Does StreamWeasels Twitch Integration have any unpatched vulnerabilities?

No. All known vulnerabilities in StreamWeasels Twitch Integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is StreamWeasels Twitch Integration compatible with WordPress 6.7.5?

According to WordPress.org data, StreamWeasels Twitch Integration 1.9.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is StreamWeasels Twitch Integration updated?

StreamWeasels Twitch Integration was last updated on Jul 28, 2025. Frequent updates are generally a positive security signal.

What is StreamWeasels Twitch Integration's security score?

StreamWeasels Twitch Integration has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

StreamWeasels Twitch Integration Security & Risk Analysis

wordpress.org/plugins/streamweasels-twitch-integration

Embed Twitch streams with our collection of Twitch Blocks and Shortcodes. Works with Block Editor, Classic Editor, and Page Builders.

1K active installs v1.9.4 PHP + WP 5.0+ Updated Jul 28, 2025

twitchtwitch-apitwitch-blockstwitch-embedtwitch-streams

A · Safe

CVEs total4

Unpatched0

Last CVEJul 28, 2025

Plugin page Download

Safety Verdict

Is StreamWeasels Twitch Integration Safe to Use in 2026?

Generally Safe

Score 96/100

StreamWeasels Twitch Integration has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jul 28, 2025Updated 8mo ago

Risk Assessment

The "streamweasels-twitch-integration" plugin v1.9.4 presents a mixed security posture. While the code analysis shows strengths such as 100% of SQL queries using prepared statements and a high percentage of properly escaped output, there are significant concerns regarding its attack surface. Notably, 8 out of 13 identified entry points (AJAX handlers and REST API routes) lack proper authentication or permission checks, exposing them to potential unauthorized access and manipulation.

The vulnerability history reveals a past pattern of 4 medium severity vulnerabilities, specifically related to information exposure and cross-site scripting. Although there are no currently unpatched vulnerabilities, the existence of past issues, especially those involving input neutralization and sensitive data, warrants vigilance. The last reported vulnerability in July 2025 suggests the plugin has had recent security issues, reinforcing the need for careful review of current code.

Overall, the plugin demonstrates good practices in data handling with prepared statements and output escaping. However, the large number of unprotected entry points and the history of common web vulnerabilities indicate a risk of unauthorized access and potential exploitation. The presence of a bundled library (Freemius v1.0) is also a point to consider for its own potential vulnerabilities if not kept up-to-date.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Medium severity vulnerabilities in history
Bundled library (Freemius v1.0) may be outdated

Vulnerabilities

StreamWeasels Twitch Integration Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-7809medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 28, 2025 Patched in 1.9.4 (1d)

CVE-2024-9897medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode

Oct 18, 2024 Patched in 1.8.7 (1d)

CVE-2024-32716medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

StreamWeasels Twitch Integration <= 1.7.8 - Unauthenticated Sensitive Information Exposure

Apr 22, 2024 Patched in 1.8.0 (9d)

CVE-2024-29766medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 1.7.6 (8d)

Code Analysis

Analyzed Mar 16, 2026

StreamWeasels Twitch Integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

519 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

91% escaped571 total outputs

Attack Surface

8 unprotected

StreamWeasels Twitch Integration Attack Surface

Entry Points13

Unprotected8

AJAX Handlers 4

authwp_ajax_swti_admin_notice_dismissincludes\class-streamweasels.php:181

authwp_ajax_swti_admin_notice_dismiss_for_goodincludes\class-streamweasels.php:182

