WP-jTweets Security & Risk Analysis
wordpress.org/plugins/wp-jtweetsA widget that uses jQuery and Twitter to display a user's tweets (or can just list the updates). Works with the Twitter API 1.1
Is WP-jTweets Safe to Use in 2026?
Generally Safe
Score 85/100WP-jTweets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-jtweets plugin v1.1.5 exhibits a generally good security posture based on the static analysis. The absence of known CVEs, combined with the fact that all SQL queries use prepared statements, suggests a proactive approach to security and a clean history. The plugin also appears to have a very limited attack surface with zero identified entry points like AJAX handlers, REST API routes, or shortcodes. However, a significant concern is the low percentage (32%) of properly escaped output. This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data could be injected and executed in the browser. Furthermore, the plugin performs file operations and makes external HTTP requests without any observable capability checks or nonce checks, which could potentially be exploited if these operations involve user-controlled data or are triggered in an unauthorized manner. The lack of any taint analysis results suggests either no data flows were analyzed or none were found to be problematic, but this should not overshadow the identified output escaping and authorization concerns.
Key Concerns
- Low output escaping percentage (32%)
- File operations without capability checks
- External HTTP requests without capability checks
- File operations without nonce checks
- External HTTP requests without nonce checks
WP-jTweets Security Vulnerabilities
WP-jTweets Code Analysis
Output Escaping
WP-jTweets Attack Surface
WordPress Hooks 2
Maintenance & Trust
WP-jTweets Maintenance & Trust
Maintenance Signals
Community Trust
WP-jTweets Alternatives
Display Tweets
display-tweets-php
Display Tweets is an easy to use, future proof Twitter feed plugin that uses PHP to make requests to the v1.1 Twitter REST API.
Peadig's Twitter Feed: Embedded Timeline WordPress Plugin
wp-twitter-feed
A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!
Ultimate Twitter Feeds
ultimate-twitter-feeds
Ultimate Twitter Feeds allows you to display customizable Twitter Tweets from any user timeline, any user Twitter List and single Tweet on your websi …
Import Tweets as Posts
import-tweets-as-posts
"Import Tweets as Posts" plugin allows to easily import tweets from user's timeline or search query. It has also flexibility to import …
Timeline Twitter Feed
timeline-twitter-feed
Output timeline feeds and multiple hashtags into your WordPress site as flat HTML.
WP-jTweets Developer Profile
4 plugins · 10K total installs
How We Detect WP-jTweets
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-jtweets/style.css/wp-content/plugins/wp-jtweets/js/jtweets.js/wp-content/plugins/wp-jtweets/js/jtweets.jswp-jtweets/style.css?ver=wp-jtweets/js/jtweets.js?ver=HTML / DOM Fingerprints
jtweets-feedjtweets-avatar-blockjtweets-avatar-block-1jtweets-avatar-block-2data-rotatetime