Twitch TV Embed Suite Security & Risk Analysis
wordpress.org/plugins/twitch-tv-embed-suiteTwitch TV Embed Suite allows easy placement of a twitch tv stream and/or chat anywhere on your WordPress site.
Is Twitch TV Embed Suite Safe to Use in 2026?
Use With Caution
Score 63/100Twitch TV Embed Suite has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The Twitch TV Embed Suite plugin version 2.1.0 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and performing capability checks, several areas raise concerns. The presence of the `create_function` dangerous function is a significant red flag, as it can be exploited for remote code execution if not handled with extreme care and input sanitization. Furthermore, only 20% of output escaping is properly implemented, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the identified unsanitized path flow from the taint analysis. The plugin's vulnerability history includes a medium severity CVE and a pattern of Cross-Site Request Forgery (CSRF) vulnerabilities, suggesting potential weaknesses in handling user-submitted data and state-changing operations. The absence of nonce checks on its entry points is particularly worrying, making it susceptible to CSRF attacks. In conclusion, despite some positive security measures, the identified dangerous function, insufficient output escaping, and a history of CSRF issues necessitate careful consideration and patching.
Key Concerns
- Unpatched CVE
- Dangerous function used (create_function)
- Low percentage of output escaping
- Flow with unsanitized paths
- Vulnerability history with CSRF
- No nonce checks
Twitch TV Embed Suite Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Twitch TV Embed Suite <= 2.1.0 - Cross-Site Request Forgery
Twitch TV Embed Suite Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Twitch TV Embed Suite Attack Surface
Shortcodes 3
WordPress Hooks 8
Maintenance & Trust
Twitch TV Embed Suite Maintenance & Trust
Maintenance Signals
Community Trust
Twitch TV Embed Suite Alternatives
Instant Indexing for Google
fast-indexing-api
A very efficient yet simple plugin to take care of your indexing woos and helps get your content crawled by search bots instantly.
Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades
youtube-embed-plus
A multi-featured plugin to embed YouTube in WordPress. Embed a video, YouTube channel gallery, playlist, or YouTube livestream. Defer JavaScript too!
All-in-One Video Gallery
all-in-one-video-gallery
The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.
WpStream – Live Streaming, Video on Demand, Pay Per View
wpstream
WpStream is a Video Streaming Plugin that lets you broadcast live events and helps you sell tickets or recordings via WooCommerce.
StreamCast – Live Radio Streaming Player
streamcast
StreamCast allows you to play IceCast, Shoutcast, Radionomy, RadioJar, RadioCo and more beautifully inside WordPress.
Twitch TV Embed Suite Developer Profile
4 plugins · 130 total installs
How We Detect Twitch TV Embed Suite
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/twitch-tv-embed-suite/images/preview.jpgtwitch-tv-embed-suite/style.css?ver=twitch-tv-embed-suite/js/scripts.js?ver=HTML / DOM Fingerprints
twitch-welcometwitchembedadvadminopt_butt2id="twitchh1"id="twitch_streamlist"/api/twitch.tv/kraken/channels/[plumwd_twitch_stream][plumwd_twitch_chat][plumwd_twitch_streamlist]