[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwD57-WgVr0JLX01ZVx5K962_naP3UfUehm5zzOS6bwc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":129,"fingerprints":285},"twitter2press","Twitter2Press","1.0.5","mathieulesniak","https:\u002F\u002Fprofiles.wordpress.org\u002Fmathieulesniak\u002F","\u003Cp>Have you ever noticed that the pictures you send along with your tweets ends on public images hosting services ? These hosting services put ads around your content, and can make traffic (and money) with YOUR pictures.\u003Cbr \u002F>\nTwitter2Press is a little plugin that’ll transform your WordPress in a image hosting service. So, your images will still be your property, and the generated traffic will be yours.\u003C\u002Fp>\n\u003Cp>This plugin will communicate with the wonderful Twitter client for iPhone Tweetie, very easily.\u003Cbr \u002F>\nOnce your picture has been uploaded, the plugin will grab the content of the associated tweet when it’s available.\u003C\u002Fp>\n\u003Cp>And, one more thing : Twitter2Press is free !\u003C\u002Fp>\n","Use your Wordpress blog to host the photos you post to Twitter!",10,3705,0,"2009-10-21T09:28:00.000Z","2.8.5","2.3","",[19,20,21,22],"image-hosting","tweet","twitpic","twitter","http:\u002F\u002Fprojets.lesniak.fr\u002Ftwitter2press","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter2press.1.0.5.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T17:24:51.261Z",[35,48,66,87,105],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":10,"active_installs":11,"downloaded":42,"rating":13,"num_ratings":13,"last_updated":43,"tested_up_to":44,"requires_at_least":16,"requires_php":17,"tags":45,"homepage":46,"download_link":47,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"tweetpress","TweetPress","3.2","brandontreb","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandontreb\u002F","\u003Cp>TweetPress is the WordPress Plug-In that gives you total control and ownership of the photos you post to Twitter, sending traffic back to your own blog, instead of a third party site.\u003C\u002Fp>\n\u003Cp>Currently, when posting photos to Twitter, you must first post them to a 3rd party service (such as Twitpic) and then post that URL to Twitter.  Not only do you lose control over YOUR image gallery, but you are also sending Twitpic a significant amount of traffic that could be sent to your own website.\u003C\u002Fp>\n\u003Cp>Just install the plugin, and start posting photos with your favorite Twitter client (that supports TweetPress).\u003C\u002Fp>\n\u003Cp>The current Twitter clients that support Tweetpress are Twittelator Pro and Twitter for iPhone\u003C\u002Fp>\n",10037,"2011-02-16T22:28:00.000Z","3.1.4",[19,20,21,22],"http:\u002F\u002Fbrandontreb.com\u002Ftweetpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftweetpress.3.2.zip",{"slug":21,"name":49,"version":50,"author":51,"author_profile":52,"description":53,"short_description":54,"active_installs":55,"downloaded":56,"rating":13,"num_ratings":13,"last_updated":57,"tested_up_to":58,"requires_at_least":59,"requires_php":17,"tags":60,"homepage":64,"download_link":65,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"TwitPic","0.3","grobekelle","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrobekelle\u002F","\u003Cp>Displays your latest pictures from TwitPic in the sidebar of your blog. The plugin is widget ready and comes with many configuration options! Because every theme brings their very own style, TwitPic has very little preset css. Please see the css file \u003Ccode>twitpic.css\u003C\u002Fcode> to set collors, borders etc.\u003C\u002Fp>\n\u003Cp>Check out more \u003Ca href=\"http:\u002F\u002Fwww.grobekelle.de\u002Fwordpress-plugins\" title=\"Wordpress Plugins\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.grobekelle.de\" title=\"Lustige Videos\" rel=\"nofollow ugc\">Lustige Videos\u003C\u002Fa> brought to you by Grobekelle.