Does BestWebSoft's Twitter have any unpatched vulnerabilities?

No. All known vulnerabilities in BestWebSoft's Twitter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BestWebSoft's Twitter compatible with WordPress 6.8.5?

According to WordPress.org data, BestWebSoft's Twitter 2.66 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is BestWebSoft's Twitter updated?

BestWebSoft's Twitter was last updated on Jun 9, 2025. Frequent updates are generally a positive security signal.

What is BestWebSoft's Twitter's security score?

BestWebSoft's Twitter has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BestWebSoft's Twitter Security & Risk Analysis

wordpress.org/plugins/twitter-plugin

Add Twitter Follow, Tweet, Hashtag, and Mention buttons to WordPress posts and pages.

1K active installs v2.66 PHP + WP 5.6+ Updated Jun 9, 2025

add-social-buttonsadd-twitter-buttonsfollow-buttonshare-buttontwitter-buttons

A · Safe

CVEs total3

Unpatched0

Last CVEApr 12, 2017

Plugin page Download

Safety Verdict

Is BestWebSoft's Twitter Safe to Use in 2026?

Generally Safe

Score 99/100

BestWebSoft's Twitter has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 12, 2017Updated 9mo ago

Risk Assessment

The "twitter-plugin" v2.66 exhibits a mixed security posture. While static analysis reveals good practices like a high percentage of properly escaped output (97%) and a significant number of nonce and capability checks, there are areas of concern. The presence of 4 file operations and 6 external HTTP requests, while not inherently insecure, represent potential attack vectors if not handled with extreme care. The 50% of SQL queries not using prepared statements is a notable weakness, introducing a risk of SQL injection vulnerabilities if input is not strictly sanitized.

The vulnerability history shows 3 medium severity CVEs, all of which are reported as patched. This indicates that past vulnerabilities have been addressed, but the types of common vulnerabilities (XSS and CSRF) suggest a pattern of issues related to input sanitization and state manipulation. The last reported vulnerability was in 2017, which might mean the plugin hasn't been actively maintained or reviewed for newer threat landscapes.

In conclusion, the plugin has strengths in output escaping and authentication checks. However, the use of raw SQL queries and the historical pattern of XSS/CSRF vulnerabilities warrant caution. While no critical or high severity issues were identified in the static analysis and the known vulnerabilities are patched, the potential for SQL injection due to non-prepared statements and the historical vulnerability types suggest that thorough manual review and ongoing monitoring are recommended.

Key Concerns

SQL queries not using prepared statements
Historical medium severity CVEs for XSS and CSRF
Presence of file operations
Presence of external HTTP requests

Vulnerabilities

BestWebSoft's Twitter Security Vulnerabilities

CVEs by Year

1 CVE in 2012

2012

1 CVE in 2014

2014

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2017-18505medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BestWebSoft's Twitter < 2.55 - Cross-Site Scripting

Apr 12, 2017 Patched in 2.55 (2477d)

CVE-2014-125103medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 7, 2014 Patched in 1.3.7 (3456d)

CVE-2012-10015medium · 4.3Cross-Site Request Forgery (CSRF)

BestWebSoft's Twitter <= 2.14 - Cross-Site Request Forgery

Jul 24, 2012 Patched in 2.15 (4200d)

Code Analysis

Analyzed Mar 17, 2026

BestWebSoft's Twitter Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

498 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

97% escaped516 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

bws_add_menu_render (bws_menu\bws_menu.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BestWebSoft's Twitter Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1466

authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433

Shortcodes 2

[follow_me] twitter.php:657

[twitter_buttons] twitter.php:658

WordPress Hooks 23

filterload_textdomain_mofilebws_menu\bws_functions.php:43

filtermce_external_pluginsbws_menu\bws_functions.php:1146

filtermce_buttonsbws_menu\bws_functions.php:1147

actionadmin_initbws_menu\bws_functions.php:1433

actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1434

actionadmin_headbws_menu\bws_functions.php:1435

actionadmin_footerbws_menu\bws_functions.php:1436

actionadmin_noticesbws_menu\bws_functions.php:1438

actionwp_enqueue_scriptsbws_menu\bws_functions.php:1440

actionadmin_menutwitter.php:645

actionplugins_loadedtwitter.php:647

actioninittwitter.php:648

actionadmin_inittwitter.php:650

actionwp_enqueue_scriptstwitter.php:652

actionwp_footertwitter.php:653

filterpgntn_callbacktwitter.php:654

actionadmin_enqueue_scriptstwitter.php:655

filterwidget_texttwitter.php:659

filterthe_contenttwitter.php:660

filterbws_shortcode_button_contenttwitter.php:662

filterplugin_action_linkstwitter.php:664

filterplugin_row_metatwitter.php:665

actionadmin_noticestwitter.php:667

Maintenance & Trust

BestWebSoft's Twitter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 9, 2025

PHP min version

Downloads471K

Community Trust

Rating92/100

Number of ratings16

Active installs1K

Alternatives

BestWebSoft's Twitter Alternatives

AddToAny Share Buttons

add-to-any

Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.

300K 3 CVEs

Social Sharing Plugin – Sassy Social Share

sassy-social-share

The Simplest and Optimized Social Share buttons. Facebook, X, Reddit, Pinterest, Whatsapp, Grok, ChatGPT, Gab, Gettr and over 100 more.

100K 11 CVEs

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

themeisle-companion

Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.

100K 20 CVEs

MaxButtons – Create buttons

maxbuttons

Maxbuttons is the best and easiest button plugin for WordPress. Within minutes you can create beautiful buttons, share buttons and social icons.

80K 13 CVEs

Developer Profile

BestWebSoft's Twitter Developer Profile

bestweblayout

32 plugins · 17K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1944 days

View full developer profile

Detection Fingerprints

How We Detect BestWebSoft's Twitter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twitter-plugin/css/style.css/wp-content/plugins/twitter-plugin/css/twitter-bootstrap.css/wp-content/plugins/twitter-plugin/css/twitter-admin.css/wp-content/plugins/twitter-plugin/js/jquery.cookie.js/wp-content/plugins/twitter-plugin/js/twitter-frontend.js/wp-content/plugins/twitter-plugin/js/twitter-admin.js/wp-content/plugins/twitter-plugin/js/twitter-widget.js/wp-content/plugins/twitter-plugin/js/moment.min.js+9 more

Script Paths

/wp-content/plugins/twitter-plugin/js/jquery.cookie.js/wp-content/plugins/twitter-plugin/js/twitter-frontend.js/wp-content/plugins/twitter-plugin/js/twitter-admin.js/wp-content/plugins/twitter-plugin/js/twitter-widget.js/wp-content/plugins/twitter-plugin/js/moment.min.js/wp-content/plugins/twitter-plugin/js/chart.js+4 more

Version Parameters

twitter-plugin/css/style.css?ver=twitter-plugin/css/twitter-bootstrap.css?ver=twitter-plugin/css/twitter-admin.css?ver=twitter-plugin/js/jquery.cookie.js?ver=twitter-plugin/js/twitter-frontend.js?ver=twitter-plugin/js/twitter-admin.js?ver=twitter-plugin/js/twitter-widget.js?ver=twitter-plugin/js/moment.min.js?ver=twitter-plugin/js/chart.js?ver=twitter-plugin/js/Chart.bundle.js?ver=twitter-plugin/js/Chart.piece.label.js?ver=twitter-plugin/js/bootstrap.min.js?ver=twitter-plugin/bws_menu/js/bws_menu.js?ver=

HTML / DOM Fingerprints

CSS Classes

twttr-follow-buttontwitter-btntwitter-widget-wrappertwitter-frontend-wrappertwitter-admin-wrappertwitter-settings-pagetwttr-share-buttontwttr-hashtag-button+12 more

HTML Comments

+13 more

Data Attributes

data-twitter-plugin-versiondata-twitter-settings-noncedata-twitter-settings-actiondata-twitter-settings-iddata-twitter-share-urldata-twitter-share-text+4 more

JS Globals

twttr_plugin_infotwttr_optionstwttr_shortcode_listtwttr_add_admin_menutwttr_plugins_loadedtwttr_init+10 more

Shortcode Output

[twitter-follow[twitter-tweet[twitter-hashtag[twitter-mention

FAQ