[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD-S_Nyf_3n9naQfjY_TH82fcvrL3nNo7deUwnIBCZP4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":129,"fingerprints":425},"tweetpress","TweetPress","3.2","brandontreb","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandontreb\u002F","\u003Cp>TweetPress is the WordPress Plug-In that gives you total control and ownership of the photos you post to Twitter, sending traffic back to your own blog, instead of a third party site.\u003C\u002Fp>\n\u003Cp>Currently, when posting photos to Twitter, you must first post them to a 3rd party service (such as Twitpic) and then post that URL to Twitter.  Not only do you lose control over YOUR image gallery, but you are also sending Twitpic a significant amount of traffic that could be sent to your own website.\u003C\u002Fp>\n\u003Cp>Just install the plugin, and start posting photos with your favorite Twitter client (that supports TweetPress).\u003C\u002Fp>\n\u003Cp>The current Twitter clients that support Tweetpress are Twittelator Pro and Twitter for iPhone\u003C\u002Fp>\n","Use your Wordpress blog to host the photos you post to Twitter!",10,10037,0,"2011-02-16T22:28:00.000Z","3.1.4","2.3","",[19,20,21,22],"image-hosting","tweet","twitpic","twitter","http:\u002F\u002Fbrandontreb.com\u002Ftweetpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftweetpress.3.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T05:51:29.379Z",[35,48,66,87,105],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":10,"active_installs":11,"downloaded":42,"rating":13,"num_ratings":13,"last_updated":43,"tested_up_to":44,"requires_at_least":16,"requires_php":17,"tags":45,"homepage":46,"download_link":47,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"twitter2press","Twitter2Press","1.0.5","mathieulesniak","https:\u002F\u002Fprofiles.wordpress.org\u002Fmathieulesniak\u002F","\u003Cp>Have you ever noticed that the pictures you send along with your tweets ends on public images hosting services ? These hosting services put ads around your content, and can make traffic (and money) with YOUR pictures.\u003Cbr \u002F>\nTwitter2Press is a little plugin that’ll transform your WordPress in a image hosting service. So, your images will still be your property, and the generated traffic will be yours.\u003C\u002Fp>\n\u003Cp>This plugin will communicate with the wonderful Twitter client for iPhone Tweetie, very easily.\u003Cbr \u002F>\nOnce your picture has been uploaded, the plugin will grab the content of the associated tweet when it’s available.\u003C\u002Fp>\n\u003Cp>And, one more thing : Twitter2Press is free !\u003C\u002Fp>\n",3705,"2009-10-21T09:28:00.000Z","2.8.5",[19,20,21,22],"http:\u002F\u002Fprojets.lesniak.fr\u002Ftwitter2press","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter2press.1.0.5.zip",{"slug":21,"name":49,"version":50,"author":51,"author_profile":52,"description":53,"short_description":54,"active_installs":55,"downloaded":56,"rating":13,"num_ratings":13,"last_updated":57,"tested_up_to":58,"requires_at_least":59,"requires_php":17,"tags":60,"homepage":64,"download_link":65,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"TwitPic","0.3","grobekelle","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrobekelle\u002F","\u003Cp>Displays your latest pictures from TwitPic in the sidebar of your blog. The plugin is widget ready and comes with many configuration options! Because every theme brings their very own style, TwitPic has very little preset css. Please see the css file \u003Ccode>twitpic.css\u003C\u002Fcode> to set collors, borders etc.\u003C\u002Fp>\n\u003Cp>Check out more \u003Ca href=\"http:\u002F\u002Fwww.grobekelle.de\u002Fwordpress-plugins\" title=\"Wordpress Plugins\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.grobekelle.de\" title=\"Lustige Videos\" rel=\"nofollow ugc\">Lustige Videos\u003C\u002Fa> brought to you by Grobekelle.