\u003C\u002Fp>\n","Displays your latest pictures from TwitPic in the sidebar of your blog. The plugin is widget ready and comes with many configuration options!",20,8255,"2010-06-24T18:59:00.000Z","2.7","2.0.2",[61,62,63,22],"tweets","twit","twitpics","http:\u002F\u002Fwww.grobekelle.de\u002Fwordpress-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitpic.zip",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":76,"num_ratings":77,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":17,"tags":81,"homepage":85,"download_link":86,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"easy-twitter-feed-widget","Easy Twitter Feed Widget Plugin","0.9","DesignOrbital","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignorbital\u002F","\u003Cp>Easy Twitter Feed Widget plugin uses the \u003Ccode>Twitter Widget\u003C\u002Fcode> without creating an API to display tweets on your WordPress site. There is no need to create Twitter application. Easy Twitter Feed Widget Plugin provides a nice interface to implement your tweets in an easy way.\u003C\u002Fp>\n\u003Cp>If you are planning to display twitter timeline on your blog’s sidebar without bells and whistles than our plugin can be your ideal choice.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy Twitter Feed Widget Plugin is very easy to setup and use.\u003C\u002Fli>\n\u003Cli>You can blend your tweets professionally with the layout of any WordPress theme.\u003C\u002Fli>\n\u003Cli>Make it your own by customizing the link color, border color, background choice and other useful options.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Useful Stuff\u003C\u002Fh4>\n\u003Cp>Easy Twitter Feed Widget plugin is developed by DesignOrbital. You may be interested to use our \u003Ca href=\"https:\u002F\u002Fdesignorbital.com\u002F\" rel=\"nofollow ugc\">Premium WordPress Themes\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fdesignorbital.com\u002Ffree-wordpress-themes\u002F\" rel=\"nofollow ugc\">Free WordPress Themes\u003C\u002Fa> to run your website under the clean and SEO optimized code.\u003C\u002Fp>\n","Add twitter feeds on your WordPress site by using the Easy Twitter Feed Widget plugin.",10000,503422,74,55,"2017-12-20T18:46:00.000Z","4.9.29","4.7",[82,20,22,83,84],"feed","twitter-feed","twitter-widget","https:\u002F\u002Fdesignorbital.com\u002Feasy-twitter-feed-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-twitter-feed-widget.0.9.zip",{"slug":22,"name":88,"version":89,"author":88,"author_profile":90,"description":91,"short_description":92,"active_installs":74,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":80,"requires_php":17,"tags":98,"homepage":103,"download_link":104,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"Twitter","2.0.5","https:\u002F\u002Fprofiles.wordpress.org\u002Ftwitter\u002F","\u003Cp>Embed Twitter content, improve sharing on Twitter, convert your web audience into Twitter or Periscope subscribers, and easily track visits to your website from Twitter advertising.\u003C\u002Fp>\n\u003Cp>Requires PHP version 5.6 or greater.\u003C\u002Fp>\n\u003Ch4>Embed Twitter content\u003C\u002Fh4>\n\u003Cp>Embed Twitter content by pasting a URL, customizing a shortcode, or in a widget area.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-Tweet\" title=\"single Tweet embed\" rel=\"nofollow ugc\">single Tweet\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-Profile-Timeline\" title=\"Twitter embedded profile timeline\" rel=\"nofollow ugc\">profile timeline\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-List-Timeline\" title=\"Twitter embedded list timeline\" rel=\"nofollow ugc\">list timeline\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FEmbedded-Collection-Timeline\" title=\"Twitter embedded collection\" rel=\"nofollow ugc\">collection\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FMoments\" title=\"Twitter embedded Moment\" rel=\"nofollow ugc\">Moment\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Customize embed display to match your theme. Choose a light or dark background, customize link and border colors, and customize timeline template components through your site’s WordPress administrative interface.\u003C\u002Fp>\n\u003Cp>The plugin automatically customizes an embed’s template text to match the locale of your site, optimally loads Twitter’s JavaScript to improve site speed and extensibility, and handles advanced use cases such as articles loaded asynchronously via the WordPress API.\u003C\u002Fp>\n\u003Ch4>Grow your Twitter audience\u003C\u002Fh4>\n\u003Cp>Automatically generate link previews for your site’s URLs shared on Twitter using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FCards\" rel=\"nofollow ugc\">Twitter Cards markup\u003C\u002Fa> . Easily identify your site and author Twitter accounts through your site and user administrative interfaces.