Does Twitter Goodies Widgets have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Twitter Goodies Widgets compatible with WordPress 3.0.5?

According to WordPress.org data, Twitter Goodies Widgets 1.2 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Twitter Goodies Widgets updated?

Twitter Goodies Widgets was last updated on Jan 2, 2011. Frequent updates are generally a positive security signal.

What is Twitter Goodies Widgets's security score?

Twitter Goodies Widgets has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Twitter Goodies Widgets Security & Risk Analysis

wordpress.org/plugins/twitter-goodies-widgets

Uses the twitter goodies widgets API to create offical twitter widgets (profiles, lists, faves and search) straight from your control panel.

100 active installs v1.2 PHP + WP 2.7+ Updated Jan 2, 2011

listtweettwittertwitter-liststwitter-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Twitter Goodies Widgets Safe to Use in 2026?

Generally Safe

Score 85/100

Twitter Goodies Widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "twitter-goodies-widgets" v1.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query sanitation, utilizing prepared statements exclusively, and shows no history of known vulnerabilities. The attack surface, while present with AJAX handlers and shortcodes, appears limited and all entry points are reported as protected, with the presence of nonce and capability checks further bolstering this. However, critical concerns arise from the analysis of dangerous functions and output escaping. The use of `create_function` is a significant security risk, as it can be exploited to inject and execute arbitrary PHP code. Furthermore, the complete lack of proper output escaping across all identified outputs leaves the plugin highly susceptible to Cross-Site Scripting (XSS) attacks. While the taint analysis found no unsanitized paths, the combination of `create_function` and unescaped output creates a substantial risk of code injection and persistent XSS.

Key Concerns

Use of dangerous function (create_function)
Output not properly escaped

Vulnerabilities

None known

Twitter Goodies Widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Twitter Goodies Widgets Release Timeline

v1.2Current

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Twitter Goodies Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'init', create_function( '', 'global $TwitterGoodiesWidgetsAdmin; $TwitterGoodiesWidgetstwitter-goodies-widgets-admin.php:366

create_functionadd_action( 'widgets_init', create_function( '', 'global $TwitterGoodiesWidgets; $TwitterGoodiesWidgtwitter-goodies-widgets.php:180

Output Escaping

0% escaped48 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

options (twitter-goodies-widgets-admin.php:74)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Twitter Goodies Widgets Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_tgw_ajax_liststwitter-goodies-widgets-admin.php:29

Shortcodes 1

[tgw] twitter-goodies-widgets.php:55

WordPress Hooks 5

actionadmin_menutwitter-goodies-widgets-admin.php:28

actionadmin_inittwitter-goodies-widgets-admin.php:35

actioninittwitter-goodies-widgets-admin.php:366

actionadmin_headtwitter-goodies-widgets-widget.php:10

actionwidgets_inittwitter-goodies-widgets.php:180

Maintenance & Trust

Twitter Goodies Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJan 2, 2011

PHP min version

Downloads30K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Twitter Goodies Widgets Alternatives

Easy Twitter Feed Widget Plugin

easy-twitter-feed-widget

Add twitter feeds on your WordPress site by using the Easy Twitter Feed Widget plugin.

10K No CVEs

Twitter

twitter

Official Twitter and Periscope plugin for WordPress. Embed content and grow your audience. Requires PHP 5.6 or greater.

10K No CVEs

Customize Feeds for Twitter

twitter-tweets

100

Customize Feeds for Twitter plugin for WordPress. You can use this to display real time Twitter feeds on any where on your website by using shortcode …

4K No CVEs

Twiget Twitter Widget

twiget

A widget to display the latest Twitter status updates.

500 No CVEs

Ultimate Twitter Feeds

ultimate-twitter-feeds

100

Display lightweight Twitter feeds. Fetch profiles, lists, or single tweets with customizable sizes and language support.

400 No CVEs

Developer Profile

Twitter Goodies Widgets Developer Profile

Marcus (aka @msykes)

13 plugins · 176K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

1423 days

View full developer profile

Detection Fingerprints

How We Detect Twitter Goodies Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twitter-goodies-widgets/colorpicker/farbtastic.js/wp-content/plugins/twitter-goodies-widgets/colorpicker/farbtastic.css

HTML / DOM Fingerprints

JS Globals

TWTR

Shortcode Output

<script type="text/javascript">new TWTR.Widget().render().start();

FAQ