Does Social Media Stats have any unpatched vulnerabilities?

No. All known vulnerabilities in Social Media Stats have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Social Media Stats compatible with WordPress 6.0.11?

According to WordPress.org data, Social Media Stats 2.0.7 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Social Media Stats updated?

Social Media Stats was last updated on Jul 21, 2022. Frequent updates are generally a positive security signal.

What is Social Media Stats's security score?

Social Media Stats has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Social Media Stats Security & Risk Analysis

wordpress.org/plugins/wpsocialstats

Social Media Stats is a social analytics plugin that tracks and reports the performance of your blog or website posts on social networks.

50 active installs v2.0.7 PHP + WP 2.6+ Updated Jul 21, 2022

social-mediasocial-media-analyticssocial-media-metricssocial-media-stats

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Social Media Stats Safe to Use in 2026?

Generally Safe

Score 85/100

Social Media Stats has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "wpsocialstats" v2.0.7 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. With 6 AJAX handlers completely lacking authentication checks, any authenticated user could potentially trigger these functions, opening the door to various attacks. The taint analysis further highlights this concern, revealing 2 high-severity flows with unsanitized paths, indicating potential for code injection or data manipulation when user input is not properly validated before being used. The presence of the unserialize function, a known risk for deserialization vulnerabilities if not handled with extreme care, adds another layer of concern, especially given the lack of robust input sanitization.

While the plugin has no recorded vulnerability history (CVEs), this does not guarantee its current safety. The static analysis reveals a strong reliance on user input without proper security measures. The code signals also indicate a lack of attention to output escaping (only 21% properly escaped), which could lead to Cross-Site Scripting (XSS) vulnerabilities. The absence of any nonce checks on AJAX handlers is a critical oversight. In conclusion, while the plugin's historical vulnerability record is clean, the current static analysis results point to significant weaknesses that require immediate attention. The high number of unprotected entry points and high-severity taint flows are major red flags, outweighing the lack of historical CVEs.

Key Concerns

AJAX handlers without auth checks
High severity taint flows with unsanitized paths
Dangerous function: unserialize
Insufficient output escaping
No nonce checks on AJAX handlers
SQL queries without prepared statements

Vulnerabilities

None known

Social Media Stats Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Social Media Stats Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$count_data = unserialize( $count_data );classes\social_stats_dashboard.php:217

unserialize$count_data = unserialize( get_post_meta( $elem_id, "WSS_DATA", true) );classes\social_stats_table.php:304

unserialize$count_data = unserialize( get_post_meta( get_the_ID(), "WSS_DATA", true) );classes\social_stats_table.php:402

unserialize$count_data = unserialize( get_post_meta( $elem_id, "WSS_DATA", true) );classes\social_stats_table.php:526

SQL Query Safety

43% prepared7 total queries

Output Escaping

21% escaped38 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths

wordpress_social_stats_update (classes\social_stats_dashboard.php:358)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Social Media Stats Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_wss_refreshclasses\social_stats_dashboard.php:332

authwp_ajax_wss_update_statsclasses\social_stats_dashboard.php:333

authwp_ajax_wss_stats_logclasses\social_stats_dashboard.php:334

authwp_ajax_wss_signupclasses\social_stats_dashboard.php:335

authwp_ajax_save-auto-update-stat-optionsclasses\social_stats_dashboard.php:338

authwp_ajax_get-auto-update-stat-optionsclasses\social_stats_dashboard.php:339

WordPress Hooks 8

actionadmin_initclasses\social_stats_dashboard.php:150

actionwp_enqueue_scriptsincludes\functions.php:10

actionphynuchs-update-stats_eventincludes\functions.php:18

actionswitch_themeincludes\widgets.php:17

actionwidgets_initincludes\widgets.php:194

actionafter_setup_themewp-social-stats.php:69

actioninitwp-social-stats.php:70

actionadmin_menuwp-social-stats.php:71

Scheduled Events 1

phynuchs-update-stats_event

Maintenance & Trust

Social Media Stats Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJul 21, 2022

PHP min version

Downloads17K

Community Trust

Rating80/100

Number of ratings3

Active installs50

Alternatives

Social Media Stats Alternatives

AddToAny Share Buttons

add-to-any

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs

Astra Widgets

astra-widgets

Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.

200K 3 CVEs

Social Sharing Plugin – Sassy Social Share

sassy-social-share

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs

Simple Social Icons

simple-social-icons

100

This plugin provides two ways to display social icons: a traditional widget (available on all WordPress versions) and block variations for the core So …

100K No CVEs

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs

Developer Profile

Social Media Stats Developer Profile

WP Republic

4 plugins · 20K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect Social Media Stats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpsocialstats/css/dashboard.css/wp-content/plugins/wpsocialstats/css/main.css/wp-content/plugins/wpsocialstats/scripts/jquery.phynuchs.js/wp-content/plugins/wpsocialstats/scripts/jquery.phynuchs.tooltip.js/wp-content/plugins/wpsocialstats/scripts/jquery.phynuchs.update.js/wp-content/plugins/wpsocialstats/scripts/wpsocialstats.js

Script Paths

jquery.phynuchs.jsjquery.phynuchs.tooltip.jsjquery.phynuchs.update.jswpsocialstats.js

Version Parameters

wpsocialstats/css/dashboard.css?ver=wpsocialstats/css/main.css?ver=wpsocialstats/scripts/jquery.phynuchs.js?ver=wpsocialstats/scripts/jquery.phynuchs.tooltip.js?ver=wpsocialstats/scripts/jquery.phynuchs.update.js?ver=wpsocialstats/scripts/wpsocialstats.js?ver=

HTML / DOM Fingerprints

CSS Classes

social-media-statsphynuchs-casual-loopwpsocialstats-data-container

HTML Comments

added by GenLEE Beginadded by GenLEE End

Data Attributes

data-phy-ajax-data

JS Globals

phynuchs_global_ajax_dataphynuchs_global_ajax_url

REST Endpoints

/wp-json/wpsocialstats/

FAQ