Does BNS Twitter Follow Button have any unpatched vulnerabilities?

Yes — BNS Twitter Follow Button currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is BNS Twitter Follow Button compatible with WordPress 4.5.33?

According to WordPress.org data, BNS Twitter Follow Button 0.3.8 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is BNS Twitter Follow Button updated?

BNS Twitter Follow Button was last updated on Apr 10, 2016. Frequent updates are generally a positive security signal.

What is BNS Twitter Follow Button's security score?

BNS Twitter Follow Button has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BNS Twitter Follow Button Security & Risk Analysis

wordpress.org/plugins/bns-twitter-follow-button

Displays a Twitter Follow Button; and, includes shortcode functionality.

10 active installs v0.3.8 PHP + WP 3.6+ Updated Apr 10, 2016

shortcodesocialtwitterwidget

C · Use Caution

CVEs total1

Unpatched1

Last CVEMay 12, 2025

Plugin page Download

Safety Verdict

Is BNS Twitter Follow Button Safe to Use in 2026?

Use With Caution

Score 63/100

BNS Twitter Follow Button has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 12, 2025Updated 9yr ago

Risk Assessment

The "bns-twitter-follow-button" plugin exhibits a mixed security posture. While it demonstrates good practices by not making external HTTP requests and using prepared statements for all SQL queries, it has significant security concerns. The lack of any output escaping on 39 identified outputs is a critical vulnerability, creating a high risk of Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks on all entry points means that any of its functionalities could be exploited without proper authentication or authorization. The plugin's vulnerability history is also a major red flag, with one unpatched medium severity CVE for XSS. This, combined with the static analysis findings, indicates a pattern of insecure coding practices, particularly concerning input handling and output sanitization. The sole shortcode presents a potential, albeit limited, attack surface that is not adequately protected.

Key Concerns

Unpatched CVE
No output escaping
No nonce checks
No capability checks

Vulnerabilities

BNS Twitter Follow Button Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-47578medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BNS Twitter Follow Button <= 0.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 12, 2025Unpatched

Code Analysis

Analyzed Mar 17, 2026

BNS Twitter Follow Button Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped39 total outputs

Attack Surface

BNS Twitter Follow Button Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[bns_tfbutton] bns-tfbutton.php:88

WordPress Hooks 1

actionwidgets_initbns-tfbutton.php:82

Maintenance & Trust

BNS Twitter Follow Button Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedApr 10, 2016

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BNS Twitter Follow Button Alternatives

Juiz Last Tweet Widget

juiz-last-tweet-widget

Add a widget to your sidebar to show your latest tweet(s) with style and without JavaScript! Retweet, Favorite and Reply links are available.

600 No CVEs

Metro Style Social Widget

metro-style-social-widget

Metro Style Social Network Widget

300 No CVEs

Social Media Badge Widget

social-media-badge-widget

This plugin creates a widget which easily displays the social badges from the leading social media websites in a clear an elegant way.

200 No CVEs

Social Icons Widget

social-icons-widget

A developer-friendly plugin that allows you to add a widget with links to various social media profiles.

100 No CVEs

Round Social Media Buttons

round-social-media-buttons

Provides a responsive social media widget that displays up to eight different social media websites.

90 No CVEs

Developer Profile

BNS Twitter Follow Button Developer Profile

tacticais

18 plugins · 2K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BNS Twitter Follow Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bns-twitter-follow-button/css/style.css/wp-content/plugins/bns-twitter-follow-button/js/widget.js

Script Paths

//platform.twitter.com/widgets.js

Version Parameters

/wp-content/plugins/bns-twitter-follow-button/css/style.css?ver=/wp-content/plugins/bns-twitter-follow-button/js/widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

bns-tfbuttontwitter-follow-button

Data Attributes

data-show-countdata-buttondata-text-colordata-link-colordata-widthdata-align+1 more

JS Globals

widgets

Shortcode Output

[bns_tfbutton]

FAQ