Twittada Security & Risk Analysis

wordpress.org/plugins/twittada

O plugin twiitada serve para exibir seus posts do twitter no seu blog.

10 active installs v1.0 PHP + WP 2.5+ Updated Mar 19, 2009
microblogginngtwitterwidget-twitter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Twittada Safe to Use in 2026?

Generally Safe

Score 85/100

Twittada has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago
Risk Assessment

The Twittada v1.0 plugin exhibits a concerning security posture due to significant gaps in output escaping, despite a lack of publicly disclosed vulnerabilities or a substantial attack surface in the analyzed metrics. While the absence of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for SQL queries are positive indicators, the fact that 100% of the 14 identified output points are not properly escaped presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the presence of taint flows with unsanitized paths, even without a critical or high severity rating, warrants attention as these can be precursors to more severe issues. The plugin's vulnerability history being entirely clean is a strength, suggesting it might not have been actively targeted or that previous versions did not contain exploitable flaws. However, the current static analysis findings, particularly the complete lack of output escaping, suggest a potential for undiscovered vulnerabilities. Therefore, while the plugin benefits from a clean history and some good coding practices, the unescaped output is a critical weakness that needs immediate remediation to improve its overall security.

Key Concerns

  • All output is unescaped
  • Taint flows with unsanitized paths found
Vulnerabilities
None known

Twittada Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Twittada Release Timeline

v1.0Current
Code Analysis
Analyzed Apr 16, 2026

Twittada Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped14 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
Twittada_menu (twittada.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Twittada Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionwp_headtwittada.php:265
actionadmin_menutwittada.php:266
actionplugins_loadedtwittada.php:267
Maintenance & Trust

Twittada Maintenance & Trust

Maintenance Signals

WordPress version tested2.7
Last updatedMar 19, 2009
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Twittada Developer Profile

Leo Baiano

9 plugins · 860 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Twittada

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/twittada/leia-me.txt

HTML / DOM Fingerprints

CSS Classes
twittada_geraltwittada_topotwittada_textotwittada_des
HTML Comments
<!-- Folha de Estilo do Plugin Twittada --><!-- FIM -->
Data Attributes
name="TwittadaLargura"name="TwittadaCor"name="TwittadaBorda"name="TwittadaUser"name="TwittadaViews"name="css_update"+1 more
Shortcode Output
<p><strong>Atualizado com sucesso!</strong></p>
FAQ

Frequently Asked Questions about Twittada