Does WPB Social Master have any unpatched vulnerabilities?

No. All known vulnerabilities in WPB Social Master have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPB Social Master compatible with WordPress 3.9.40?

According to WordPress.org data, WPB Social Master 1.0 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is WPB Social Master updated?

WPB Social Master was last updated on Mar 11, 2015. Frequent updates are generally a positive security signal.

What is WPB Social Master's security score?

WPB Social Master has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPB Social Master Security & Risk Analysis

wordpress.org/plugins/wpb-social-master

This plugin will add responsive social share & follow icons. Very easy to use, just put a shortcode.

50 active installs v1.0 PHP + WP 3.3+ Updated Mar 11, 2015

facebook-socialsocialsocial-mediasocial-networksocial-share

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPB Social Master Safe to Use in 2026?

Generally Safe

Score 85/100

WPB Social Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'wpb-social-master' plugin version 1.0 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and its SQL queries are all properly prepared, which is a significant strength. Additionally, it avoids external HTTP requests and file operations, reducing common attack vectors. However, the static analysis reveals several critical areas of concern. The presence of the `create_function` is a known security risk as it can lead to arbitrary code execution if not handled with extreme caution, especially if user input can influence its execution. Furthermore, a significant portion of output (50%) is not properly escaped, presenting a clear risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks across all entry points (shortcodes in this case) makes these functionalities vulnerable to CSRF attacks and privilege escalation, respectively, as they lack essential authorization and verification mechanisms.

Key Concerns

Dangerous function 'create_function' used
50% of output not properly escaped (XSS risk)
0 Nonce checks found
0 Capability checks found

Vulnerabilities

None known

WPB Social Master Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WPB Social Master Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');class.settings-api.php:115

Output Escaping

20% escaped40 total outputs

Attack Surface

WPB Social Master Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[wpb-social-share] main.php:137

[wpb-social-follow] main.php:154

WordPress Hooks 10

actionadmin_enqueue_scriptsclass.settings-api.php:35

actioninitmain.php:15

actionwp_enqueue_scriptsmain.php:25

actioninitmain.php:35

actionwp_footermain.php:92

actionwp_headmain.php:122

actioninitmain.php:139

actioninitmain.php:156

actionadmin_initwpb-settings.php:19

actionadmin_menuwpb-settings.php:20

Maintenance & Trust

WPB Social Master Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedMar 11, 2015

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings3

Active installs50

Alternatives

WPB Social Master Alternatives

Catch Social Share

catch-social-share

100

Catch Social Share - Catch Social Share is a simple yet feature-rich social sharing WordPress plugin that adds social share buttons on your site.

40 No CVEs

Hubbub Lite – Fast, free social sharing and follow buttons

social-pug

Your content is worth sharing. Let's makes it easier!

30K 9 CVEs

WP-Socialight

wp-socialight

100

WP-Socialight is a simple, lightweight social share plugin that will increase the interaction on your website.

20 No CVEs

Rigororus Social Share

rigorous-social-share

Add differnet social share to your website including social share count.

10 No CVEs

Social Media Sharing by FVP

social-media-sharing-by-fvp

Add buttons to share your posts and pages in most popular social media, you can choose between various styles.

10 No CVEs

Developer Profile

WPB Social Master Developer Profile

WPBean

25 plugins · 40K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

20 days

View full developer profile

Detection Fingerprints

How We Detect WPB Social Master

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpb-social-master/js/socialProfiles.min.js/wp-content/plugins/wpb-social-master/js/socialShare.min.js/wp-content/plugins/wpb-social-master/css/arthref.min.css/wp-content/plugins/wpb-social-master/css/main.css

Script Paths

/wp-content/plugins/wpb-social-master/js/socialProfiles.min.js/wp-content/plugins/wpb-social-master/js/socialShare.min.js

Version Parameters

wpb-social-master/css/main.css?ver=wpb-social-master/js/socialShare.min.js?ver=wpb-social-master/js/socialProfiles.min.js?ver=wpb-social-master/css/arthref.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpbshareSelectorwpbfollowSelector

JS Globals

socialSharesocialProfiles

Shortcode Output

<div class="wpbshareSelector"></div><div class="wpbfollowSelector"></div>

FAQ