Trust

Post to Social Media – WordPress to Hootsuite Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 17, 2025
PHP min version7.4
Downloads68K

Community Trust

Rating82/100
Number of ratings15
Active installs300
Alternatives

Post to Social Media – WordPress to Hootsuite Alternatives

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

evergreen-content-poster

A
96

Automatically share your best WordPress content (posts/pages/custom post types) to X (Twitter), Mastodon, Facebook, Instagram, Pinterest, LinkedIn and &hellip;

100 6 CVEs
Auto Post to Social Media from Social Champ

Auto Post to Social Media from Social Champ

auto-post-to-social-media-wp-to-social-champ

A
99

It sends WP Pages, Posts or Custom Post Types to your Social Champ (SocialChamp.com) account for immediate or scheduled publishing to social networks.

40 1 CVE
PR-Gateway Connect

PR-Gateway Connect

pr-gateway-connect

A
85

Dear user,

20 No CVEs
Post Bridge Social Poster

Post Bridge Social Poster

post-bridge-social-poster

A
100

Unofficial Plugin to automatically post WordPress Content to Social Media using your Post Bridge (post-bridge.com) account.

0 No CVEs
Revive Social – Social Media Auto Post and Scheduling Automation Plugin

Revive Social – Social Media Auto Post and Scheduling Automation Plugin

tweet-old-post

A
95

Automatically share your WordPress posts on multiple social networks like Facebook, X (Twitter), LinkedIn, Instagram and more.

20K 3 CVEs
Developer Profile

Post to Social Media – WordPress to Hootsuite Developer Profile

wpzinc

6 plugins · 12K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
378 days
View full developer profile
Detection Fingerprints

How We Detect Post to Social Media – WordPress to Hootsuite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-to-hootsuite/includes/css/wp-to-hootsuite-admin.css/wp-content/plugins/wp-to-hootsuite/includes/js/wp-to-hootsuite-admin.js/wp-content/plugins/wp-to-hootsuite/lib/includes/wpzinc/dashboard-widget/assets/css/dashboard-widget.css/wp-content/plugins/wp-to-hootsuite/lib/includes/wpzinc/dashboard-widget/assets/js/dashboard-widget.js
Script Paths
/wp-content/plugins/wp-to-hootsuite/includes/js/wp-to-hootsuite-admin.js/wp-content/plugins/wp-to-hootsuite/lib/includes/wpzinc/dashboard-widget/assets/js/dashboard-widget.js
Version Parameters
wp-to-hootsuite/includes/css/wp-to-hootsuite-admin.css?ver=wp-to-hootsuite/includes/js/wp-to-hootsuite-admin.js?ver=wpzinc/dashboard-widget/assets/css/dashboard-widget.css?ver=wpzinc/dashboard-widget/assets/js/dashboard-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-to-hootsuite-admin-settingswpzinc-dashboard-widget
HTML Comments
WP Zinc Dashboard Widget
Data Attributes
data-wp-to-hootsuite-ajax-url
JS Globals
wp_to_hootsuite_admin_params
FAQ

Frequently Asked Questions about Post to Social Media – WordPress to Hootsuite