Does StreamWeasels Kick Integration have any unpatched vulnerabilities?

No. All known vulnerabilities in StreamWeasels Kick Integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is StreamWeasels Kick Integration compatible with WordPress 6.8.5?

According to WordPress.org data, StreamWeasels Kick Integration 1.1.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is StreamWeasels Kick Integration compatible with PHP 7.0+?

StreamWeasels Kick Integration requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is StreamWeasels Kick Integration updated?

StreamWeasels Kick Integration was last updated on Sep 3, 2025. Frequent updates are generally a positive security signal.

What is StreamWeasels Kick Integration's security score?

StreamWeasels Kick Integration has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

StreamWeasels Kick Integration Security & Risk Analysis

wordpress.org/plugins/streamweasels-kick-integration

StreamWeasels Kick Integration for embedding live streams from Kick

90 active installs v1.1.6 PHP 7.0+ WP 5.0+ Updated Sep 3, 2025

kickkick-apikick-embedkick-streamskick-com

A · Safe

CVEs total4

Unpatched0

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is StreamWeasels Kick Integration Safe to Use in 2026?

Generally Safe

Score 96/100

StreamWeasels Kick Integration has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 5, 2025Updated 7mo ago

Risk Assessment

The "streamweasels-kick-integration" plugin exhibits a mixed security posture. While it demonstrates good practices such as 100% use of prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns arise from its unprotected entry points and lack of comprehensive security checks. The presence of unprotected AJAX handlers and REST API routes creates direct avenues for potential exploitation by unauthenticated users.

Although the static analysis did not reveal critical or high-severity taint flows, the absence of nonce checks on AJAX handlers is a notable weakness, making it susceptible to Cross-Site Request Forgery (CSRF) attacks. The vulnerability history, while showing no currently unpatched vulnerabilities, indicates a past pattern of medium-severity Cross-Site Scripting (XSS) issues. This suggests that while the developers have addressed past vulnerabilities, the underlying coding practices may still leave room for such flaws.

Overall, the plugin has strengths in its database interaction and output handling. However, the unprotected entry points and the historical prevalence of XSS vulnerabilities, coupled with the lack of nonce checks, represent significant security risks that require attention.

Key Concerns

2 AJAX handlers without auth checks
1 REST API route without permission callbacks
No nonce checks
Bundled Freemius v1.0
Past medium severity XSS vulnerabilities

Vulnerabilities

StreamWeasels Kick Integration Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-9442medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels Kick Integration <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter

Sep 5, 2025 Patched in 1.1.6 (1d)

CVE-2025-7810medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 28, 2025 Patched in 1.1.5 (1d)

CVE-2025-5589medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter

Jun 13, 2025 Patched in 1.1.4 (1d)

CVE-2024-10184medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

Oct 28, 2024 Patched in 1.1.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

StreamWeasels Kick Integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

272 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

80% escaped342 total outputs

Attack Surface

3 unprotected

StreamWeasels Kick Integration Attack Surface

Entry Points7

Unprotected3

AJAX Handlers 2

authwp_ajax_swki_admin_notice_dismissincludes\class-streamweasels-kick-integration.php:181

authwp_ajax_swki_admin_notice_dismiss_for_goodincludes\class-streamweasels-kick-integration.php:182

REST API Routes 1

GET/wp-json/streamweasels-kick/v1/data/admin\class-streamweasels-kick-integration-admin.php:36

Shortcodes 4

[streamweasels-kick] public\class-streamweasels-kick-integration-public.php:34

[sw-kick] public\class-streamweasels-kick-integration-public.php:35

[sw-kick-integration] public\class-streamweasels-kick-integration-public.php:36

[sw-kick-embed] public\class-streamweasels-kick-integration-public.php:37

WordPress Hooks 18

actionplugins_loadedincludes\class-streamweasels-kick-integration.php:152

actionadmin_noticesincludes\class-streamweasels-kick-integration.php:171

actionadmin_enqueue_scriptsincludes\class-streamweasels-kick-integration.php:172

actionadmin_enqueue_scriptsincludes\class-streamweasels-kick-integration.php:173

actioninitincludes\class-streamweasels-kick-integration.php:174

actionadmin_menuincludes\class-streamweasels-kick-integration.php:175

actionadmin_menuincludes\class-streamweasels-kick-integration.php:176

actionadmin_menuincludes\class-streamweasels-kick-integration.php:177

actionadmin_menuincludes\class-streamweasels-kick-integration.php:178

actionrest_api_initincludes\class-streamweasels-kick-integration.php:179

filterblock_categories_allincludes\class-streamweasels-kick-integration.php:180

actionadmin_menuincludes\class-streamweasels-kick-integration.php:186

filterswki_twitch_layout_optionsincludes\class-streamweasels-kick-integration.php:187

actionwp_enqueue_scriptsincludes\class-streamweasels-kick-integration.php:203

actionwp_enqueue_scriptsincludes\class-streamweasels-kick-integration.php:204

actioninitincludes\class-streamweasels-kick-integration.php:205

actionwp_footerincludes\class-streamweasels-kick-integration.php:206

filterpricing/show_annual_in_monthlystreamweasels-kick-integration.php:59

Maintenance & Trust

StreamWeasels Kick Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 3, 2025

PHP min version7.0

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs90

Alternatives

StreamWeasels Kick Integration Alternatives

WP Crowdfunding

wp-crowdfunding

WP Crowdfunding is a WordPress plugin for fundraising/backer sites. This WooCommerce based plugin lets you launch a site like Kickstarter easily.

3K 13 CVEs

Songkick Concerts and Festivals

songkick-concerts-and-festivals

This plugin lets you display events for a Songkick user, artist, venue, or metro area on your WordPress blog, as a widget or shortcode.

500 1 CVE

StreamWeasels Online Status Bar

stream-status-for-twitch

Display your Twitch, YouTube, or Kick live online status directly in a sticky bar at the top of your site.

500 1 CVE

Show your artists tour dates from Songkick

cvw-songkick-widget

Add your Songkick artists tour dates list in any place of your website.

100 No CVEs

Kickstarter Tracker Widget

kickstarter-tracker-widget

100

A widget that displays Kickstarter project status

20 No CVEs

Developer Profile

StreamWeasels Kick Integration Developer Profile

StreamWeasels

4 plugins · 2K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

2 days

View full developer profile

Detection Fingerprints

How We Detect StreamWeasels Kick Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/streamweasels-kick-integration/build/kick-integration/block.json/wp-content/plugins/streamweasels-kick-integration/build/kick-embed/block.json/wp-content/plugins/streamweasels-kick-integration/freemius/start.php/wp-content/plugins/streamweasels-kick-integration/includes/class-streamweasels-kick-integration-activator.php/wp-content/plugins/streamweasels-kick-integration/includes/class-streamweasels-kick-integration-deactivator.php/wp-content/plugins/streamweasels-kick-integration/includes/class-streamweasels-kick-integration.php/wp-content/plugins/streamweasels-kick-integration/streamweasels-kick-integration.php

HTML / DOM Fingerprints

CSS Classes

wp-block-streamweasels-kick-integration-kick-integrationwp-block-streamweasels-kick-integration-kick-embed

Data Attributes

data-block="streamweasels/kick-integration"data-block="streamweasels/kick-embed"

JS Globals

window.ski_fs

REST Endpoints

/wp-json/streamweasels-kick/v1/data/

Shortcode Output

[sw-kick-integration[sw-kick-embed

FAQ