WP-Safety

Better Click To Share – Shareable Quote Boxes for X (Twitter) Security & Risk Analysis

wordpress.org/plugins/better-click-to-tweet

Get more shares on social: add one-click shareable quote boxes to any post so readers can share your best lines on Social Media in one click.

7K active installs v6.0.0 PHP + WP 3.8+ Updated Apr 3, 2026
click-to-tweetshare-on-xshareable-quotesocial-sharex-com
98
A · Safe
CVEs total3
Unpatched0
Last CVENov 28, 2022
Plugin page Download
Safety Verdict

Is Better Click To Share – Shareable Quote Boxes for X (Twitter) Safe to Use in 2026?

Generally Safe

Score 98/100

Better Click To Share – Shareable Quote Boxes for X (Twitter) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Nov 28, 2022Updated 1mo ago
Risk Assessment

The 'better-click-to-tweet' plugin version 6.0.0 presents a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization, the presence of an unprotected REST API endpoint is a significant concern, increasing the potential attack surface. The 78% proper output escaping indicates a need for further review, as the remaining 22% could still be a vector for cross-site scripting vulnerabilities, especially when considering past vulnerabilities. The vulnerability history, including a high-severity Cross-Site Request Forgery (CSRF) and Improper Neutralization of Input During Web Page Generation (XSS) issues, suggests a pattern of past security weaknesses that require ongoing vigilance.

Despite the lack of currently unpatched CVEs and a generally low count of critical or high-severity taint flows, the unprotected REST API endpoint is a glaring weakness. The vulnerability history, particularly the types of past vulnerabilities, reinforces the need for thorough input validation and output escaping. While the plugin has strengths in its SQL handling and a reasonable number of capability checks, the identified entry points and historical data necessitate a cautious approach and ongoing monitoring.

Key Concerns

  • Unprotected REST API route
  • Output escaping is not 100% proper
  • Vulnerability history includes high severity issues
  • Flows with unsanitized paths found
Vulnerabilities
3 published

Better Click To Share – Shareable Quote Boxes for X (Twitter) Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweethigh · 8.8Cross-Site Request Forgery (CSRF)

Better Click To Tweet <= 5.10.3 - Cross-Site Request Forgery

Nov 28, 2022 Patched in 5.10.4 (421d)
CVE-2022-45839medium · 6.5Missing Authorization

Better Click To Tweet <= 5.10.3 - Missing Authorization

Nov 28, 2022 Patched in 5.10.4 (421d)
WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweetmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Better Click To Tweet <= 5.10.1 - Reflected Cross-Site Scripting

Apr 27, 2022 Patched in 5.10.2 (636d)
Version History

Better Click To Share – Shareable Quote Boxes for X (Twitter) Release Timeline

v6.0.0Current
v5.15.1
v5.15.0
v5.14.0
v5.13.0
v5.12.0
v5.11.1
v5.11.0
v5.10.4
v5.10.32 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet CVE-2022-45839
v5.10.22 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet CVE-2022-45839
v5.10.13 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.10.03 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.9.53 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.9.43 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.9.33 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.9.23 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.9.13 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.9.03 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
v5.8.23 CVEs
WF-04bdc2ef-a7aa-45a7-b600-be832eefa32e-better-click-to-tweet WF-a4c21c56-c424-4667-a281-fa9e7241d8ad-better-click-to-tweet CVE-2022-45839
Code Analysis
Analyzed Mar 16, 2026

Better Click To Share – Shareable Quote Boxes for X (Twitter) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
35
122 escaped
Nonce Checks
2
Capability Checks
13
File Operations
0
External Requests
5
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

78% escaped157 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
welcome_page (bctt-welcome.php:32)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Better Click To Share – Shareable Quote Boxes for X (Twitter) Attack Surface

