Does Tsu have any unpatched vulnerabilities?

No. All known vulnerabilities in Tsu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tsu compatible with WordPress 4.0.38?

According to WordPress.org data, Tsu 1.2.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Tsu updated?

Tsu was last updated on Dec 29, 2014. Frequent updates are generally a positive security signal.

What is Tsu's security score?

Tsu has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tsu Security & Risk Analysis

wordpress.org/plugins/tsu

Tsu widget to share your profile / invitation with your readers.

10 active installs v1.2.0 PHP + WP 3.0.1+ Updated Dec 29, 2014

invitationinviteprofilesharetsu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tsu Safe to Use in 2026?

Generally Safe

Score 85/100

Tsu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "tsu" plugin version 1.2.0 demonstrates a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant positive. Furthermore, the plugin shows good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and not making external HTTP requests or using bundled libraries. The lack of any recorded vulnerabilities or CVEs in its history also suggests a well-maintained and secure codebase.

However, a notable area of concern is the output escaping. With 20 total outputs, only 5% are properly escaped. This indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient sanitization before being displayed to users. While taint analysis did not reveal any specific unsanitized paths, the low rate of output escaping is a clear weakness that requires immediate attention. The complete lack of nonce checks and capability checks across all potential (though currently zero) entry points also presents a future risk should new entry points be introduced without proper security measures.

Key Concerns

Low output escaping rate
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Tsu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tsu Release Timeline

v1.2.0Current

v1.1.0

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 17, 2026

Tsu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

5% escaped20 total outputs

Attack Surface

Tsu Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_noticesinc\class-tsu-version-check.php:80

actionwp_headinc\class-tsu-widget.php:48

actionadmin_inittsu.php:39

actionwidgets_inittsu.php:109

actionplugins_loadedtsu.php:149

Maintenance & Trust

Tsu Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedDec 29, 2014

PHP min version

Downloads3K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

Tsu Alternatives

Tsu Popup

tsu-popup

Add your own tsu ( Social Network ) popup in any website.

10 No CVEs

Profile Box Shortcode And Widget

facebook-likebox-widget-and-shortcode

100

A very easy and simple Facebook like box shortcode and widget plugin with mini profile, like Button, Share Button plugin For WordPress

2K 1 CVE

Invite Anyone

invite-anyone

Makes BuddyPress's invitation features more powerful.

1K 6 CVEs

WP eCards – Branded Digital Greeting Cards

wp-ecards-invites

Add interactive digital greeting cards to your WordPress site — fully branded, customizable, and shareable by visitors through email or social media.

300 1 CVE

Invitations for Slack

invitations-for-slack

Build a Slack community by allowing your visitors (or registered users) to invite themselves to your Slack team.

30 No CVEs

Developer Profile

Tsu Developer Profile

noplanman

5 plugins · 140 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tsu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tsu/images/tsu-logo-16x16.png/wp-content/plugins/tsu/images/tsu-logo-32x32.png/wp-content/plugins/tsu/images/tsu-logo-48x48.png/wp-content/plugins/tsu/images/tsu-logo-64x64.png/wp-content/plugins/tsu/images/tsu-logo-96x96.png/wp-content/plugins/tsu/images/tsu-logo-128x128.png

HTML / DOM Fingerprints

CSS Classes

widget-tsu

Data Attributes

data-tsu-user-iddata-tsu-namedata-tsu-show-logodata-tsu-logo-size

FAQ