Does Broadcast Companion (Twitch) have any unpatched vulnerabilities?

No. All known vulnerabilities in Broadcast Companion (Twitch) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Broadcast Companion (Twitch) compatible with WordPress 6.2.9?

According to WordPress.org data, Broadcast Companion (Twitch) 3.0.6 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Broadcast Companion (Twitch) compatible with PHP 5.2.4+?

Broadcast Companion (Twitch) requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Broadcast Companion (Twitch) updated?

Broadcast Companion (Twitch) was last updated on Jul 15, 2023. Frequent updates are generally a positive security signal.

What is Broadcast Companion (Twitch)'s security score?

Broadcast Companion (Twitch) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Broadcast Companion (Twitch) Security & Risk Analysis

wordpress.org/plugins/broadcast-companion

This plugin is for use with the Broadcast Lite theme and provides the Twitch, YouTube and Kick integration.

100 active installs v3.0.6 PHP 5.2.4+ WP 5.0+ Updated Jul 15, 2023

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Broadcast Companion (Twitch) Safe to Use in 2026?

Generally Safe

Score 85/100

Broadcast Companion (Twitch) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The broadcast-companion plugin v3.0.6 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerabilities. The absence of file operations and bundled libraries also reduces the attack surface from common exploit vectors. However, significant concerns arise from the static analysis. The presence of one unprotected AJAX handler is a critical security flaw, as it represents a direct entry point for unauthenticated attackers. While the output escaping is relatively good at 72%, the remaining 28% unescaped outputs could still lead to cross-site scripting (XSS) vulnerabilities depending on the nature of the data. The lack of nonce and capability checks on the identified AJAX handler further exacerbates this risk. The plugin's clean vulnerability history is a positive indicator of past development diligence, but it does not mitigate the immediate risks identified in the current code. In conclusion, while the plugin benefits from robust SQL handling and a clean vulnerability record, the unprotected AJAX endpoint is a severe oversight that requires immediate attention.

Key Concerns

Unprotected AJAX handler
Unescaped output detected (28%)
Missing nonce check on AJAX
Missing capability check on AJAX

Vulnerabilities

None known

Broadcast Companion (Twitch) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Broadcast Companion (Twitch) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

72% escaped50 total outputs

Attack Surface

1 unprotected

Broadcast Companion (Twitch) Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_bc_twitch_display_dismissible_admin_noticebc-companion-notice.php:26

WordPress Hooks 7

actionadmin_noticesbc-companion-notice.php:18

actionadmin_menubc-companion.php:14

actionadmin_enqueue_scriptsbc-companion.php:29

actionwp_enqueue_scriptsbc-companion.php:40

actionadmin_initbc-companion.php:143

actioninitbc-twitch-api.php:99

actionbc_cronbc-twitch-api.php:100

Scheduled Events 1

bc_cron

Maintenance & Trust

Broadcast Companion (Twitch) Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJul 15, 2023

PHP min version5.2.4

Downloads10K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Broadcast Companion (Twitch) Alternatives

No alternatives data available yet.

Developer Profile

Broadcast Companion (Twitch) Developer Profile

JayBee

7 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

570 days

View full developer profile

Detection Fingerprints

How We Detect Broadcast Companion (Twitch)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/broadcast-companion/bc-companion-admin.css/wp-content/plugins/broadcast-companion/bc-companion-admin.js/wp-content/plugins/broadcast-companion/bc-companion-main.js/wp-content/plugins/broadcast-companion/bc-companion-youtube.js/wp-content/plugins/broadcast-companion/bc-companion-kick.js

Script Paths

https://embed.twitch.tv/embed/v1.js

Version Parameters

broadcast-companion-admin-js?ver=3.0.6broadcast-companion-admin-css?ver=3.0.6bc-companion-main.js?ver=3.0.5bc-companion-youtube.js?ver=3.0.5bc-companion-kick.js?ver=3.0.5

HTML / DOM Fingerprints

HTML Comments

<!-- The second argument ($option_name) is the option name. It’s the one we use with functions like get_option() and update_option() -->

+4 more

Data Attributes

data-streamweasels-bc-channeldata-streamweasels-bc-settings

JS Globals

bcTwitchUsernamebcTwitchIdbcTwitchEmbedbcTwitchEmbedChatbcVideoSettingsbcClipPeriod+7 more

FAQ