WP-Safety

Autopost for X (formerly Autoshare for Twitter) Security & Risk Analysis

wordpress.org/plugins/autoshare-for-twitter

Automatically shares the post title or custom message and a link to the post to X/Twitter.

6K active installs v2.3.3 PHP 7.4+ WP 6.8+ Updated Feb 2, 2026
possesharesocial-mediatweettwitter
97
A · Safe
CVEs total2
Unpatched0
Last CVEJan 23, 2023
Download
Safety Verdict

Is Autopost for X (formerly Autoshare for Twitter) Safe to Use in 2026?

Generally Safe

Score 97/100

Autopost for X (formerly Autoshare for Twitter) has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 23, 2023Updated 2mo ago
Risk Assessment

The autoshare-for-twitter v2.3.3 plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and excellent output escaping, significant concerns arise from its attack surface and historical vulnerability data. The presence of a single AJAX handler without any authentication checks presents a direct and accessible entry point for potential exploitation. Although taint analysis shows no critical or high severity issues in the current version, the plugin has a history of serious vulnerabilities, including a past critical and high severity CVE. This pattern of past critical flaws, even if currently patched, suggests a recurring tendency towards complex security issues that could resurface or be reintroduced in future updates. The plugin's strengths lie in its robust handling of SQL and output, but the unauthenticated AJAX endpoint and historical vulnerability record necessitate caution.

Key Concerns

  • Unprotected AJAX handler present
  • History of 1 critical CVE (unpatched)
  • History of 1 high CVE (unpatched)
Vulnerabilities
2

Autopost for X (formerly Autoshare for Twitter) Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Critical
1
High
1

2 total CVEs

CVE-2022-38900high · 7.5Uncontrolled Resource Consumption

decode-uri-component <= 0.2.1 - Denial of Service

Jan 23, 2023 Patched in 1.3.0 (365d)
CVE-2022-25912critical · 9.8Improper Control of Generation of Code ('Code Injection')

simple-git < 3.15.0 - Remote Code Execution

Dec 5, 2022 Patched in 1.3.0 (414d)
Code Analysis
Analyzed Mar 16, 2026

Autopost for X (formerly Autoshare for Twitter) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
156 escaped
Nonce Checks
5
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

98% escaped159 total outputs
Attack Surface
1 unprotected

Autopost for X (formerly Autoshare for Twitter) Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_tenup_autoshare_retweetincludes\admin\post-transition.php:31
WordPress Hooks 30
actionadmin_noticesautoshare-for-twitter.php:51
actionadmin_enqueue_scriptsincludes\admin\assets.php:38
actionadmin_enqueue_scriptsincludes\admin\assets.php:39
actionadmin_enqueue_scriptsincludes\admin\assets.php:40
actionenqueue_block_editor_assetsincludes\admin\assets.php:41
actionadd_meta_boxesincludes\admin\post-meta.php:57
actionsave_postincludes\admin\post-meta.php:58
actionautoshare_for_twitter_setupincludes\admin\post-meta.php:617
actiontransition_post_statusincludes\admin\post-transition.php:30
actionautoshare_for_twitter_setupincludes\admin\post-transition.php:341
actionadmin_menuincludes\admin\settings.php:22
actionadmin_initincludes\admin\settings.php:23
actionautoshare_for_twitter_setupincludes\admin\settings.php:478
actioninitincludes\class-ast-staging.php:23
actionadmin_initincludes\class-ast-staging.php:24
actionadmin_noticesincludes\class-ast-staging.php:25
actionadmin_noticesincludes\class-twitter-accounts.php:45
actionadmin_post_autoshare_twitter_authorize_actionincludes\class-twitter-accounts.php:46
actionadmin_post_autoshare_twitter_disconnect_actionincludes\class-twitter-accounts.php:47
actionadmin_post_authoshare_authorize_callbackincludes\class-twitter-accounts.php:48
actioninitincludes\core.php:49
filterautoshare_for_twitter_enabled_defaultincludes\core.php:50
filterautoshare_for_twitter_attached_imageincludes\core.php:51
actionadmin_initincludes\core.php:52
actionadmin_noticesincludes\core.php:53
actionautoshare_for_twitter_after_status_updateincludes\core.php:54
actionwp_dashboard_setupincludes\core.php:55
actionautoshare_for_twitter_loadedincludes\core.php:63
actionrest_api_initincludes\rest.php:50
actionrest_api_initincludes\rest.php:51
Maintenance & Trust

