Does FireCask’s Twitter Follow Button have any unpatched vulnerabilities?

No. All known vulnerabilities in FireCask’s Twitter Follow Button have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FireCask’s Twitter Follow Button compatible with WordPress 6.7.5?

According to WordPress.org data, FireCask’s Twitter Follow Button 0.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is FireCask’s Twitter Follow Button updated?

FireCask’s Twitter Follow Button was last updated on Nov 21, 2024. Frequent updates are generally a positive security signal.

What is FireCask’s Twitter Follow Button's security score?

FireCask’s Twitter Follow Button has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FireCask’s Twitter Follow Button Security & Risk Analysis

wordpress.org/plugins/twitter-follow

Quickly adds the Twitter follow button. Can be easily implemented into your page, post or theme template

200 active installs v0.3 PHP + WP 3.0+ Updated Nov 21, 2024

tweetstwittertwitter-buttontwitter-followwidget

A · Safe

CVEs total1

Unpatched0

Last CVENov 22, 2024

Plugin page Download

Safety Verdict

Is FireCask’s Twitter Follow Button Safe to Use in 2026?

Generally Safe

Score 91/100

FireCask’s Twitter Follow Button has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 22, 2024Updated 1yr ago

Risk Assessment

The "twitter-follow" plugin version 0.3 exhibits a generally good security posture concerning its direct code implementation. The static analysis reveals no dangerous functions, all SQL queries are prepared, and all output is properly escaped. There are no file operations or external HTTP requests, which are common sources of vulnerabilities. However, the complete absence of nonce checks and capability checks across all entry points is a significant concern. This means that any functionality exposed, even though it's limited to a single shortcode, is potentially susceptible to unauthorized execution if an attacker can trigger it. The vulnerability history indicates one past medium-severity Cross-Site Scripting (XSS) vulnerability, which, while no longer unpatched, suggests a historical tendency towards input sanitization issues. While the current code appears to have addressed past issues with output escaping, the lack of robust authorization checks on the shortcode leaves a potential opening.

Key Concerns

Missing capability checks on entry points
Missing nonce checks on entry points
Past medium XSS vulnerability history

Vulnerabilities

FireCask’s Twitter Follow Button Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-10116medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter

Nov 22, 2024 Patched in 0.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

FireCask’s Twitter Follow Button Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

FireCask’s Twitter Follow Button Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[twitter-follow] twitter-follow.php:66

WordPress Hooks 1

filterwidget_texttwitter-follow.php:65

Maintenance & Trust

FireCask’s Twitter Follow Button Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 21, 2024

PHP min version

Downloads18K

Community Trust

Rating100/100

Number of ratings2

Active installs200

Alternatives

FireCask’s Twitter Follow Button Alternatives

Customize Feeds for Twitter

twitter-tweets

100

Customize Feeds for Twitter plugin for WordPress. You can use this to display real time Twitter feeds on any where on your website by using shortcode …

4K No CVEs

Twiget Twitter Widget

twiget

A widget to display the latest Twitter status updates.

500 No CVEs

Ultimate Twitter Feeds

ultimate-twitter-feeds

Ultimate Twitter Feeds allows you to display customizable Twitter Tweets from any user timeline, any user Twitter List and single Tweet on your websi …

400 No CVEs

My Twitter Timelines

my-twitter-timelines

My Twitter Timelines is an all-in-one Twitter widget. With this widget, you can display the following: Twitter user timelines, User favorites, Search …

100 No CVEs

Ultimate twitter profile widget

ultimate-twitter-profile-widget

Ultimate twitter profile widget. Plugin shows your tweets on Page/Post/Widget area.

90 1 unpatched

Developer Profile

FireCask’s Twitter Follow Button Developer Profile

Alex Moss

11 plugins · 4K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

249 days

View full developer profile

Detection Fingerprints

How We Detect FireCask’s Twitter Follow Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twitter-follow/twitter-follow.php

HTML / DOM Fingerprints

CSS Classes

twitter-follow-button

HTML Comments

WordPress Follow Button Shortcode for WordPress: https://firecask.com/services/development/wordpress/

Data Attributes

data-buttondata-text-colordata-link-colordata-show-countdata-lang

Shortcode Output

<a href="https://twitter.com/" class="twitter-follow-button" rel="external nofollow">Follow @

FAQ