TweetMeme Button Security & Risk Analysis
wordpress.org/plugins/tweetmeme-buttonThe TweetMeme Retweet button is the defacto standard in retweeting - used by some of the biggest websites in the world including Techcrunch.
Is TweetMeme Button Safe to Use in 2026?
Generally Safe
Score 85/100TweetMeme Button has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The tweetmeme-button plugin v1.8.2 exhibits a concerning security posture primarily due to its unprotected AJAX handler. The static analysis reveals that out of one total entry point, one AJAX handler is exposed without any authentication checks. This is a significant weakness as it allows any unauthenticated user to interact with this part of the plugin, potentially triggering unintended actions or revealing sensitive information depending on the handler's functionality.
While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and not bundling libraries, the lack of output escaping across all identified outputs is another red flag. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed. The taint analysis, though showing no critical or high severity unsanitized flows, is limited by the number of flows analyzed and the overall lack of comprehensive checks, meaning vulnerabilities might still exist that were not detected.
The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator of past security diligence. However, the current static analysis findings, particularly the unprotected AJAX endpoint and widespread lack of output escaping, outweigh the clean history. The plugin has a small attack surface, but the unprotected nature of its sole entry point is a critical flaw. Future development should prioritize implementing nonce and capability checks for all AJAX handlers and ensuring all output is properly escaped.
Key Concerns
- Unprotected AJAX handler
- No output escaping
- No nonce checks
- No capability checks
TweetMeme Button Security Vulnerabilities
TweetMeme Button Code Analysis
Output Escaping
Data Flow Analysis
TweetMeme Button Attack Surface
AJAX Handlers 1
WordPress Hooks 7
Maintenance & Trust
TweetMeme Button Maintenance & Trust
Maintenance Signals
Community Trust
TweetMeme Button Alternatives
TweetButton
tweetbutton-for-wordpress
Easily allows your blog post or page to be retweeted. Currently being used by SocialBrite and other members of the social media community.
WP Tweet
wp-tweet
Adds the official Tweet Button from Twitter.
Custom Share Buttons with Floating Sidebar
custom-share-buttons-with-floating-sidebar
Share buttons with extra features to sharing your website posts/pages on Facebook, Twitter, Instagram, Whatsapp, Pinterest etc.
Like Button Rating ♥ LikeBtn
likebtn-like-button
Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!
Feeds for Twitter – Embed Social Media Posts with Live Updates
easy-twitter-feeds
Embed Twitter Timeline/Feed, Post, Video, Hashtag, Follow Button, Tweet Button easily. This plugin is lightweight but super powerful.
TweetMeme Button Developer Profile
1 plugin · 30 total installs
How We Detect TweetMeme Button
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/tweetmeme-button/tweetmeme_button.csshttp://api.tweetmeme.com/button.jstweetmeme-button/tweetmeme_button.css?ver=HTML / DOM Fingerprints
tweetmeme_buttondata-url<div class="tweetmeme_button" style="<iframe src="http://api.tweetmeme.com/button.js<img src="http://api.tweetmeme.com/imagebutton.gif