authwp_ajax_get_fresh_noncepublic\class-streamweasels-public.php:205

noprivwp_ajax_get_fresh_noncepublic\class-streamweasels-public.php:206

REST API Routes 5

GET/wp-json/streamweasels/v1/data/admin\class-streamweasels-admin.php:73

GET/wp-json/streamweasels/v1/fetch-streamsadmin\class-streamweasels-admin.php:81

GET/wp-json/streamweasels/v1/fetch-videoadmin\class-streamweasels-admin.php:87

GET/wp-json/streamweasels/v1/fetch-usersadmin\class-streamweasels-admin.php:93

GET/wp-json/streamweasels/v1/fetch-gamesadmin\class-streamweasels-admin.php:99

Shortcodes 4

[streamweasels] public\class-streamweasels-public.php:211

[sw-twitch] public\class-streamweasels-public.php:212

[sw-twitch-integration] public\class-streamweasels-public.php:213

[sw-twitch-embed] public\class-streamweasels-public.php:214

WordPress Hooks 24

actionswti_cronadmin\class-streamweasels-admin.php:205

actionplugins_loadedincludes\class-streamweasels.php:162

actionadmin_noticesincludes\class-streamweasels.php:174

actionadmin_menuincludes\class-streamweasels.php:175

actionadmin_enqueue_scriptsincludes\class-streamweasels.php:176

actionadmin_enqueue_scriptsincludes\class-streamweasels.php:177

actioninitincludes\class-streamweasels.php:178

actioninitincludes\class-streamweasels.php:179

actionrest_api_initincludes\class-streamweasels.php:180

filterblock_categories_allincludes\class-streamweasels.php:183

filterplugin_action_linksincludes\class-streamweasels.php:190

actionadmin_menuincludes\class-streamweasels.php:249

actionadmin_menuincludes\class-streamweasels.php:258

actionadmin_menuincludes\class-streamweasels.php:267

actionadmin_menuincludes\class-streamweasels.php:276

actionadmin_menuincludes\class-streamweasels.php:285

actionwp_enqueue_scriptsincludes\class-streamweasels.php:303

actionwp_enqueue_scriptsincludes\class-streamweasels.php:304

actioninitincludes\class-streamweasels.php:305

actioninitincludes\class-streamweasels.php:306

actionwp_footerincludes\class-streamweasels.php:307

actionwp_footerpublic\class-streamweasels-public.php:415

actionwp_footerpublic\class-streamweasels-public.php:420

filterpricing/show_annual_in_monthlystreamweasels.php:76

Scheduled Events 1

swti_cron

Maintenance & Trust

StreamWeasels Twitch Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 28, 2025

PHP min version

Downloads50K

Community Trust

Rating96/100

Number of ratings23

Active installs1K

Alternatives

StreamWeasels Twitch Integration Alternatives

Twitch Player

ttv-easy-embed-player

Twitch streams for your WordPress website - Twitch Player unlocks a compact, cinema-style layout, great for embedded stream experience.

200 1 unpatched

Twitch Rail

ttv-easy-embed

Twitch streams for your WordPress website - Twitch Rail unlocks a horizontal scrolling layout, to display many streams in a small space.

100 No CVEs

Twitch Wall

ttv-easy-embed-wall

Twitch streams for your WordPress website - Twitch Wall unlocks a classic Twitch layout for displaying many streams at once.

100 No CVEs

TwitchPress

twitchpress

Unofficial Twitch.tv power-up for your WordPress!

10 No CVEs

TwitchPress Embed Everything

twitchpress-embed-everything

100

Add the Embed Everything plugin to your blog after installing the core TwitchPress plugin called Channel Solution for Twitch.

10 No CVEs

Developer Profile

StreamWeasels Twitch Integration Developer Profile

StreamWeasels

4 plugins · 2K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

2 days

View full developer profile

Detection Fingerprints

How We Detect StreamWeasels Twitch Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/streamweasels-twitch-integration/build/twitch-integration/block.json/wp-content/plugins/streamweasels-twitch-integration/build/twitch-embed/block.json/wp-content/plugins/streamweasels-twitch-integration/css/admin-style.css/wp-content/plugins/streamweasels-twitch-integration/css/frontend-style.css/wp-content/plugins/streamweasels-twitch-integration/js/admin.js/wp-content/plugins/streamweasels-twitch-integration/js/frontend.js

Script Paths

/wp-content/plugins/streamweasels-twitch-integration/js/admin.js/wp-content/plugins/streamweasels-twitch-integration/js/frontend.js

Version Parameters

streamweasels-twitch-integration/css/admin-style.css?ver=streamweasels-twitch-integration/css/frontend-style.css?ver=streamweasels-twitch-integration/js/admin.js?ver=streamweasels-twitch-integration/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

swti-twitch-integration-blockswti-twitch-embed-block

Data Attributes

data-layoutdata-channelsdata-teamdata-gamedata-limitdata-channel+6 more

JS Globals

SWTI_Ajax

REST Endpoints

/wp-json/swti-twitch-api/

Shortcode Output

[sw-twitch-integration[sw-twitch-embed

FAQ