\u003C\u002Fp>\n\u003Cp>Add a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FTweet-Button\" rel=\"nofollow ugc\">Tweet button\u003C\u002Fa> to public posts to encourage your visitors to share your content on Twitter. Visitors may see recommended accounts to follow after sharing your content including your site and its authors.\u003C\u002Fp>\n\u003Cp>Add a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FFollow-Button\" rel=\"nofollow ugc\">Follow button\u003C\u002Fa> to convert your site visitors into Twitter subscribers.\u003C\u002Fp>\n\u003Cp>Add a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\u002FPeriscope-On-Air-Button\" rel=\"nofollow ugc\">Periscope On Air button\u003C\u002Fa> to convert your site visitors into Periscope subscribers.\u003C\u002Fp>\n\u003Ch4>Improve Twitter advertising campaigns\u003C\u002Fh4>\n\u003Cp>Easily add a Twitter website tag to your website to track the effectiveness and \u003Ca href=\"https:\u002F\u002Fbusiness.twitter.com\u002Fen\u002Fhelp\u002Fcampaign-measurement-and-analytics\u002Fconversion-tracking-for-websites.html\" rel=\"nofollow ugc\">conversion rates\u003C\u002Fa> of Twitter advertising campaigns or \u003Ca href=\"https:\u002F\u002Fbusiness.twitter.com\u002Fen\u002Ftargeting\u002Ftailored-audiences.html\" rel=\"nofollow ugc\">build tailored audiences\u003C\u002Fa> to target your Twitter advertisements for your website audience.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Docs and active development\u003C\u002Fstrong>\u003Cbr \u002F>\n  Contribute to the plugin, submit pull requests, or run test suites through the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\" rel=\"nofollow ugc\">Twitter plugin for WordPress GitHub repository\u003C\u002Fa>.\u003Cbr \u002F>\n  View \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwitter\u002Fwordpress\u002Fwiki\" rel=\"nofollow ugc\">Twitter for WordPress documentation\u003C\u002Fa> to learn more about customization through WordPress filters.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Official Twitter and Periscope plugin for WordPress. Embed content and grow your audience. Requires PHP 5.6 or greater.",705891,50,32,"2019-07-24T22:59:00.000Z","5.2.24",[99,100,22,101,102],"embedded-timeline","embedded-tweet","twitter-list","twitter-profile","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwitter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":17,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":27},"autoshare-for-twitter","Autopost for X (formerly Autoshare for Twitter)","2.3.3","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Autopost for X (formerly Autoshare for Twitter) automatically shares your posts to X\u002FTwitter as soon as they’re published.  Once you hit the Publish button, the plugin sends your post’s title, featured image, and link to X\u002FTwitter, along with a custom message.\u003C\u002Fp>\n\u003Cp>Unlike a myriad of other social media, multitool solutions, Autopost for X is built solely for X\u002FTwitter.  It focuses on doing one thing and does it well, with the code and interface craftsmanship we apply to every project.\u003C\u002Fp>\n\u003Cp>With Autopost for X, developers can further customize nearly everything about the posts, including the image, author, and link, using an extensive set of hooks built into the code. Among its other features, the WordPress plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works in both the classic and new block editors.\u003C\u002Fli>\n\u003Cli>Becomes part of the pre-publish checklist step that’s part of the new block editor.\u003C\u002Fli>\n\u003Cli>Posts a high-quality featured image with your post to X\u002FTwitter.\u003C\u002Fli>\n\u003Cli>Counts characters to keep you under the X\u002FTwitter limit.\u003C\u002Fli>\n\u003Cli>Adds a link to the post to X\u002FTwitter in the block editor sidebar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Disclaimer:\u003C\u002Fstrong> \u003Cem>TWITTER, TWEET, RETWEET and the Twitter logo are trademarks of Twitter, Inc. or its affiliates.