WP-Safety

Twitter Image Host Security & Risk Analysis

wordpress.org/plugins/twitter-image-host

Host Twitter images from your blog and keep your traffic, rather than using a service like Twitpic and losing your viewers.

10 active installs v0.6.1 PHP + WP 3.0+ Updated Aug 7, 2011
hostingimagestwitter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Twitter Image Host Safe to Use in 2026?

Generally Safe

Score 85/100

Twitter Image Host has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The twitter-image-host v0.6.1 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerabilities, several concerning aspects were identified during static analysis. A significant weakness lies in its output escaping, with 0% of outputs being properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is ever displayed without sanitization. Furthermore, the use of the deprecated and dangerous `create_function` function three times introduces a significant risk, as this function can be exploited to execute arbitrary PHP code. The taint analysis, though limited in scope, found three flows with unsanitized paths, indicating a potential for input manipulation, although these were not classified as critical or high severity. The plugin has a limited attack surface with only one entry point (a shortcode), and importantly, no unprotected AJAX or REST API endpoints were found.

Key Concerns

  • No proper output escaping found
  • Use of dangerous function: create_function
  • Unsanitized paths in taint flows
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
None known

Twitter Image Host Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Twitter Image Host Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
80
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
17
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionif ( !$name || !file_exists(IMAGE_HOST_FOLDER) || !($result=array_filter((array)glob(IMAGE_HOST_FOLDtwitter-image-host.php:567
create_functionusort($files, create_function('$a, $b', 'return filemtime(IMAGE_HOST_FOLDER."/$a") < filemtime(IMAGEtwitter-image-host.php:604
create_functionusort($array, create_function('$a, $b', 'return strtotime($a->post_date) < strtotime($b->post_date);twitter-image-host.php:768

Output Escaping

0% escaped80 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
twitter_image_host_server (twitter-image-host.php:224)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Twitter Image Host Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[twitter-images] twitter-image-host.php:1289
WordPress Hooks 11
actioninittwitter-image-host.php:1275
actionplugins_loadedtwitter-image-host.php:1277
actiontemplate_redirecttwitter-image-host.php:1278
actionadmin_menutwitter-image-host.php:1279
actionadmin_inittwitter-image-host.php:1280
filterthe_poststwitter-image-host.php:1282
filterpage_linktwitter-image-host.php:1283
filterpost_linktwitter-image-host.php:1284
filteredit_post_linktwitter-image-host.php:1285
filterauthor_linktwitter-image-host.php:1286
filterthe_authortwitter-image-host.php:1287
Maintenance & Trust

Twitter Image Host Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedAug 7, 2011
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Twitter Image Host Alternatives

MightyShare – Auto-Generated Social Media Images

MightyShare – Auto-Generated Social Media Images

mightyshare

A
100

Automatically generate social share preview images with MightyShare!

200 No CVEs
Advanced Twitter Widget

Advanced Twitter Widget

advanced-twitter-widget

A
85

Widget that will enable visitors to give you/the site a virtual beer by clicking on the widget.

10 No CVEs
TweetPress

TweetPress

tweetpress

A
85

Use your Wordpress blog to host the photos you post to Twitter!

10 No CVEs
Twitter2Press

Twitter2Press

twitter2press

A
85

Use your Wordpress blog to host the photos you post to Twitter!

10 No CVEs
Simple Social Images

Simple Social Images

simple-social-images

A
85

Automatically generate beautiful and branded social sharing images for posts.

0 No CVEs
Developer Profile

Twitter Image Host Developer Profile

michaeltyson

3 plugins · 160 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Twitter Image Host

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
twitter_image
REST Endpoints
/twitter-image-host/
FAQ

Frequently Asked Questions about Twitter Image Host