\u003C\u002Fp>\n","Displays your latest pictures from TwitPic in the sidebar of your blog. The plugin is widget ready and comes with many configuration options!",20,8255,"2010-06-24T18:59:00.000Z","2.7","2.0.2",[61,62,63,22],"tweets","twit","twitpics","http:\u002F\u002Fwww.grobekelle.de\u002Fwordpress-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitpic.zip",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":76,"num_ratings":77,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":17,"tags":81,"homepage":85,"download_link":86,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"easy-twitter-feed-widget","Easy Twitter Feed Widget Plugin","0.9","DesignOrbital","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignorbital\u002F","\u003Cp>Easy Twitter Feed Widget plugin uses the \u003Ccode>Twitter Widget\u003C\u002Fcode> without creating an API to display tweets on your WordPress site. There is no need to create Twitter application. Easy Twitter Feed Widget Plugin provides a nice interface to implement your tweets in an easy way.\u003C\u002Fp>\n\u003Cp>If you are planning to display twitter timeline on your blog’s sidebar without bells and whistles than our plugin can be your ideal choice.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy Twitter Feed Widget Plugin is very easy to setup and use.\u003C\u002Fli>\n\u003Cli>You can blend your tweets professionally with the layout of any WordPress theme.\u003C\u002Fli>\n\u003Cli>Make it your own by customizing the link color, border color, background choice and other useful options.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Useful Stuff\u003C\u002Fh4>\n\u003Cp>Easy Twitter Feed Widget plugin is developed by DesignOrbital. You may be interested to use our \u003Ca href=\"https:\u002F\u002Fdesignorbital.com\u002F\" rel=\"nofollow ugc\">Premium WordPress Themes\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fdesignorbital.com\u002Ffree-wordpress-themes\u002F\" rel=\"nofollow ugc\">Free WordPress Themes\u003C\u002Fa> to run your website under the clean and SEO optimized code.\u003C\u002Fp>\n","Add twitter feeds on your WordPress site by using the Easy Twitter Feed Widget plugin.",10000,503422,74,55,"2017-12-20T18:46:00.000Z","4.9.29","4.7",[82,20,22,83,84],"feed","twitter-feed","twitter-widget","https:\u002F\u002Fdesignorbital.com\u002Feasy-twitter-feed-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-twitter-feed-widget.0.9.zip",{"slug":22,"name":88,"version":89,"author":88,"author_profile":90,"description":91,"short_description":92,"active_installs":74,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":80,"requires_php":17,"tags":98,"homepage":103,"download_link":104,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"Twitter","2.0.5","https:\u002F\u002Fprofiles.wordpress.org\u002Ftwitter\u002F","\u003Cp>Embed Twitter content, improve sharing on Twitter, convert your web audience into Twitter or Periscope subscribers, and easily track visits to your website from Twitter advertising.\u003C\u002Fp>\n\u003Cp>Requires PHP version 5.6 or greater.\u003C\u002Fp>\n\u003Ch4>Embed Twitter content\u003C\u002Fh4>\n\u003Cp>Embed Twitter content by pasting a URL, customizing a shortcode, or in a widget area.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-Tweet\" title=\"single Tweet embed\" rel=\"nofollow ugc\">single Tweet\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-Profile-Timeline\" title=\"Twitter embedded profile timeline\" rel=\"nofollow ugc\">profile timeline\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-List-Timeline\" title=\"Twitter embedded list timeline\" rel=\"nofollow ugc\">list timeline\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-Collection-Timeline\" title=\"Twitter embedded collection\" rel=\"nofollow ugc\">collection\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FMoments\" title=\"Twitter embedded Moment\" rel=\"nofollow ugc\">Moment\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Customize embed display to match your theme. Choose a light or dark background, customize link and border colors, and customize timeline template components through your site’s WordPress administrative interface.