Twitterply Security & Risk Analysis
wordpress.org/plugins/twitterply-for-webmastersWant to display your twitter feeds or Tweets on your website or blog or in the sidebar. This plugin uses PHP to make requests to the Twitter REST API.
Is Twitterply Safe to Use in 2026?
Generally Safe
Score 85/100Twitterply has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The twitterply-for-webmasters plugin v1.2 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the plugin's development practices, such as using prepared statements for all SQL queries and implementing nonce and capability checks, are positive indicators. The limited attack surface with only one shortcode entry point, and no unprotected AJAX handlers or REST API routes, further strengthens its security. However, the use of the `create_function` is a notable concern. This function is deprecated and can be a security risk as it allows for the dynamic creation of functions from strings, potentially leading to code injection if not handled with extreme care. The low percentage of properly escaped output (9%) also presents a risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is displayed without sufficient sanitization within those unescaped outputs. The single file operation and external HTTP request, while not inherently risky, are potential vectors for attack and should be carefully reviewed for proper handling of inputs and outputs.
Key Concerns
- Use of deprecated 'create_function'
- Low percentage of properly escaped output
Twitterply Security Vulnerabilities
Twitterply Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Twitterply Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Twitterply Maintenance & Trust
Maintenance Signals
Community Trust
Twitterply Alternatives
Display Tweets
display-tweets-php
Display Tweets is an easy to use, future proof Twitter feed plugin that uses PHP to make requests to the v1.1 Twitter REST API.
Peadig's Twitter Feed: Embedded Timeline WordPress Plugin
wp-twitter-feed
A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!
Ultimate Twitter Feeds
ultimate-twitter-feeds
Ultimate Twitter Feeds allows you to display customizable Twitter Tweets from any user timeline, any user Twitter List and single Tweet on your websi …
Import Tweets as Posts
import-tweets-as-posts
"Import Tweets as Posts" plugin allows to easily import tweets from user's timeline or search query. It has also flexibility to import …
Timeline Twitter Feed
timeline-twitter-feed
Output timeline feeds and multiple hashtags into your WordPress site as flat HTML.
Twitterply Developer Profile
1 plugin · 10 total installs
How We Detect Twitterply
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/twitterply-for-webmasters/css/jquery.bxslider.css/wp-content/plugins/twitterply-for-webmasters/js/jquery.bxslider.min.js/wp-content/plugins/twitterply-for-webmasters/js/jquery.twitterply.js/wp-content/plugins/twitterply-for-webmasters/css/twitterply.css/wp-content/plugins/twitterply-for-webmasters/js/jquery.twitterply.jstwitterply-for-webmasters/css/jquery.bxslider.css?ver=twitterply-for-webmasters/js/jquery.bxslider.min.js?ver=twitterply-for-webmasters/js/jquery.twitterply.js?ver=twitterply-for-webmasters/css/twitterply.css?ver=HTML / DOM Fingerprints
twitterply-widgetdata-twitterply-screennamedata-twitterply-countdata-twitterply-include-rtsdata-twitterply-exclude-repliesdata-twitterply-consumer-keydata-twitterply-consumer-secret+2 moretwitterply[twitterply]