Tweets As Posts Security & Risk Analysis
wordpress.org/plugins/tweets-as-postsTweets As Posts imports all tweets tagged with specified hashtags from twitter accounts into WordPress as posts.
Is Tweets As Posts Safe to Use in 2026?
Generally Safe
Score 85/100Tweets As Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "tweets-as-posts" v1.1 plugin presents a mixed security posture. On the positive side, it boasts a clean vulnerability history with no recorded CVEs and a generally limited attack surface with no direct AJAX or REST API endpoints exposed without authentication. Furthermore, the absence of file operations, external HTTP requests, and dangerous functions are good indicators of security awareness.
However, significant concerns arise from the static analysis. The most alarming finding is a taint flow with an unsanitized path. This suggests a potential for attackers to inject malicious code or manipulate data that is not properly validated or escaped before being used, which could lead to vulnerabilities like Cross-Site Scripting (XSS) or path traversal. Additionally, the plugin fails to implement any output escaping for its outputs, meaning any data displayed to users is not protected against malicious injection. The lack of nonce and capability checks on its entry points, while limited in number, also represents a potential weakness if any of these were to be exposed or exploited.
In conclusion, while the plugin's history is positive and its direct attack surface appears small, the critical taint flow and complete lack of output escaping represent serious security flaws that require immediate attention. The absence of these fundamental security practices significantly elevates the risk associated with using this plugin.
Key Concerns
- Taint flow with unsanitized path detected
- No output escaping for any outputs
- No nonce checks implemented
- No capability checks implemented
Tweets As Posts Security Vulnerabilities
Tweets As Posts Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Tweets As Posts Attack Surface
WordPress Hooks 2
Scheduled Events 1
Maintenance & Trust
Tweets As Posts Maintenance & Trust
Maintenance Signals
Community Trust
Tweets As Posts Alternatives
Import Tweets as Posts
import-tweets-as-posts
"Import Tweets as Posts" plugin allows to easily import tweets from user's timeline or search query. It has also flexibility to import …
Display Tweets
display-tweets-php
Display Tweets is an easy to use, future proof Twitter feed plugin that uses PHP to make requests to the v1.1 Twitter REST API.
Peadig's Twitter Feed: Embedded Timeline WordPress Plugin
wp-twitter-feed
A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!
Ultimate Twitter Feeds
ultimate-twitter-feeds
Ultimate Twitter Feeds allows you to display customizable Twitter Tweets from any user timeline, any user Twitter List and single Tweet on your websi …
Timeline Twitter Feed
timeline-twitter-feed
Output timeline feeds and multiple hashtags into your WordPress site as flat HTML.
Tweets As Posts Developer Profile
1 plugin · 10 total installs
How We Detect Tweets As Posts
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/tweets-as-posts/tweets-as-posts/style.css?ver=tweets-as-posts/tweets-as-posts-admin.js?ver=HTML / DOM Fingerprints
tap_optionstap_setting<!-- Tweets As Posts --><!-- Tweets As Posts Admin -->data-tap-settingtap_admin_nonce