Does TwigPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is TwigPress compatible with WordPress 4.1.42?

According to WordPress.org data, TwigPress 1.1.2 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is TwigPress updated?

TwigPress was last updated on Feb 22, 2015. Frequent updates are generally a positive security signal.

What is TwigPress's security score?

TwigPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TwigPress Security & Risk Analysis

wordpress.org/plugins/twigpress

This plugin provides a simple way for you to use the Twig templating system within WordPress themes.

20 active installs v1.1.2 PHP + WP 4.1+ Updated Feb 22, 2015

templatesthemestwig

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is TwigPress Safe to Use in 2026?

Generally Safe

Score 85/100

TwigPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The static analysis of TwigPress v1.1.2 reveals a generally good security posture with no identified direct attack surface through common WordPress entry points like AJAX handlers, REST API routes, shortcodes, or cron events. The plugin also demonstrates strong practices in its handling of SQL queries, exclusively utilizing prepared statements, and reports no known vulnerabilities (CVEs) or concerning taint flows. However, a significant concern arises from the complete lack of output escaping. With two identified output points and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data rendered by the plugin is vulnerable to injection attacks, which attackers can exploit to hijack user sessions, deface websites, or redirect users to malicious sites. While the plugin's vulnerability history is clean, the current lack of output escaping presents an immediate and serious risk that must be addressed.

Key Concerns

Output escaping is completely missing

Vulnerabilities

None known

TwigPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

TwigPress Release Timeline

v1.1.2Current

v1.1.1

v1.1.0

Code Analysis

Analyzed Mar 16, 2026

TwigPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

TwigPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_noticesclass-twigpress.php:119

actioninitclass-twigpress.php:123

filtertemplate_includeclass-twigpress.php:126

Maintenance & Trust

TwigPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedFeb 22, 2015

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

TwigPress Alternatives

Utimate Kit ( Styler ) for WPForms

styler-for-wpforms

100

Ultimate Kit for WPForms makes the task of designing WPForms an easy one.

20K No CVEs

Timber

timber-library

Helps you create themes faster with sustainable code. With Timber, you write HTML using Twig Templates http://www.upstatement.com/timber/

20K 2 CVEs

Demo Importer Plus

demo-importer-plus

Import the demo content, widgets, customizer settings and theme settings with a single click without any hassle.

10K 5 CVEs

Templateberg – Gutenberg Templates, WordPress Themes Template Kits & WordPress Templates

templateberg

Templateberg offers Gutenberg templates & WordPress theme kits. Import pre-designed layouts & build beautiful sites fast.

7K No CVEs

Export Themes

wp-clone-template

With this plugin you'll be able to export your themes in a .zip file and then install with that .zip file the same theme in other servers using t …

3K No CVEs

Developer Profile

TwigPress Developer Profile

MikeShaw217

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TwigPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twigpress/css/twigpress.css/wp-content/plugins/twigpress/js/twigpress.js

Script Paths

/wp-content/plugins/twigpress/js/twigpress.js

Version Parameters

twigpress/css/twigpress.css?ver=twigpress/js/twigpress.js?ver=

HTML / DOM Fingerprints

JS Globals

TwigPress

FAQ