Autopost for X (formerly Autoshare for Twitter) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version7.4
Downloads49K

Community Trust

Rating100/100
Number of ratings6
Active installs6K
Alternatives

Autopost for X (formerly Autoshare for Twitter) Alternatives

Content Resharer

Content Resharer

wpsite-content-resharer

A
85

This plugin allows site owners to automatically schedule and reshare their content on Twitter and increase social traffic without lifting a finger.

10 No CVEs
Social Snap — Social Share Buttons & Click to Tweet

Social Snap — Social Share Buttons & Click to Tweet

socialsnap

A
99

Social sharing plugin with share buttons for Facebook, X (Twitter), LinkedIn and more. Includes Click to Tweet feature.

10K 2 CVEs
Click To Tweet Block

Click To Tweet Block

click-to-tweeet-block

A
85

Gutenberg block to add a quote for visitors to tweet via Twitter.

100 No CVEs
Easy Pull Quotes

Easy Pull Quotes

easy-pull-quotes

A
85

Easily add tweetable pull quotes to your posts.

100 No CVEs
MP Share Center

MP Share Center

mp-share-center

A
85

The MP Share Center allows you to easily add share buttons to your posts and pages.

50 No CVEs
Developer Profile

Autopost for X (formerly Autoshare for Twitter) Developer Profile

10up

23 plugins · 1.4M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
546 days
View full developer profile
Detection Fingerprints

How We Detect Autopost for X (formerly Autoshare for Twitter)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/autoshare-for-twitter/assets/css/admin-autoshare-for-twitter.css/wp-content/plugins/autoshare-for-twitter/assets/js/admin-autoshare-for-twitter.js/wp-content/plugins/autoshare-for-twitter/assets/css/admin-autoshare-for-twitter-settings.css/wp-content/plugins/autoshare-for-twitter/assets/js/admin-autoshare-for-twitter-settings.js/wp-content/plugins/autoshare-for-twitter/assets/js/admin-autoshare-for-twitter-classic-editor.js/wp-content/plugins/autoshare-for-twitter/dist/autoshare-for-twitter.js
Script Paths
/wp-content/plugins/autoshare-for-twitter/assets/js/admin-autoshare-for-twitter.js/wp-content/plugins/autoshare-for-twitter/assets/js/admin-autoshare-for-twitter-settings.js/wp-content/plugins/autoshare-for-twitter/assets/js/admin-autoshare-for-twitter-classic-editor.js/wp-content/plugins/autoshare-for-twitter/dist/autoshare-for-twitter.js
Version Parameters
autoshare-for-twitter/assets/css/admin-autoshare-for-twitter.css?ver=autoshare-for-twitter/assets/js/admin-autoshare-for-twitter.js?ver=autoshare-for-twitter/assets/css/admin-autoshare-for-twitter-settings.css?ver=autoshare-for-twitter/assets/js/admin-autoshare-for-twitter-settings.js?ver=autoshare-for-twitter/assets/js/admin-autoshare-for-twitter-classic-editor.js?ver=autoshare-for-twitter/dist/autoshare-for-twitter.js?ver=

HTML / DOM Fingerprints

CSS Classes
autoshare-for-twitter-editor-section
Data Attributes
data-post-autoshare-enabled
JS Globals
autoshareForTwitter
REST Endpoints
/wp-json/autoshare-for-twitter/v1/settings/wp-json/autoshare-for-twitter/v1/post-meta/wp-json/autoshare-for-twitter/v1/accounts
FAQ

Frequently Asked Questions about Autopost for X (formerly Autoshare for Twitter)