Does ThinkTwit have any unpatched vulnerabilities?

No. All known vulnerabilities in ThinkTwit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ThinkTwit compatible with WordPress 5.8.13?

According to WordPress.org data, ThinkTwit 1.7.1 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is ThinkTwit updated?

ThinkTwit was last updated on Unknown. Frequent updates are generally a positive security signal.

What is ThinkTwit's security score?

ThinkTwit has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ThinkTwit Security & Risk Analysis

wordpress.org/plugins/thinktwit

Outputs tweets from any Twitter users, hashtag or keyword through the Widget interface. Can be called via shortcode or PHP function call and supports …

10 active installs v1.7.1 PHP + WP 3.2+ Updated Unknown

hashtagmultiplethinktwittweettwitter

A · Safe

CVEs total1

Unpatched0

Last CVEAug 18, 2021

Plugin page Download

Safety Verdict

Is ThinkTwit Safe to Use in 2026?

Generally Safe

Score 100/100

ThinkTwit has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 18, 2021

Risk Assessment

The thinktwit plugin v1.7.1 exhibits a mixed security posture with notable strengths in SQL query handling but significant concerns in its attack surface and lack of fundamental security checks. While all SQL queries utilize prepared statements, indicating good practice in database interaction, the plugin exposes a substantial attack surface with 3 out of 4 entry points lacking authentication checks. This, combined with the presence of the dangerous 'create_function' and zero nonce or capability checks, creates a high risk of unauthorized actions and potential code injection vulnerabilities. The plugin's vulnerability history, though currently clear of unpatched issues, shows a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting a tendency towards input sanitization weaknesses. The taint analysis, showing 2 flows with unsanitized paths, further corroborates these concerns regarding handling user-supplied data. Overall, the lack of robust authentication and authorization on key entry points, coupled with the historical vulnerability pattern, presents a significant risk that outweighs the positive aspects of its SQL implementation.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function create_function
No nonce checks on AJAX handlers
No capability checks
Taint analysis: unsanitized paths
Insufficient output escaping (17% unescaped)
Past medium XSS vulnerability

Vulnerabilities

ThinkTwit Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-24582medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ThinkTwit < 1.7.1 - Stored Cross-Site Scripting

Aug 18, 2021 Patched in 1.7.1 (888d)

Code Analysis

Analyzed Mar 16, 2026

ThinkTwit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

279 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action("widgets_init", create_function("", "return register_widget(\"ThinkTwit\");"));thinktwit.php:57

Output Escaping

83% escaped338 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

parse_feed_callback (thinktwit.php:1927)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

ThinkTwit Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

authwp_ajax_clear_cachethinktwit.php:103

authwp_ajax_parse_feedthinktwit.php:106

noprivwp_ajax_parse_feedthinktwit.php:107

Shortcodes 1

[thinktwit] thinktwit.php:100

WordPress Hooks 5

actionwidgets_initthinktwit.php:57

actionadmin_menuthinktwit.php:112

actionadmin_initthinktwit.php:113

filterplugin_action_linksthinktwit.php:116

filterplugin_row_metathinktwit.php:117

Maintenance & Trust

ThinkTwit Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedUnknown

PHP min version

Downloads15K

Community Trust

Rating90/100

Number of ratings4

Active installs10

Alternatives

ThinkTwit Alternatives

Multi Account Tweet Feeds by Webline

multi-account-tweet-feeds-by-webline

A Simple plugin to show latest Tweets from a multiple Twitter accounts in the same sidebar widget,post,page or text widget content.

80 No CVEs

Twitter Hash Tag Shortcode

twitter-hash-tag-shortcode

Displaying the most recent twitter status updates for a particular hash tag in your posts/pages using shortcode.

20 No CVEs

Fetch Tweets – Hashtag Cloud

fetch-tweets-hashtag-cloud

Extracts and displays only hastags from the result of Fetch Tweets.

10 No CVEs

Easy Twitter Feed Widget Plugin

easy-twitter-feed-widget

Add twitter feeds on your WordPress site by using the Easy Twitter Feed Widget plugin.

10K No CVEs

Twitter

twitter

Official Twitter and Periscope plugin for WordPress. Embed content and grow your audience. Requires PHP 5.6 or greater.

10K No CVEs

Developer Profile

ThinkTwit Developer Profile

Stephen Pickett

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

888 days

View full developer profile

Detection Fingerprints

How We Detect ThinkTwit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/thinktwit/thinktwit.css

Version Parameters

thinktwit.css?ver=thinktwit.js?ver=

HTML / DOM Fingerprints

CSS Classes

thinktwit

HTML Comments

Data Attributes

data-thinktwit-update-frequencydata-thinktwit-live-update-freqdata-thinktwit-no-cache

JS Globals