Tweetr Security & Risk Analysis

wordpress.org/plugins/tweetr

Pulls the last x amount of tweets from your account and displays them in a sidebar widget

10 active installs v1.5 PHP + WP 2.0+ Updated Jan 19, 2010
tweettwitterwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Tweetr Safe to Use in 2026?

Generally Safe

Score 85/100

Tweetr has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago
Risk Assessment

The "tweetr" v1.5 plugin exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) and the static analysis shows no dangerous functions, no raw SQL queries, no external HTTP requests, and no observed taint flows. This suggests that the developers have been diligent in addressing known security issues and have implemented some fundamental security measures like prepared statements. However, significant concerns arise from the complete lack of output escaping for all identified output points. This means that any data displayed by the plugin, if it originates from user input or external sources, is vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks across all entry points means that unauthorized users could potentially trigger actions or access data that they shouldn't, leading to potential privilege escalation or data manipulation. While the plugin has a clean vulnerability history, the current static analysis reveals critical weaknesses in output sanitization and authorization, which could be exploited if an attacker can find a way to inject malicious data or trigger plugin functions without proper authentication. The lack of any detected attack surface in the initial scan might be due to the plugin's limited functionality or the limitations of the static analysis tool itself.

Key Concerns

  • Output not properly escaped
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
Vulnerabilities
None known

Tweetr Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Tweetr Release Timeline

v1.5Current
v1.0
Code Analysis
Analyzed Apr 16, 2026

Tweetr Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped9 total outputs
Attack Surface

Tweetr Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionplugins_loadedtweetr.php:114
Maintenance & Trust

Tweetr Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2
Last updatedJan 19, 2010
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Tweetr Developer Profile

llygoden

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tweetr

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes
name="tweeter-tTitle"name="tweeter-tUser"name="tweeter-tNum"name="tweeter-tInc"id="tweeter-tTitle"id="tweeter-tUser"+2 more
Shortcode Output
<p> <label for="tweeter-tTitle">Widget Title: </label> <input type="text" id="tweeter-tTitle" name="tweeter-tTitle" value="
FAQ

Frequently Asked Questions about Tweetr