Entry Points2
Unprotected1

REST API Routes 1

GET/wp-json/bctt/v1/connector-agreementbetter-click-to-tweet.php:88

Shortcodes 1

[bctt] better-click-to-tweet.php:42
WordPress Hooks 26
actionadmin_noticesadmin-nags.php:101
actioncurrent_screenadmin-nags.php:122
filtertiny_mce_versionbctt-admin.php:5
actionadmin_menubctt-admin.php:26
actionadmin_initbctt-admin.php:30
actionplugins_loadedbctt-i18n.php:3
actionadmin_initbctt-welcome-functions.php:104
actionadmin_menubctt-welcome.php:22
actionadmin_initbctt-welcome.php:23
actionadmin_enqueue_scriptsbctt-welcome.php:24
actioninitbetter-click-to-tweet.php:27
actionrest_api_initbetter-click-to-tweet.php:125
actionwp_enqueue_scriptsbetter-click-to-tweet.php:345
actionbctt_settings_topincludes\admin-clarifier.php:6
actionwp_abilities_api_categories_initincludes\class-bctt-abilities.php:42
actionwp_abilities_api_initincludes\class-bctt-abilities.php:197
actionadmin_initincludes\updater\bctt-updater.php:160
actionadmin_initincludes\updater\bctt-updater.php:161
actionadmin_initincludes\updater\bctt-updater.php:162
actionadmin_initincludes\updater\bctt-updater.php:353
filterpre_set_site_transient_update_pluginsincludes\updater\BCTT_SL_Plugin_Updater.php:73
filterplugins_apiincludes\updater\BCTT_SL_Plugin_Updater.php:74
actionadmin_initincludes\updater\BCTT_SL_Plugin_Updater.php:77
filterpre_set_site_transient_update_pluginsincludes\updater\BCTT_SL_Plugin_Updater.php:214
actionadmin_menuincludes\updater\license-page.php:22
actionadmin_initincludes\updater\license-page.php:138
Maintenance & Trust

Better Click To Share – Shareable Quote Boxes for X (Twitter) Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 3, 2026
PHP min version
Downloads655K

Community Trust

Rating96/100
Number of ratings48
Active installs7K
Alternatives

Better Click To Share – Shareable Quote Boxes for X (Twitter) Alternatives

Social Snap — Social Share Buttons & Click to Tweet

Social Snap — Social Share Buttons & Click to Tweet

socialsnap

A
99

Social sharing plugin with share buttons for Facebook, X (Twitter), LinkedIn and more. Includes Click to Tweet feature.

10K 2 CVEs
Social Sharing Plugin – Sassy Social Share

Social Sharing Plugin – Sassy Social Share

sassy-social-share

A
94

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs
Wp Social Login and Register Social Counter

Wp Social Login and Register Social Counter

wp-social

A
89

Wp social lets you add social login, social counter, and social share buttons of different styles to your WordPress website.

80K 5 CVEs
Comments – wpDiscuz

Comments – wpDiscuz

wpdiscuz

B
75

AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!

80K 24 CVEs
Ocean Social Sharing

Ocean Social Sharing

ocean-social-sharing

A
99

Website: https://oceanwp.org/ Support: https://oceanwp.org/support/ Documentation: https://docs.oceanwp.org/ Extensions: https://oceanwp.

70K 1 CVE
Developer Profile

Better Click To Share – Shareable Quote Boxes for X (Twitter) Developer Profile

Ben Meredith

3 plugins · 11K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
493 days
View full developer profile
Detection Fingerprints

How We Detect Better Click To Share – Shareable Quote Boxes for X (Twitter)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/better-click-to-tweet/assets/css/bctt-frontend.css/wp-content/plugins/better-click-to-tweet/assets/js/bctt-frontend.js
Script Paths
/wp-content/plugins/better-click-to-tweet/assets/js/bctt-frontend.js
Version Parameters
better-click-to-tweet/assets/css/bctt-frontend.css?ver=better-click-to-tweet/assets/js/bctt-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
bctt-click-to-tweetbctt-ctt-textbctt-ctt-btn
Data Attributes
data-bctt-tweetdata-bctt-viadata-bctt-usernamedata-bctt-urldata-bctt-prompt
JS Globals
bctt_optionsbctt_frontend
REST Endpoints
/bctt/v1/connector-agreement
Shortcode Output
<aclass="twitter-share-button"href="https://twitter.com/intent/tweet?url=text=
FAQ

Frequently Asked Questions about Better Click To Share – Shareable Quote Boxes for X (Twitter)