Does TP – TweetPress have any unpatched vulnerabilities?

No. All known vulnerabilities in TP – TweetPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TP – TweetPress compatible with WordPress 3.3.2?

According to WordPress.org data, TP – TweetPress 1.4 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is TP – TweetPress updated?

TP – TweetPress was last updated on Jul 26, 2013. Frequent updates are generally a positive security signal.

What is TP – TweetPress's security score?

TP – TweetPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TP – TweetPress Security & Risk Analysis

wordpress.org/plugins/tp

All the tools you need to integrate your wordpress and twitter.

10 active installs v1.4 PHP + WP 3.0+ Updated Jul 26, 2013

loginoauthtweettweetbuttontwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is TP – TweetPress Safe to Use in 2026?

Generally Safe

Score 85/100

TP – TweetPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The plugin 'tp' v1.4 presents a mixed security posture. While it demonstrates good practices in its handling of SQL queries, utilizing prepared statements for all queries and performing a reasonable number of capability checks, there are significant areas of concern. The presence of two AJAX handlers without authentication checks creates a direct attack vector. Furthermore, only 12% of outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the absence of critical or high-severity taint flows which might otherwise catch such issues. The plugin also utilizes the deprecated and insecure `create_function` function twice. Encouragingly, the plugin has no recorded vulnerability history, suggesting a generally stable past. However, the current static analysis findings, particularly the unprotected entry points and poor output escaping, introduce notable risks that outweigh the positive aspects.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped output
Use of dangerous function: create_function

Vulnerabilities

None known

TP – TweetPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TP – TweetPress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('admin_notices', create_function( '', "echo '<div class=\"error\"><p>".sprintf(__('TweetPtp.php:150

create_functionadd_action('widgets_init', create_function('', 'return register_widget("TP_Follow_Widget");'));tp.php:1296

SQL Query Safety

100% prepared2 total queries

Output Escaping

12% escaped57 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

tp_app_options_page (tp.php:185)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

TP – TweetPress Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

noprivwp_ajax_tp_comm_get_displaytp.php:639

authwp_ajax_disconnect_twuidtp.php:699

Shortcodes 2

[tweetbutton] tp.php:884

[twitterfollow] tp.php:1247

WordPress Hooks 43

actioninittp.php:47

actionadmin_menutp.php:128

actionnetwork_admin_menutp.php:136

actionadmin_inittp.php:144

actionadmin_noticestp.php:150

filterpre_update_option_tp_app_optionstp.php:157

actionwp_enqueue_scriptstp.php:277

actionoauth_start_twittertp.php:308

actionadmin_inittp.php:411

actionadmin_noticestp.php:414

actionadmin_inittp.php:422

actiontp_validate_optionstp.php:446

filterget_avatartp.php:572

filtercomment_post_redirecttp.php:627

actioncomment_formtp.php:636

actioncomment_formtp.php:637

actionwp_footertp.php:638

actioninittp.php:640

actioncomment_posttp.php:641

actioncomment_form_before_fieldstp.php:642

actionalt_comment_logintp.php:643

actioncomment_form_before_fieldstp.php:644

actioncomment_form_after_fieldstp.php:645

actioncomment_posttp.php:646

filterpre_comment_on_posttp.php:647

actionprofile_personal_optionstp.php:654

actiontp_login_connecttp.php:712

actionlogin_formtp.php:724

filterauthenticatetp.php:731

actionwp_logouttp.php:752

actionwp_footertp.php:867

filterthe_contenttp.php:906

actionadmin_inittp.php:909

filtertp_validate_optionstp.php:978

actionadmin_menutp.php:1023

actionadmin_inittp.php:1029

actiontp_publish_preauthtp.php:1087

actiontransition_post_statustp.php:1136

filtertp_validate_optionstp.php:1203

actionwidgets_inittp.php:1296

filtertp_followtp.php:1303

actioninitwp-oauth.php:16

actiontemplate_redirectwp-oauth.php:27

Maintenance & Trust

TP – TweetPress Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedJul 26, 2013

PHP min version

Downloads14K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

TP – TweetPress Alternatives

Postmatic Social Commenting

postmatic-social-commenting

A tiny, fast, and convenient way to let your readers comment using their social profiles.

50 No CVEs

Tweets Widget

tweets-widget

Tweets Widget compatible with the new Twitter API 1.1

20 No CVEs

U-Tweets

u-tweets

U-Tweets is a simple to use WordPress Plugin powered with Twitter OAuth API to display tweets.

10 No CVEs

Nextend Social Login and Register

nextend-facebook-connect

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs

OpenID Connect Generic Client

daggerhart-openid-connect-generic

A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.

10K 2 CVEs

Developer Profile

TP – TweetPress Developer Profile

Louy Alakkad

7 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TP – TweetPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tp/css/tweetpress.css/wp-content/plugins/tp/js/tweetpress.js

Script Paths

/wp-content/plugins/tp/js/tweetpress.js

Version Parameters

tp/style.css?ver=tp/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

tweetpress-widget-containertweetpress-tweet-bodytweetpress-tweet-metatp_tweet_buttontp_share_button

HTML Comments

Data Attributes

data-tweet-urldata-tweet-textdata-tweet-via

JS Globals

tweetpressTP_AJAX_URL

Shortcode Output

[tweetpress_feed][tweetpress_timeline][tweetpress_buttons]

FAQ