Does BTCNew have any unpatched vulnerabilities?

No. All known vulnerabilities in BTCNew have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BTCNew compatible with WordPress 3.1.4?

According to WordPress.org data, BTCNew 0.0.5 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is BTCNew updated?

BTCNew was last updated on Mar 16, 2011. Frequent updates are generally a positive security signal.

What is BTCNew's security score?

BTCNew has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BTCNew Security & Risk Analysis

wordpress.org/plugins/btcnew

The BTCNew Wordpress plugin lets you show related conversations (from Twitter, Digg, FriendFeed & more) inline with your own comments.

10 active installs v0.0.5 PHP + WP 2.7+ Updated Mar 16, 2011

backtypecommentsfriendfeedtweetstwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BTCNew Safe to Use in 2026?

Generally Safe

Score 85/100

BTCNew has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The btcnew plugin version 0.0.5 demonstrates a mixed security posture. On the positive side, it utilizes prepared statements for all SQL queries, indicating good practice in preventing SQL injection. There are no known CVEs or recorded past vulnerabilities, which is encouraging. However, the code analysis reveals significant concerns regarding output escaping, with 0% of outputs being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if any user-controlled data is rendered directly in the browser. Furthermore, the plugin lacks nonce checks, which is a critical omission for any plugin handling user input or performing actions that should be protected against CSRF attacks. The presence of cron events without clearly defined authorization checks also presents a potential risk, as these could be triggered maliciously.

Key Concerns

0% output escaping
0 nonce checks
Cron events without auth checks (potential)

Vulnerabilities

None known

BTCNew Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BTCNew Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

BTCNew Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared30 total queries

Output Escaping

0% escaped5 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

btcnew_settings_submenu (admin.php:27)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BTCNew Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionadmin_menuadmin.php:5

actionadmin_noticesbtcnew.php:89

actionbtcnew_connectbtcnew.php:90

actioncomment_postbtcnew.php:91

actionwp_set_comment_statusbtcnew.php:92

actiondelete_commentbtcnew.php:93

filtercomments_arraybtcnew.php:95

filterget_comments_numberbtcnew.php:96

filterget_avatarbtcnew.php:97

filtercomment_classbtcnew.php:98

filtercomment_feed_wherebtcnew.php:99

filtercomments_templatebtcnew.php:101

filtercomment_reply_linkbtcnew.php:102

Scheduled Events 12

btcnew_connect

Maintenance & Trust

BTCNew Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedMar 16, 2011

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BTCNew Alternatives

Customize Feeds for Twitter

twitter-tweets

100

Customize Feeds for Twitter plugin for WordPress. You can use this to display real time Twitter feeds on any where on your website by using shortcode …

4K No CVEs

Slim Jetpack

slimjetpack

Slim version of Jetpack unlinked from WordPress.com :) Supercharge your self-hosted wp site even you're NOT WP.COM users.

2K No CVEs

Display Tweets

display-tweets-php

Display Tweets is an easy to use, future proof Twitter feed plugin that uses PHP to make requests to the v1.1 Twitter REST API.

1K No CVEs

Peadig's Twitter Feed: Embedded Timeline WordPress Plugin

wp-twitter-feed

A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!

600 1 unpatched

Twiget Twitter Widget

twiget

A widget to display the latest Twitter status updates.

500 No CVEs

Developer Profile

BTCNew Developer Profile

mcalamelli

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BTCNew

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/btcnew/css/btcnew.css/wp-content/plugins/btcnew/js/btcnew.js

Script Paths

/wp-content/plugins/btcnew/js/btcnew.js

Version Parameters

btcnew/css/btcnew.css?ver=btcnew/js/btcnew.js?ver=

HTML / DOM Fingerprints

CSS Classes

btcnew-comments

FAQ