\u003C\u002Fp>\n\u003Cp>The plugin automatically customizes an embed’s template text to match the locale of your site, optimally loads Twitter’s JavaScript to improve site speed and extensibility, and handles advanced use cases such as articles loaded asynchronously via the WordPress API.\u003C\u002Fp>\n\u003Ch4>Grow your Twitter audience\u003C\u002Fh4>\n\u003Cp>Automatically generate link previews for your site’s URLs shared on Twitter using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FCards\" rel=\"nofollow ugc\">Twitter Cards markup\u003C\u002Fa> . Easily identify your site and author Twitter accounts through your site and user administrative interfaces.\u003C\u002Fp>\n\u003Cp>Add a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FTweet-Button\" rel=\"nofollow ugc\">Tweet button\u003C\u002Fa> to public posts to encourage your visitors to share your content on Twitter. Visitors may see recommended accounts to follow after sharing your content including your site and its authors.\u003C\u002Fp>\n\u003Cp>Add a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FFollow-Button\" rel=\"nofollow ugc\">Follow button\u003C\u002Fa> to convert your site visitors into Twitter subscribers.\u003C\u002Fp>\n\u003Cp>Add a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FPeriscope-On-Air-Button\" rel=\"nofollow ugc\">Periscope On Air button\u003C\u002Fa> to convert your site visitors into Periscope subscribers.\u003C\u002Fp>\n\u003Ch4>Improve Twitter advertising campaigns\u003C\u002Fh4>\n\u003Cp>Easily add a Twitter website tag to your website to track the effectiveness and \u003Ca href=\"https:\u002F\u002Fbusiness.twitter.com\u002Fen\u002Fhelp\u002Fcampaign-measurement-and-analytics\u002Fconversion-tracking-for-websites.html\" rel=\"nofollow ugc\">conversion rates\u003C\u002Fa> of Twitter advertising campaigns or \u003Ca href=\"https:\u002F\u002Fbusiness.twitter.com\u002Fen\u002Ftargeting\u002Ftailored-audiences.html\" rel=\"nofollow ugc\">build tailored audiences\u003C\u002Fa> to target your Twitter advertisements for your website audience.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Docs and active development\u003C\u002Fstrong>\u003Cbr \u002F>\n  Contribute to the plugin, submit pull requests, or run test suites through the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\" rel=\"nofollow ugc\">Twitter plugin for WordPress GitHub repository\u003C\u002Fa>.\u003Cbr \u002F>\n  View \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\" rel=\"nofollow ugc\">Twitter for WordPress documentation\u003C\u002Fa> to learn more about customization through WordPress filters.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Official Twitter and Periscope plugin for WordPress. Embed content and grow your audience. Requires PHP 5.6 or greater.",705891,50,32,"2019-07-24T22:59:00.000Z","5.2.24",[99,100,22,101,102],"embedded-timeline","embedded-tweet","twitter-list","twitter-profile","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwitter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":17,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":27},"autoshare-for-twitter","Autopost for X (formerly Autoshare for Twitter)","2.3.3","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Autopost for X (formerly Autoshare for Twitter) automatically shares your posts to X\u002FTwitter as soon as they’re published.  Once you hit the Publish button, the plugin sends your post’s title, featured image, and link to X\u002FTwitter, along with a custom message.\u003C\u002Fp>\n\u003Cp>Unlike a myriad of other social media, multitool solutions, Autopost for X is built solely for X\u002FTwitter.  It focuses on doing one thing and does it well, with the code and interface craftsmanship we apply to every project.