Does TweetPost have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is TweetPost compatible with WordPress 3.0.5?

According to WordPress.org data, TweetPost 1.3 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is TweetPost updated?

TweetPost was last updated on Sep 7, 2010. Frequent updates are generally a positive security signal.

What is TweetPost's security score?

TweetPost has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TweetPost Security & Risk Analysis

wordpress.org/plugins/tweetpost

Multi-user aware Twitter plugin adds a tweet button to posts and/or automatically tweets bit.ly or su.pr links to new posts.

10 active installs v1.3 PHP + WP 2.7+ Updated Sep 7, 2010

twittertwitter-integrationtwitter-poster

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TweetPost Safe to Use in 2026?

Generally Safe

Score 85/100

TweetPost has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "tweetpost" plugin v1.3 exhibits a mixed security posture. On the positive side, there are no known CVEs, and the plugin demonstrates good practices by using prepared statements for all SQL queries and including a capability check. However, significant concerns arise from the static analysis. The limited output escaping (15% properly escaped) indicates a high risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered without sufficient sanitization. Furthermore, the taint analysis reveals a flow with unsanitized paths, suggesting potential for arbitrary file access or manipulation, although the severity is not explicitly classified as critical or high in this report. The absence of nonce checks on AJAX handlers and REST API routes, coupled with a lack of reported vulnerabilities, might suggest a very small attack surface, but the identified taint flow and poor output escaping remain serious concerns that could be exploited if an attacker can introduce malicious data.

Key Concerns

Low percentage of properly escaped output
Taint flow with unsanitized paths
No nonce checks on AJAX/REST

Vulnerabilities

None known

TweetPost Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

TweetPost Release Timeline

v1.3Current

v1.2

v1.1

v1.0.1

v1.0

v0.8

v0.7

v0.5

v0.4

v0.3

v0.2

v0.1

Code Analysis

Analyzed Mar 17, 2026

TweetPost Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

15% escaped13 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<account> (account.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

TweetPost Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionadmin_menutweetpost.php:116

actionadmin_inittweetpost.php:117

filterthe_contenttweetpost.php:431

actionshow_user_profiletweetpost.php:433

actionedit_user_profiletweetpost.php:434

actionpersonal_options_updatetweetpost.php:435

actionedit_user_profile_updatetweetpost.php:436

actionadmin_noticestweetpost.php:437

actionnew_to_publishtweetpost.php:438

actiondraft_to_publishtweetpost.php:439

actionpending_to_publishtweetpost.php:440

actionfuture_to_publishtweetpost.php:441

Maintenance & Trust

TweetPost Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedSep 7, 2010

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

TweetPost Alternatives

Nextend Social Login and Register

nextend-facebook-connect

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

custom-twitter-feeds

Display X posts (Twitter tweets) from any public user account in a clean, attractive looking feed that updates weekly.

100K 8 CVEs

Open Graph and Twitter Card Tags

wonderm00ns-simple-facebook-open-graph-tags

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K 2 CVEs

Social Media Widget

social-media-widget

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic

shareaholic

Boost Audience Engagement with Award Winning Speed Optimized Social Tools: Share Buttons, Related Posts, Monetization & Google Analytics.

20K 4 CVEs

Developer Profile

TweetPost Developer Profile

Randy Hunt

4 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TweetPost

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tweetpost/tweetpost.js

Script Paths