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Plugin Compatibility\u003C\u002Fh3>\n\u003Ch4>Distributor\u003C\u002Fh4>\n\u003Cp>When using with 10up’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F10up\u002Fdistributor\" rel=\"nofollow ugc\">Distributor plugin\u003C\u002Fa>, posts that are distributed will not be autoposted if they are already posted to X\u002FTwitter from the origin site. Autopost for X tracks posts that have been posted to X\u002FTwitter in post meta to avoid “double posting”. To avoid this behavior, use the \u003Ccode>dt_blacklisted_meta\u003C\u002Fcode> filter to exclude the ‘autoshare_for_twitter_status’ meta value from being distributed :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'dt_blacklisted_meta', function( $blacklisted_metas ) {\n    $blacklisted_metas[] = 'autoshare_for_twitter_status';\n    return $blacklisted_metas;\n} )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Developers\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Posts and pages are supported by default. Developers can use the \u003Ccode>autoshare_for_twitter_default_post_types\u003C\u002Fcode> filter to change the default supported post types\u003C\u002Fp>\n\u003Cp>Custom post types can now be opted into autopost features like so:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function opt_my_cpt_into_autoshare() {\n    add_post_type_support( 'my-cpt', 'autoshare-for-twitter' );\n}\nadd_action( 'init', 'opt_my_cpt_into_autoshare' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In addition, adding support while registering custom post types also works. Post types are automatically set to autopost. Future versions of this plugin could allow this to be set manually.\u003C\u002Fp>\n\u003Cp>While the autopost feature can be opted into for post types using the above filter, by default the editor still has to manually enable autopost during the post prepublish flow. The \u003Ccode>autoshare_for_twitter_enabled_default\u003C\u002Fcode> filter allows autopost to be enabled by default for all posts of a given post type. Editors can still manually uncheck the option during the publishing flow.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function enable_autoshare_by_default_for_core_post_type( $enabled, $post_type ) {\n    if ( 'post' === $post_type ) {\n        return true;\n    }\n\n    return $enabled;\n}\nadd_filter( 'autoshare_for_twitter_enabled_default', 'enable_autoshare_by_default_for_core_post_type', 10, 2 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Additional technical details can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F10up\u002Fautoshare-for-twitter#overview\" rel=\"nofollow ugc\">our GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Automatically shares the post title or custom message and a link to the post to X\u002FTwitter.",6000,48739,100,6,"2026-02-02T17:14:00.000Z","6.9.4","6.8","7.4",[122,123,124,20,22],"posse","share","social-media","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautoshare-for-twitter.2.3.3.zip",97,2,"2023-01-23 00:00:00",{"attackSurface":130,"codeSignals":163,"taintFlows":214,"riskAssessment":272,"analyzedAt":284},{"hooks":131,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":13,"unprotectedCount":13},[132,138,142,146,151,155],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_menu","twitter2press_menu","twitter2press.php",61,{"type":133,"name":139,"callback":140,"file":136,"line":141},"init","twitter2press_upload",275,{"type":133,"name":143,"callback":144,"file":136,"line":145},"wp_head","twitter2press_css",294,{"type":147,"name":148,"callback":149,"file":136,"line":150},"filter","the_content","load_gallery_content",308,{"type":133,"name":152,"callback":153,"file":136,"line":154},"wp","load_gallery",450,{"type":133,"name":156,"callback":157,"file":136,"line":158},"admin_notices","twitter2press_admin_notice",596,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":171,"fileOperations":30,"externalRequests":30,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":213},[],{"prepared":166,"raw":30,"locations":167},12,[168],{"file":136,"line":169,"context":170},603,"$wpdb->get_var() with variable interpolation",{"escaped":13,"rawEcho":172,"locations":173},19,[174,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211],{"file":136,"line":175,"context":176},72,"raw output",{"file":136,"line":178,"context":176},166,{"file":136,"line":180,"context":176},170,{"file":136,"line":182,"context":176},178,{"file":136,"line":184,"context":176},183,{"file":136,"line":186,"context":176},187,{"file":136,"line":188,"context":176},195,{"file":136,"line":190,"context":176},205,{"file":136,"line":192,"context":176},208,{"file":136,"line":194,"context":176},212,{"file":136,"line":196,"context":176},216,{"file":136,"line":198,"context":176},256,{"file":136,"line":200,"context":176},261,{"file":136,"line":202,"context":176},264,{"file":136,"line":204,"context":176},267,{"file":136,"line":206,"context":176},292,{"file":136,"line":208,"context":176},568,{"file":136,"line":210,"context":176},590,{"file":136,"line":212,"context":176},593,[],[215,234,255],{"entryPoint":216,"graph":217,"unsanitizedCount":232,"severity":233},"twitter2press_options (twitter2press.php:66)",{"nodes":218,"edges":229},[219,224],{"id":220,"type":221,"label":222,"file":136,"line":223},"n0","source","$_GET (x4)",126,{"id":225,"type":226,"label":227,"file":136,"line":198,"wp_function":228},"n1","sink","echo() [XSS]","echo",[230],{"from":220,"to":225,"sanitized":231},false,4,"medium",{"entryPoint":235,"graph":236,"unsanitizedCount":253,"severity":254},"twitter2press_upload (twitter2press.php:454)",{"nodes":237,"edges":250},[238,241,245,248],{"id":220,"type":221,"label":239,"file":136,"line":240},"$_FILES (x2)",489,{"id":225,"type":226,"label":242,"file":136,"line":243,"wp_function":244},"query() [SQLi]",520,"query",{"id":246,"type":221,"label":247,"file":136,"line":240},"n2","$_FILES",{"id":249,"type":226,"label":227,"file":136,"line":208,"wp_function":228},"n3",[251,252],{"from":220,"to":225,"sanitized":231},{"from":246,"to":249,"sanitized":231},3,"high",{"entryPoint":256,"graph":257,"unsanitizedCount":271,"severity":254},"\u003Ctwitter2press> (twitter2press.php:0)",{"nodes":258,"edges":267},[259,260,261,262,263,265],{"id":220,"type":221,"label":222,"file":136,"line":223},{"id":225,"type":226,"label":227,"file":136,"line":198,"wp_function":228},{"id":246,"type":221,"label":239,"file":136,"line":240},{"id":249,"type":226,"label":242,"file":136,"line":243,"wp_function":244},{"id":264,"type":221,"label":247,"file":136,"line":240},"n4",{"id":266,"type":226,"label":227,"file":136,"line":208,"wp_function":228},"n5",[268,269,270],{"from":220,"to":225,"sanitized":231},{"from":246,"to":249,"sanitized":231},{"from":264,"to":266,"sanitized":231},7,{"summary":273,"deductions":274},"The \"twitter2press\" plugin v1.0.5 exhibits a mixed security posture.  On the positive side, the plugin boasts a remarkably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. This significantly limits potential entry points for attackers. Furthermore, the plugin demonstrates a strong adherence to secure coding practices regarding SQL queries, with 92% utilizing prepared statements, which greatly mitigates SQL injection risks.\n\nHowever, significant concerns arise from the output escaping analysis and taint analysis. The fact that 0% of outputs are properly escaped is a critical vulnerability, opening the door to Cross-Site Scripting (XSS) attacks. Any dynamic data displayed to users or within the WordPress admin area is susceptible to malicious script injection. The taint analysis further reinforces this, revealing two high-severity flows with unsanitized paths, indicating that data processed by the plugin may be used in a way that could lead to code execution or data compromise if not handled with proper sanitization. The absence of nonce and capability checks on any entry points is also a significant weakness, allowing unauthorized users to potentially trigger actions.\n\nWhile the plugin has no recorded CVEs, this does not guarantee its current security. The lack of historical vulnerabilities could be due to its niche nature, infrequent security audits, or simply luck. The significant findings in the static and taint analysis, particularly the unescaped outputs and high-severity taint flows, overshadow the lack of historical issues and the small attack surface. The plugin's strengths in SQL handling are significantly undermined by its glaring weaknesses in output sanitization and potential data flow vulnerabilities.",[275,278,280,282],{"reason":276,"points":277},"0% of outputs properly escaped",8,{"reason":279,"points":166},"High severity taint flows (2)",{"reason":281,"points":11},"0 Nonce checks",{"reason":283,"points":11},"0 Capability checks","2026-03-17T01:43:07.856Z",{"wat":286,"direct":291},{"assetPaths":287,"generatorPatterns":288,"scriptPaths":289,"versionParams":290},[],[],[],[],{"cssClasses":292,"htmlComments":294,"htmlAttributes":295,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":301},[293],"t2p-options",[],[296],"data-t2p-id",[],[299,300],"shortening_services","t2p_settings",[]]