\u003C\u002Fp>\n\u003Cp>With Autopost for X, developers can further customize nearly everything about the posts, including the image, author, and link, using an extensive set of hooks built into the code. Among its other features, the WordPress plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works in both the classic and new block editors.\u003C\u002Fli>\n\u003Cli>Becomes part of the pre-publish checklist step that’s part of the new block editor.\u003C\u002Fli>\n\u003Cli>Posts a high-quality featured image with your post to X\u002FTwitter.\u003C\u002Fli>\n\u003Cli>Counts characters to keep you under the X\u002FTwitter limit.\u003C\u002Fli>\n\u003Cli>Adds a link to the post to X\u002FTwitter in the block editor sidebar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Disclaimer:\u003C\u002Fstrong> \u003Cem>TWITTER, TWEET, RETWEET and the Twitter logo are trademarks of Twitter, Inc. or its affiliates.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Plugin Compatibility\u003C\u002Fh3>\n\u003Ch4>Distributor\u003C\u002Fh4>\n\u003Cp>When using with 10up’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F10up\u002Fdistributor\" rel=\"nofollow ugc\">Distributor plugin\u003C\u002Fa>, posts that are distributed will not be autoposted if they are already posted to X\u002FTwitter from the origin site. Autopost for X tracks posts that have been posted to X\u002FTwitter in post meta to avoid “double posting”. To avoid this behavior, use the \u003Ccode>dt_blacklisted_meta\u003C\u002Fcode> filter to exclude the ‘autoshare_for_twitter_status’ meta value from being distributed :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'dt_blacklisted_meta', function( $blacklisted_metas ) {\n    $blacklisted_metas[] = 'autoshare_for_twitter_status';\n    return $blacklisted_metas;\n} )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Posts and pages are supported by default. Developers can use the \u003Ccode>autoshare_for_twitter_default_post_types\u003C\u002Fcode> filter to change the default supported post types\u003C\u002Fp>\n\u003Cp>Custom post types can now be opted into autopost features like so:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function opt_my_cpt_into_autoshare() {\n    add_post_type_support( 'my-cpt', 'autoshare-for-twitter' );\n}\nadd_action( 'init', 'opt_my_cpt_into_autoshare' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In addition, adding support while registering custom post types also works. Post types are automatically set to autopost. Future versions of this plugin could allow this to be set manually.\u003C\u002Fp>\n\u003Cp>While the autopost feature can be opted into for post types using the above filter, by default the editor still has to manually enable autopost during the post prepublish flow. The \u003Ccode>autoshare_for_twitter_enabled_default\u003C\u002Fcode> filter allows autopost to be enabled by default for all posts of a given post type. Editors can still manually uncheck the option during the publishing flow.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function enable_autoshare_by_default_for_core_post_type( $enabled, $post_type ) {\n    if ( 'post' === $post_type ) {\n        return true;\n    }\n\n    return $enabled;\n}\nadd_filter( 'autoshare_for_twitter_enabled_default', 'enable_autoshare_by_default_for_core_post_type', 10, 2 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Additional technical details can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F10up\u002Fautoshare-for-twitter#overview\" rel=\"nofollow ugc\">our GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Automatically shares the post title or custom message and a link to the post to X\u002FTwitter.",6000,48739,100,6,"2026-02-02T17:14:00.000Z","6.9.4","6.8","7.4",[122,123,124,20,22],"posse","share","social-media","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautoshare-for-twitter.2.3.3.zip",97,2,"2023-01-23 