Twitch Status Security & Risk Analysis
wordpress.org/plugins/twitch-statusInserts Twitch.tv stream player and chatbox in your posts, stream widget and online status tags in your menus. Supports multiple channels.
Is Twitch Status Safe to Use in 2026?
Generally Safe
Score 85/100Twitch Status has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The twitch-status plugin version 1.5.1 presents a mixed security posture. On the positive side, it shows no recorded historical vulnerabilities, utilizes prepared statements for all SQL queries, and has no critical or high severity taint analysis findings. This suggests a generally careful approach to core security practices.
However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct attack vector for unauthenticated users. Additionally, a very low percentage of output is properly escaped, indicating a high risk of cross-site scripting (XSS) vulnerabilities. The lack of any nonce checks on AJAX handlers further exacerbates this risk, allowing for potential Cross-Site Request Forgery (CSRF) attacks. The limited vulnerability history, while positive, doesn't fully mitigate the immediate risks identified in the code analysis.
In conclusion, while the absence of past critical vulnerabilities and proper SQL handling is commendable, the substantial number of unprotected entry points and severely lacking output escaping practices make this plugin a notable security risk. The potential for XSS and CSRF attacks via the unprotected AJAX endpoints is a primary concern that needs immediate attention.
Key Concerns
- Unprotected AJAX handlers
- Low output escaping percentage
- Missing nonce checks on AJAX
- No capability checks
Twitch Status Security Vulnerabilities
Twitch Status Code Analysis
Bundled Libraries
Output Escaping
Twitch Status Attack Surface
AJAX Handlers 2
Shortcodes 3
WordPress Hooks 11
Scheduled Events 1
Maintenance & Trust
Twitch Status Maintenance & Trust
Maintenance Signals
Community Trust
Twitch Status Alternatives
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
instagram-feed
Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.
Widget Logic
widget-logic
Widget Logic lets you control on which pages widgets appear using WP's conditional tags.
Social Feed Gallery
insta-gallery
Formerly known as "Instagram Feed", this is the best plugin for displaying Instagram feeds on WordPress. It also supports Instagram reels.
WPZOOM Social Feed Widget & Block
instagram-widget-by-wpzoom
Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor
Spotlight Social Feeds – Block, Shortcode, and Widget
spotlight-social-photo-feeds
Instagram feeds made easy. Responsive, customizable, accessible, and SEO-friendly out of the box. Includes Instagram blocks & oEmbed support.
Twitch Status Developer Profile
2 plugins · 270 total installs
How We Detect Twitch Status
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/twitch-status/font/fontello/css/animation.css/wp-content/plugins/twitch-status/font/fontello/css/fontello.css/wp-content/plugins/twitch-status/css/twitch-status.css/wp-content/plugins/twitch-status/js/twitch-status.js/wp-content/plugins/twitch-status/js/twitch-status-admin.js/wp-content/plugins/twitch-status/js/twitch-status.js/wp-content/plugins/twitch-status/js/twitch-status-admin.jstwitch-status/css/twitch-status.css?ver=twitch-status/font/fontello/css/fontello.css?ver=twitch-status/font/fontello/css/animation.css?ver=twitch-status/js/twitch-status.js?ver=twitch-status/js/twitch-status-admin.js?ver=HTML / DOM Fingerprints
twitch-status-channelsdata-plugin-urltwitchStatus