Does TwitPic have any unpatched vulnerabilities?

No. All known vulnerabilities in TwitPic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TwitPic compatible with WordPress 2.7?

According to WordPress.org data, TwitPic 0.3 has been tested up to WordPress 2.7. Check the plugin's changelog for the latest compatibility information.

How often is TwitPic updated?

TwitPic was last updated on Jun 24, 2010. Frequent updates are generally a positive security signal.

What is TwitPic's security score?

TwitPic has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TwitPic Security & Risk Analysis

wordpress.org/plugins/twitpic

Displays your latest pictures from TwitPic in the sidebar of your blog. The plugin is widget ready and comes with many configuration options!

20 active installs v0.3 PHP + WP 2.0.2+ Updated Jun 24, 2010

tweetstwittwitpicstwitter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TwitPic Safe to Use in 2026?

Generally Safe

Score 85/100

TwitPic has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The Twitpic v0.3 plugin exhibits a generally positive security posture due to the absence of known vulnerabilities and the absence of critical findings in taint analysis. The code also demonstrates good practices by exclusively using prepared statements for SQL queries. However, the plugin is not without its concerns. The static analysis reveals the presence of the `create_function` dangerous function, which can be a vector for code injection if user-supplied input is directly passed to it without proper sanitization. Furthermore, a significant portion of output (69%) is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The lack of any nonce checks or capability checks on potential entry points (though the attack surface is reported as zero) is also a point of concern, as it suggests a reliance on the platform's inherent security which might not be sufficient in all scenarios. While the vulnerability history is clean, the identified code-level weaknesses warrant attention.

Key Concerns

Presence of create_function dangerous function
High percentage of unescaped output (31% properly escaped)
No nonce checks
No capability checks

Vulnerabilities

None known

TwitPic Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

TwitPic Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'plugins_loaded', create_function( '$TwitPic_293ka9', 'global $TwitPic; $TwitPic = new Ttwitpic.php:472

Output Escaping

31% escaped36 total outputs

Attack Surface

TwitPic Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

filterwp_headtwitpic.php:54

filterthe_contenttwitpic.php:56

actionadmin_menutwitpic.php:60

actionwidgets_inittwitpic.php:63

actionplugins_loadedtwitpic.php:472

Maintenance & Trust

TwitPic Maintenance & Trust

Maintenance Signals

WordPress version tested2.7

Last updatedJun 24, 2010

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

TwitPic Alternatives

Customize Feeds for Twitter

twitter-tweets

100

Customize Feeds for Twitter plugin for WordPress. You can use this to display real time Twitter feeds on any where on your website by using shortcode …

4K No CVEs

Slim Jetpack

slimjetpack

Slim version of Jetpack unlinked from WordPress.com :) Supercharge your self-hosted wp site even you're NOT WP.COM users.

2K No CVEs

Display Tweets

display-tweets-php

Display Tweets is an easy to use, future proof Twitter feed plugin that uses PHP to make requests to the v1.1 Twitter REST API.

1K No CVEs

Peadig's Twitter Feed: Embedded Timeline WordPress Plugin

wp-twitter-feed

A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!

600 1 unpatched

Twiget Twitter Widget

twiget

A widget to display the latest Twitter status updates.

500 No CVEs

Developer Profile

TwitPic Developer Profile

grobekelle

3 plugins · 40 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TwitPic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twitpic/

HTML / DOM Fingerprints

HTML Comments

Data Attributes

name="twitpic[title]"name="twitpic[username]"name="twitpic[limit]"name="twitpic[width]"name="twitpic[thumb_width]"name="twitpic[link_images]"+6 more

FAQ