00:00:00",{"attackSurface":130,"codeSignals":177,"taintFlows":261,"riskAssessment":404,"analyzedAt":424},{"hooks":131,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":13,"unprotectedCount":13},[132,138,142,146,150,155,159,162,166,169],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","widgets_init","anonymous","tweetpress-widget.php",75,{"type":133,"name":139,"callback":140,"file":141,"line":126},"wp_head","tp_css","tweetpress.php",{"type":133,"name":143,"callback":144,"file":141,"line":145},"admin_menu","tp_menu",102,{"type":133,"name":147,"callback":148,"priority":13,"file":141,"line":149},"get_header","check_gallery_path",309,{"type":151,"name":152,"callback":153,"file":141,"line":154},"filter","the_content","load_gallery",329,{"type":133,"name":156,"callback":157,"file":141,"line":158},"loop_start","load_gallery_home",332,{"type":133,"name":147,"callback":160,"file":141,"line":161},"load_gallery_on_page",346,{"type":133,"name":163,"callback":164,"file":141,"line":165},"plugins_loaded","tp_upload",352,{"type":133,"name":163,"callback":167,"file":141,"line":168},"tp_check_show_image",353,{"type":133,"name":170,"callback":171,"file":141,"line":172},"admin_notices","tp_admin_notice",726,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":182,"outputEscaping":198,"fileOperations":259,"externalRequests":30,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":260},[179],{"fn":180,"file":136,"line":137,"context":181},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"TweetPressWidget\");'));",{"prepared":183,"raw":184,"locations":185},22,5,[186,189,192,194,196],{"file":141,"line":187,"context":188},656,"$wpdb->get_var() with variable interpolation",{"file":141,"line":190,"context":191},676,"$wpdb->query() with variable interpolation",{"file":141,"line":193,"context":191},677,{"file":141,"line":195,"context":191},678,{"file":141,"line":197,"context":191},679,{"escaped":199,"rawEcho":31,"locations":200},3,[201,204,206,208,210,212,214,216,217,218,220,221,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256],{"file":136,"line":202,"context":203},29,"raw output",{"file":136,"line":205,"context":203},31,{"file":136,"line":207,"context":203},36,{"file":136,"line":209,"context":203},37,{"file":136,"line":211,"context":203},44,{"file":136,"line":213,"context":203},62,{"file":136,"line":215,"context":203},63,{"file":136,"line":215,"context":203},{"file":136,"line":215,"context":203},{"file":136,"line":219,"context":203},67,{"file":136,"line":219,"context":203},{"file":136,"line":219,"context":203},{"file":141,"line":223,"context":203},92,{"file":141,"line":225,"context":203},94,{"file":141,"line":227,"context":203},159,{"file":141,"line":229,"context":203},163,{"file":141,"line":231,"context":203},166,{"file":141,"line":233,"context":203},243,{"file":141,"line":235,"context":203},247,{"file":141,"line":237,"context":203},250,{"file":141,"line":239,"context":203},284,{"file":141,"line":241,"context":203},302,{"file":141,"line":243,"context":203},343,{"file":141,"line":245,"context":203},539,{"file":141,"line":247,"context":203},540,{"file":141,"line":249,"context":203},548,{"file":141,"line":251,"context":203},638,{"file":141,"line":253,"context":203},643,{"file":141,"line":255,"context":203},714,{"file":257,"line":258,"context":203},"URLShortener.class.php",59,15,[],[262,318,341,358,382],{"entryPoint":263,"graph":264,"unsanitizedCount":316,"severity":317},"tp_gallery (gallery.php:3)",{"nodes":265,"edges":308},[266,271,276,279,283,287,289,292,297,299,304,306],{"id":267,"type":268,"label":269,"file":270,"line":11},"n0","source","$_GET['delete_image_id']","gallery.php",{"id":272,"type":273,"label":274,"file":270,"line":11,"wp_function":275},"n1","sink","get_row() [SQLi]","get_row",{"id":277,"type":268,"label":278,"file":270,"line":11},"n2","$_GET (x2)",{"id":280,"type":273,"label":281,"file":270,"line":259,"wp_function":282},"n3","query() [SQLi]","query",{"id":284,"type":268,"label":285,"file":270,"line":286},"n4","$_GET['image_id']",19,{"id":288,"type":273,"label":274,"file":270,"line":286,"wp_function":275},"n5",{"id":290,"type":268,"label":291,"file":270,"line":286},"n6","$_GET",{"id":293,"type":273,"label":294,"file":270,"line":295,"wp_function":296},"n7","get_results() [SQLi]",26,"get_results",{"id":298,"type":268,"label":291,"file":270,"line":286},"n8",{"id":300,"type":273,"label":301,"file":270,"line":302,"wp_function":303},"n9","file_get_contents() [SSRF\u002FLFI]",40,"file_get_contents",{"id":305,"type":268,"label":291,"file":270,"line":286},"n10",{"id":307,"type":273,"label":274,"file":270,"line":77,"wp_function":275},"n11",[309,311,312,313,314,315],{"from":267,"to":272,"sanitized":310},false,{"from":277,"to":280,"sanitized":310},{"from":284,"to":288,"sanitized":310},{"from":290,"to":293,"sanitized":310},{"from":298,"to":300,"sanitized":310},{"from":305,"to":307,"sanitized":310},7,"high",{"entryPoint":319,"graph":320,"unsanitizedCount":316,"severity":317},"\u003Cgallery> (gallery.php:0)",{"nodes":321,"edges":334},[322,323,324,325,326,327,328,329,330,331,332,333],{"id":267,"type":268,"label":269,"file":270,"line":11},{"id":272,"type":273,"label":274,"file":270,"line":11,"wp_function":275},{"id":277,"type":268,"label":278,"file":270,"line":11},{"id":280,"type":273,"label":281,"file":270,"line":259,"wp_function":282},{"id":284,"type":268,"label":285,"file":270,"line":286},{"id":288,"type":273,"label":274,"file":270,"line":286,"wp_function":275},{"id":290,"type":268,"label":291,"file":270,"line":286},{"id":293,"type":273,"label":294,"file":270,"line":295,"wp_function":296},{"id":298,"type":268,"label":291,"file":270,"line":286},{"id":300,"type":273,"label":301,"file":270,"line":302,"wp_function":303},{"id":305,"type":268,"label":291,"file":270,"line":286},{"id":307,"type":273,"label":274,"file":270,"line":77,"wp_function":275},[335,336,337,338,339,340],{"from":267,"to":272,"sanitized":310},{"from":277,"to":280,"sanitized":310},{"from":284,"to":288,"sanitized":310},{"from":290,"to":293,"sanitized":310},{"from":298,"to":300,"sanitized":310},{"from":305,"to":307,"sanitized":310},{"entryPoint":342,"graph":343,"unsanitizedCount":127,"severity":317},"tp_check_show_image (tweetpress.php:355)",{"nodes":344,"edges":355},[345,348,349,351],{"id":267,"type":268,"label":346,"file":141,"line":347},"$_REQUEST['image_id']",359,{"id":272,"type":273,"label":274,"file":141,"line":347,"wp_function":275},{"id":277,"type":268,"label":350,"file":141,"line":347},"$_REQUEST",{"id":280,"type":273,"label":352,"file":141,"line":353,"wp_function":354},"header() [Header Injection]",360,"header",[356,357],{"from":267,"to":272,"sanitized":310},{"from":277,"to":280,"sanitized":310},{"entryPoint":359,"graph":360,"unsanitizedCount":199,"severity":317},"tp_upload (tweetpress.php:365)",{"nodes":361,"edges":377},[362,365,367,368,371,373,376],{"id":267,"type":268,"label":363,"file":141,"line":364},"$_FILES",435,{"id":272,"type":273,"label":281,"file":141,"line":366,"wp_function":282},467,{"id":277,"type":268,"label":363,"file":141,"line":364},{"id":280,"type":273,"label":369,"file":141,"line":247,"wp_function":370},"echo() [XSS]","echo",{"id":284,"type":268,"label":350,"file":141,"line":372},419,{"id":288,"type":374,"label":375,"file":141,"line":372},"transform","→ returnError()",{"id":290,"type":273,"label":369,"file":141,"line":253,"wp_function":370},[378,379,380,381],{"from":267,"to":272,"sanitized":310},{"from":277,"to":280,"sanitized":310},{"from":284,"to":288,"sanitized":310},{"from":288,"to":290,"sanitized":310},{"entryPoint":383,"graph":384,"unsanitizedCount":184,"severity":317},"\u003Ctweetpress> (tweetpress.php:0)",{"nodes":385,"edges":397},[386,387,388,389,390,391,392,393,394,395,396],{"id":267,"type":268,"label":346,"file":141,"line":347},{"id":272,"type":273,"label":274,"file":141,"line":347,"wp_function":275},{"id":277,"type":268,"label":350,"file":141,"line":347},{"id":280,"type":273,"label":352,"file":141,"line":353,"wp_function":354},{"id":