Does TweetRoll have any unpatched vulnerabilities?

No. All known vulnerabilities in TweetRoll have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TweetRoll compatible with WordPress 2.8.6?

According to WordPress.org data, TweetRoll 1.6 has been tested up to WordPress 2.8.6. Check the plugin's changelog for the latest compatibility information.

How often is TweetRoll updated?

TweetRoll was last updated on Dec 15, 2009. Frequent updates are generally a positive security signal.

What is TweetRoll's security score?

TweetRoll has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TweetRoll Security & Risk Analysis

wordpress.org/plugins/tweetroll

TweetRoll displays your Twitter details and the avatars of some of your friends, together with the ability to monitise your Twitter stream.

10 active installs v1.6 PHP + WP 2.0+ Updated Dec 15, 2009

mybloglogsocial-mediatwittertwitter-badgetwitter-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TweetRoll Safe to Use in 2026?

Generally Safe

Score 85/100

TweetRoll has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

Based on the static analysis and vulnerability history, the "tweetroll" v1.6 plugin exhibits a generally strong security posture in some areas but raises significant concerns in others. The plugin demonstrates a lack of readily identifiable entry points for attackers, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed without proper checks. Furthermore, the absence of dangerous functions and file operations suggests a cautious approach to code execution. However, a critical weakness is the complete lack of output escaping. This means that any data processed or displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks if not properly handled by the WordPress core or theme. The vulnerability history is also notably clean, with no recorded CVEs. This suggests either a well-maintained codebase or a lack of active vulnerability discovery, which can be a double-edged sword. The absence of any taint analysis results is also noteworthy, suggesting that either the analysis tools did not find any relevant flows or the plugin's code structure is simple enough to avoid complex data propagation.

Key Concerns

0% properly escaped output
0 Nonce checks on entry points
0 Capability checks on entry points

Vulnerabilities

None known

TweetRoll Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TweetRoll Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped5 total outputs

Attack Surface

TweetRoll Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionplugins_loadedtweetroll.php:69

Maintenance & Trust

TweetRoll Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.6

Last updatedDec 15, 2009

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

TweetRoll Alternatives

Feeder Ninja: Create and add RSS & Social feeds to your website on-the-fly

feeder-ninja-feed

The best tool for adding RSS & Social media feeds to your Wordpress website. Powered by Common Ninja.

50 No CVEs

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

custom-twitter-feeds

Display X posts (Twitter tweets) from any public user account in a clean, attractive looking feed that updates weekly.

100K 7 CVEs

Open Graph and Twitter Card Tags

wonderm00ns-simple-facebook-open-graph-tags

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K 2 CVEs

Social Media Widget

social-media-widget

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs

Easy Twitter Feed Widget Plugin

easy-twitter-feed-widget

Add twitter feeds on your WordPress site by using the Easy Twitter Feed Widget plugin.

10K No CVEs

Developer Profile

TweetRoll Developer Profile

owencutajar

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TweetRoll

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

http://tweetburn.com/TweetRoll.php

HTML / DOM Fingerprints

HTML Comments

Arguments:
     $username - Your username     
Updates:
   16th January  2009  - Improved CSS to prevent potential conflicts with some templates
    1st February 2009  - Introduced customisation
   16th February 2009  - Caption customisation    
   15th December 2009  - Sponsored Tweets integration

Data Attributes

tweetroll-submittweetroll-titletweetroll-username

Shortcode Output

<div align="center"><script type="text/javascript" src="http://tweetburn.com/TweetRoll.php?username=

FAQ