Does Twitter have any unpatched vulnerabilities?

No. All known vulnerabilities in Twitter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Twitter compatible with WordPress 5.2.24?

According to WordPress.org data, Twitter 2.0.5 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Twitter updated?

Twitter was last updated on Jul 24, 2019. Frequent updates are generally a positive security signal.

What is Twitter's security score?

Twitter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Twitter Security & Risk Analysis

wordpress.org/plugins/twitter

Official Twitter and Periscope plugin for WordPress. Embed content and grow your audience. Requires PHP 5.6 or greater.

10K active installs v2.0.5 PHP + WP 4.7+ Updated Jul 24, 2019

embedded-timelineembedded-tweettwittertwitter-listtwitter-profile

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Twitter Safe to Use in 2026?

Generally Safe

Score 85/100

Twitter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "twitter" plugin v2.0.5 exhibits a generally strong security posture based on the provided static analysis. The absence of any entry points like AJAX handlers, REST API routes, shortcodes, or cron events, and particularly the lack of unprotected ones, significantly limits the plugin's attack surface. The code also demonstrates good practices by using prepared statements for all SQL queries and implementing nonce and capability checks. The high percentage of properly escaped output further reduces the risk of common cross-site scripting vulnerabilities.

However, a potential area of concern is the external HTTP request. While not inherently vulnerable, such requests can be a vector for man-in-the-middle attacks or data leakage if not handled with extreme care and proper validation of responses. The fact that taint analysis revealed no flows suggests that if such flows existed, they were likely sanitized, which is a positive sign. The complete lack of any recorded vulnerabilities, past or present, is also a strong indicator of a well-maintained and secure plugin.

Overall, the plugin appears to be secure due to its minimal attack surface and good coding practices. The main area for potential scrutiny would be the implementation and handling of the single external HTTP request, although without further details or identified issues, it remains a low-risk observation.

Key Concerns

Single external HTTP request without specific context

Vulnerabilities

None known

Twitter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Twitter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

356 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped427 total outputs

Attack Surface

Twitter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 50

actionadmin_noticescompatibility-notice.php:127

actionsave_postsrc\Twitter\WordPress\Admin\Post\MetaBox.php:57

actionadd_meta_boxessrc\Twitter\WordPress\Admin\Post\MetaBox.php:69

actionadmin_enqueue_scriptssrc\Twitter\WordPress\Admin\Post\MetaBox.php:70

actionwpsrc\Twitter\WordPress\Admin\Post\MetaBox.php:74

filteruser_contactmethodssrc\Twitter\WordPress\Admin\Profile\PeriscopeUser.php:50

filteruser_periscope_labelsrc\Twitter\WordPress\Admin\Profile\PeriscopeUser.php:52

filtersanitize_user_meta_periscopesrc\Twitter\WordPress\Admin\Profile\PeriscopeUser.php:54

filteruser_contactmethodssrc\Twitter\WordPress\Admin\Profile\User.php:50

filteruser_twitter_labelsrc\Twitter\WordPress\Admin\Profile\User.php:52

filtersanitize_user_meta_twittersrc\Twitter\WordPress\Admin\Profile\User.php:54

actionadmin_menusrc\Twitter\WordPress\Admin\Settings\Loader.php:44

filterplugin_action_linkssrc\Twitter\WordPress\Admin\Settings\Loader.php:45

filterjetpack_disable_twitter_cardssrc\Twitter\WordPress\Cards\Compatibility.php:46

actionwp_headsrc\Twitter\WordPress\JavaScriptLoaders\AsyncJavaScript.php:53

filterwp_resource_hintssrc\Twitter\WordPress\JavaScriptLoaders\AsyncJavaScript.php:56

filterscript_loader_srcsrc\Twitter\WordPress\JavaScriptLoaders\AsyncJavaScript.php:119

actioninitsrc\Twitter\WordPress\PluginLoader.php:67

actionplugins_loadedsrc\Twitter\WordPress\PluginLoader.php:70

actionwidgets_initsrc\Twitter\WordPress\PluginLoader.php:73

actionwp_enqueue_scriptssrc\Twitter\WordPress\PluginLoader.php:76

actioninitsrc\Twitter\WordPress\PluginLoader.php:80

actioninitsrc\Twitter\WordPress\PluginLoader.php:83

actionwp_headsrc\Twitter\WordPress\PluginLoader.php:84

actionwp_enqueue_scriptssrc\Twitter\WordPress\PluginLoader.php:192

actionwp_headsrc\Twitter\WordPress\PluginLoader.php:195

actionwp_enqueue_scriptssrc\Twitter\WordPress\PluginLoader.php:222

actionwp_headsrc\Twitter\WordPress\PluginLoader.php:225

actionadmin_initsrc\Twitter\WordPress\PluginLoader.php:239

actionadmin_initsrc\Twitter\WordPress\PluginLoader.php:240

actionadmin_initsrc\Twitter\WordPress\PluginLoader.php:251

filterthe_contentsrc\Twitter\WordPress\PluginLoader.php:297

actionplugins_loadedsrc\Twitter\WordPress\PluginLoader.php:334

actionplugins_loadedsrc\Twitter\WordPress\PluginLoader.php:357

actionwp_headsrc\Twitter\WordPress\PluginLoader.php:379

actionwp_headsrc\Twitter\WordPress\PluginLoader.php:388

actionwp_headsrc\Twitter\WordPress\PluginLoader.php:397

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Advertising\Tracking.php:76

actionwp_footersrc\Twitter\WordPress\Shortcodes\Advertising\Tracking.php:202

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Buttons\Follow.php:79

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Buttons\Periscope\OnAir.php:92

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Buttons\Share.php:75

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Embeds\Timeline\CollectionGrid.php:106

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Embeds\Timeline\Search.php:91

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Embeds\Timeline.php:96

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Embeds\Tweet\Video.php:87

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Embeds\Tweet.php:165

actionregister_shortcode_uisrc\Twitter\WordPress\Shortcodes\Embeds\Vine.php:135

actionadmin_inittwitter.php:59

actionplugins_loadedtwitter.php:69

Maintenance & Trust

Twitter Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJul 24, 2019

PHP min version

Downloads706K

Community Trust

Rating50/100

Number of ratings32

Active installs10K

Alternatives

Twitter Alternatives

cbnet Twitter Widget

cbnet-twitter-widget

Widget to add the Twitter Tools Profile, List, Faves, and Search Widgets, with all configurable options.

80 No CVEs

AH Twitter Timeline Widget

evolution-twitter-timeline

Creates a new and simple to use widget that outputs the new awesome Twitter Embedded Timeline from your Twitter account. Looks nice in Sidebar and Foo …

100 No CVEs

Twitter Goodies Widgets

twitter-goodies-widgets

Uses the twitter goodies widgets API to create offical twitter widgets (profiles, lists, faves and search) straight from your control panel.

100 No CVEs

Modern Media Tweet Shortcode

modern-media-tweet-shortcode

Adds 'tweet' shortcode for embedding tweets using Twitter's shortcode format.

10 No CVEs

Stylish Twitter Profile Box

stylish-twitter-profile-box

Adds a stylish and responsive twitter profile box .

10 No CVEs

Developer Profile

Twitter Developer Profile

Twitter

1 plugin · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Twitter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twitter/static/css/admin/post/edit.min.css

Version Parameters

twitter/static/css/admin/post/edit.min.css?ver=

HTML / DOM Fingerprints

Data Attributes

name="twitter_custom"

FAQ