284,"type":268,"label":363,"file":141,"line":364},{"id":288,"type":273,"label":281,"file":141,"line":366,"wp_function":282},{"id":290,"type":268,"label":363,"file":141,"line":364},{"id":293,"type":273,"label":369,"file":141,"line":247,"wp_function":370},{"id":298,"type":268,"label":350,"file":141,"line":372},{"id":300,"type":374,"label":375,"file":141,"line":372},{"id":305,"type":273,"label":369,"file":141,"line":253,"wp_function":370},[398,399,400,401,402,403],{"from":267,"to":272,"sanitized":310},{"from":277,"to":280,"sanitized":310},{"from":284,"to":288,"sanitized":310},{"from":290,"to":293,"sanitized":310},{"from":298,"to":300,"sanitized":310},{"from":300,"to":305,"sanitized":310},{"summary":405,"deductions":406},"The \"tweetpress\" v3.2 plugin presents a mixed security posture. On the positive side, there are no known historical vulnerabilities (CVEs) and the plugin has a seemingly small attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed.  Furthermore, the majority of SQL queries (81%) utilize prepared statements, which is a good security practice.\n\nHowever, significant concerns arise from the static analysis. The presence of `create_function` is a clear red flag, as it can be a vector for arbitrary code execution if not handled with extreme care.  The taint analysis reveals that all 5 analyzed flows have unsanitized paths, with 5 identified as high severity. This strongly suggests that user-supplied data is not being properly validated or sanitized before being used in sensitive operations, potentially leading to various injection vulnerabilities. The lack of any nonce checks or capability checks on the identified entry points (even if there are none listed, the absence of these checks is notable) also implies a lack of protection against common WordPress attacks like Cross-Site Request Forgery (CSRF) and privilege escalation. The extremely low percentage of properly escaped output (9%) is another major concern, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.\n\nIn conclusion, while the plugin boasts a clean vulnerability history and good practices in SQL query preparation, the identified code signals and taint analysis results highlight critical weaknesses. The use of `create_function`, the prevalence of unsanitized tainted data, the lack of nonce\u002Fcapability checks, and the poor output escaping collectively indicate a high-risk plugin that requires immediate attention and remediation to address these potential vulnerabilities.",[407,409,411,413,415,418,420,422],{"reason":408,"points":259},"Dangerous function create_function detected",{"reason":410,"points":259},"High severity unsanitized taint flows (5)",{"reason":412,"points":11},"No nonce checks",{"reason":414,"points":11},"No capability checks",{"reason":416,"points":417},"Very low output escaping (9%)",8,{"reason":419,"points":316},"Unsanitized paths in taint flows (5)",{"reason":421,"points":184},"File operations present (15)",{"reason":423,"points":199},"External HTTP requests present (1)","2026-03-17T00:54:35.786Z",{"wat":426,"direct":432},{"assetPaths":427,"generatorPatterns":429,"scriptPaths":430,"versionParams":431},[428],"\u002Fwp-content\u002Fplugins\u002Ftweetpress\u002Ftweetpress.css",[],[],[],{"cssClasses":433,"htmlComments":435,"htmlAttributes":436,"restEndpoints":453,"jsGlobals":454,"shortcodeOutput":463},[434],"tp-options",[],[437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452],"data-page_id","data-allow_anon","data-thumbs_count","data-configured","data-thumbnail_count","data-twitter_username","data-twitter_password","data-url_shortening_service","data-shortener_login","data-shortener_api_key","data-url_shortening_custom_endpoint","data-custom_css","data-log","data-auth_type","data-use_wp_credentials","data-use_twitter_credentials",[],[455,456,457,458,459,460,461,462],"tp_settings","url_shorteners","AUTH_TYPE_ANON","AUTH_TYPE_TWITTER","AUTH_TYPE_WP","THUMBSIZE","UPLOADDIR","GALLERYPATH",[]]