WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Ultimate Social Media Icons safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Ultimate Social Media Icons WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: ultimate-social-media-icons
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 1.1.1.12 [WordPress Social Media & Share Icons Plugin <= 1.1.1.11 - XSS]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.2.0 [Social Media &amp; Share Icons &lt;= 2.1.7 - Multiple Issues]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 1.1.1.12 [Social Media &amp; Share Icons &lt;= 1.1.1.11 - Authenticated Stored Cross-Site Scripting (XSS)]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.1.9 [Social Media Share Buttons & Social Sharing Icons <= 2.1.7 - Reflected Cross-Site Scripting]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 1.5.2 [Social Media Share Buttons & Social Sharing Icons <= 1.5.1 - Arbitrary Options Deletion]
+ 15 more known vulnerabilities
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 1.2.2 [Social Media Share Buttons & Social Sharing Icons <= 1.2.1 - Unspecified Vulnerabilities]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 1.1.1.12 [Social Media Share Buttons & Social Sharing Icons < 1.1.1.12 - Authenticated Stored Cross-Site Scripting]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.2 [CVE-2023-34009, WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Broken Access Control, Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.2 [CVE-2023-1166, WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS), Social Media Share Buttons & Social Sharing Icons <= 2.8.1 - Authenticated(Administrator+) Stored Cross-Site Scripting, Social Media Share Buttons &amp; Social Sharing Icons &lt; 2.8.2 - Admin+ Stored XSS]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.2 [CVE-2023-0958, Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function, WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Broken Access Control]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.2 [CVE-2023-3977, Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function, WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF), Multiple Plugins from Inisev - Plugin Installation via CSRF]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 1.1.1.12 [WordPress Social Media & Share Icons Plugin <= 1.1.1.11 is vulnerable to Cross Site Scripting (XSS)]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.2 [CVE-2023-38514, Multiple Plugins from Inisev - Subscriber+ Plugin Installation]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.4 [CVE-2023-41238, Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting, WordPress Social Media & Share Icons Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS), Social Media &amp; Share Icons &lt; 2.8.4 - Reflected XSS]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.6 [CVE-2023-5070, Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure, WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure, Social Media Share Buttons &amp; Social Sharing Icons &lt; 2.8.6 - Subscriber+ Sensitive Information Exposure]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.6 [CVE-2023-5602, Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Cross-Site Request Forgery, WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Cross Site Request Forgery (CSRF), Social Media Share Buttons &amp; Social Sharing Icons &lt; 2.8.6 - Arbitrary Settings Update via CSRF]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.9 [CVE-2024-2118, WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS), Social Media Share Buttons <= 2.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting, Social Media Share Buttons &lt; 2.8.9 - Admin+ Stored XSS via settings]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.8.7 [CVE-2024-31435, WordPress Social Media & Share Icons Plugin <= 2.8.6 is vulnerable to Broken Access Control]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.9.2 [CVE-2024-37552, WordPress Social Media & Share Icons Plugin <= 2.9.1 is vulnerable to Cross Site Scripting (XSS), Social Media & Share Icons <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting]
  • Social Media Share Buttons &amp; Social Sharing Icons [ultimate-social-media-icons] < 2.9.1 [CVE-2024-10362, WordPress Social Media & Share Icons Plugin < 2.9.0 is vulnerable to Cross Site Scripting (XSS), EUVD-2025-15365, Social Media Share Buttons & Social Sharing Icons <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.