Twitchers Security & Risk Analysis

wordpress.org/plugins/twitchers

Twitcher allows people who visit your web site to post wildlife sightings and display them on a Google map. The plug-in only offers a front end google …

10 active installs v2.5 PHP + WP 3.0+ Updated Aug 22, 2013
geolocategeolocationgeotaggeotaggingplace
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Twitchers Safe to Use in 2026?

Generally Safe

Score 85/100

Twitchers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The 'twitchers' plugin v2.5 exhibits a generally positive security posture with no recorded vulnerabilities or critical code signals. The absence of dangerous functions, file operations, and external HTTP requests is a strong indicator of good development practices. The fact that all SQL queries use prepared statements is commendable and mitigates a significant class of vulnerabilities. However, there are notable concerns regarding output escaping, with only 3% of outputs being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if the unescaped data is rendered in the browser without further client-side sanitization. The lack of any nonce checks, combined with the presence of shortcodes as entry points, also represents a potential risk if those shortcodes handle sensitive data or actions without proper authorization verification.

Key Concerns

  • Low percentage of properly escaped output
  • Missing nonce checks on entry points
Vulnerabilities
None known

Twitchers Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Twitchers Release Timeline

v2.5Current
v2.4
v2.3
v2.2
v2.1
v2.0
v1.4
v1.3
v1.2
v1.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

Twitchers Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
37
1 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

3% escaped38 total outputs
Attack Surface

Twitchers Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[twitchermap] class-twitcher.php:336
[twitcher-map] twitcher.php:582
[twitcher-map1] twitcher.php:765
WordPress Hooks 4
actionwp_enqueue_scriptstwitcher.php:50
actionadmin_menutwitcher.php:65
actionadmin_inittwitcher.php:72
actionadmin_inittwitcher.php:203
Maintenance & Trust

Twitchers Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.0
Last updatedAug 22, 2013
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Twitchers Developer Profile

kevin heath

5 plugins · 9K total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Twitchers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/twitchers/twitcher.css/wp-content/plugins/twitchers/js/datePicker.css
Script Paths
/wp-content/plugins/twitchers/js/jquery-ui-1.8.18.custom.min.js/wp-content/plugins/twitchers/js/date.js/wp-content/plugins/twitchers/js/datePicker.js
Version Parameters
twitchers/twitcher.css?twitchers/js/datePicker.css?

HTML / DOM Fingerprints

CSS Classes
tables_containercats_header
Data Attributes
name="twoptions[twlat]"name="twoptions[twlong]"name="twoptions[twzoom]"name="twoptions[twitchers_markers]"name="twoptions[twitchers_poster]"id="users"+5 more
FAQ

Frequently Asked Questions about Twitchers