Post Tweets Security & Risk Analysis
wordpress.org/plugins/post-tweetsThis plugin allows wordpress authors to post their tweets from post and pages.
Is Post Tweets Safe to Use in 2026?
Generally Safe
Score 85/100Post Tweets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "post-tweets" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no apparent entry points identified during static analysis. Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and reporting no known vulnerabilities or CVEs in its history. This suggests a conscientious effort to avoid common pitfalls.
However, significant concerns arise from the code signals. The complete lack of output escaping for all identified output points is a critical weakness, potentially leading to cross-site scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on any potential (though not identified as entry points) functionalities is also a serious oversight, as it leaves the plugin vulnerable to CSRF and unauthorized actions if an attack surface is later discovered or if the current analysis missed certain indirect entry points. The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful review in conjunction with the lack of proper sanitization and authentication checks.
Given the current analysis, the plugin's strengths lie in its lack of known vulnerabilities and its adherence to prepared statements for SQL. However, the severe deficiency in output escaping and the absence of nonce/capability checks present substantial risks. Without these fundamental security controls in place, the plugin remains vulnerable to common web attacks, particularly XSS, which can have severe consequences for a WordPress site.
Key Concerns
- All output is unescaped
- No nonce checks found
- No capability checks found
- File operations present without other checks
- External HTTP requests present without other checks
Post Tweets Security Vulnerabilities
Post Tweets Code Analysis
Output Escaping
Post Tweets Attack Surface
WordPress Hooks 4
Maintenance & Trust
Post Tweets Maintenance & Trust
Maintenance Signals
Community Trust
Post Tweets Alternatives
YAHMAN Add-ons
yahman-add-ons
YAHMAN Add-ons has Multiple functions.
Import Tweets as Posts
import-tweets-as-posts
"Import Tweets as Posts" plugin allows to easily import tweets from user's timeline or search query. It has also flexibility to import …
Horizontal Slider for your tweets
horizontal-slider-for-your-tweets
Custom Slider for Twitter feeds using twitter api 1.1, one at a time horizontal in a bubble using shortcode "tphs-slider".
Plot My Posts and Tweets
plot-my-tweets-and-posts
Plot your blog posts and/or tweets on a Google Map in date order with a path tracing your route.
Tweets As Posts
tweets-as-posts
Tweets As Posts imports all tweets tagged with specified hashtags from twitter accounts into WordPress as posts.
Post Tweets Developer Profile
4 plugins · 120 total installs
How We Detect Post Tweets
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-tweets/js/word_count.js/wp-content/plugins/post-tweets/style/tweet_style.css/wp-content/plugins/post-tweets/js/word_count.jspost-tweets/js/word_count.js?ver=post-tweets/style/tweet_style.css?ver=HTML / DOM Fingerprints
name="tweet_check"value="tweet_yes"value="tweet_no"