Does Tweetbacks Helper have any unpatched vulnerabilities?

No. All known vulnerabilities in Tweetbacks Helper have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tweetbacks Helper compatible with WordPress 3.6.1?

According to WordPress.org data, Tweetbacks Helper 0.9.1 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Tweetbacks Helper updated?

Tweetbacks Helper was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Tweetbacks Helper's security score?

Tweetbacks Helper has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tweetbacks Helper Security & Risk Analysis

wordpress.org/plugins/tweetbacks-helper

Helper Plugin for Tweetbacks Plugin to help it detect more tweets

10 active installs v0.9.1 PHP + WP 2.8+ Updated Unknown

commentstweettweetbackstwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tweetbacks Helper Safe to Use in 2026?

Generally Safe

Score 100/100

Tweetbacks Helper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "tweetbacks-helper" v0.9.1 plugin exhibits a generally positive security posture, particularly concerning its limited attack surface. With no detected AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks, the potential for external exploitation appears minimal. The presence of nonce and capability checks, while limited in number, also indicates an attempt at securing the few interaction points available.

However, the static analysis reveals significant areas for improvement. The plugin's sole SQL query is not using prepared statements, posing a risk of SQL injection. Furthermore, none of the 10 detected output operations are properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of taint analysis flows, while seemingly good, could also be a sign that the analysis tools were unable to probe deeper due to the limited entry points, or that the code is exceptionally simple. The plugin's vulnerability history is clean, with no known CVEs, which is a strong positive indicator, suggesting a history of stable and secure development.

In conclusion, while the plugin's limited attack surface and clean vulnerability history are commendable, the lack of prepared statements for SQL queries and the universal absence of output escaping are critical security weaknesses that require immediate attention. These issues, if exploited, could lead to serious data breaches and site compromises.

Key Concerns

SQL query without prepared statements
No output escaping

Vulnerabilities

None known

Tweetbacks Helper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tweetbacks Helper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped10 total outputs

Attack Surface

Tweetbacks Helper Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_menutweetbacks-helper.php:48

actionadmin_inittweetbacks-helper.php:49

actionadmin_menutweetbacks-helper.php:52

actionadmin_headtweetbacks-helper.php:55

actionsave_posttweetbacks-helper.php:58

actionedit_posttweetbacks-helper.php:59

actionpublish_posttweetbacks-helper.php:60

actionedit_page_formtweetbacks-helper.php:61

actionin_admin_footertweetbacks-helper.php:157

actioninittweetbacks-helper.php:270

Maintenance & Trust

Tweetbacks Helper Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedUnknown

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Tweetbacks Helper Alternatives

BTCNew

btcnew

The BTCNew Wordpress plugin lets you show related conversations (from Twitter, Digg, FriendFeed & more) inline with your own comments.

10 No CVEs

Commentwitter

commentwitter

Gives commenters the option of Tweeting their comment with a link to your post.

10 No CVEs

Easy Twitter Feed Widget Plugin

easy-twitter-feed-widget

Add twitter feeds on your WordPress site by using the Easy Twitter Feed Widget plugin.

10K No CVEs

Twitter

twitter

Official Twitter and Periscope plugin for WordPress. Embed content and grow your audience. Requires PHP 5.6 or greater.

10K No CVEs

Autopost for X (formerly Autoshare for Twitter)

autoshare-for-twitter

Automatically shares the post title or custom message and a link to the post to X/Twitter.

6K 2 CVEs

Developer Profile

Tweetbacks Helper Developer Profile

Sudar Muthu

16 plugins · 21K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tweetbacks Helper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tweetbacks-helper/tweetbacks-helper.php

HTML / DOM Fingerprints

Data Attributes

name="tweetbacks-helper-options[auto-enabled]"name="tweetbacks-helper-options[cron-enabled]"value="1"value="0"name="shorturl_type_name="shorturl_url_

FAQ