Does WP Tweet Plus have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Tweet Plus compatible with WordPress 4.2.39?

According to WordPress.org data, WP Tweet Plus 1.2.3 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is WP Tweet Plus updated?

WP Tweet Plus was last updated on Jun 12, 2015. Frequent updates are generally a positive security signal.

What is WP Tweet Plus's security score?

WP Tweet Plus has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Tweet Plus Security & Risk Analysis

wordpress.org/plugins/wp-tweet-plus

WP Tweet Plus allows you to add tweet button to your Wordpress site.

10 active installs v1.2.3 PHP + WP 3.0+ Updated Jun 12, 2015

tweettweet-buttontweetstwittertwitter-share

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Tweet Plus Safe to Use in 2026?

Generally Safe

Score 85/100

WP Tweet Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The wp-tweet-plus plugin v1.2.3 demonstrates a generally good security posture with a limited attack surface and no known vulnerabilities. The use of prepared statements for all SQL queries is a significant strength, mitigating common SQL injection risks. However, the analysis reveals several areas for concern. A low percentage of output escaping (58%) suggests potential for cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is rendered without proper sanitization in the remaining outputs. The complete absence of nonce checks and capability checks across all entry points, including its single shortcode, is a notable weakness. This means that any user, regardless of their privileges, could potentially trigger actions associated with the shortcode, leading to unauthorized operations or information disclosure if the shortcode's functionality is not inherently benign. The taint analysis, while not flagging critical or high severity issues, did identify flows with unsanitized paths, which warrants further investigation to ensure no vectors for injection or information leakage exist.

Key Concerns

Low output escaping percentage
No nonce checks on entry points
No capability checks on entry points
Unsanitized paths in taint analysis

Vulnerabilities

None known

WP Tweet Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Tweet Plus Release Timeline

v1.2.3Current

v1.2.2

v1.0

Code Analysis

Analyzed Apr 16, 2026

WP Tweet Plus Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared7 total queries

Output Escaping

58% escaped26 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wptb_init (wp_tweet_plus.php:263)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Tweet Plus Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wptweet] wp_tweet_plus.php:27

WordPress Hooks 5

actionadmin_menuwp_tweet_plus.php:9

filterthe_contentwp_tweet_plus.php:57

filteradmin_headwp_tweet_plus.php:268

actionadmin_enqueue_scriptswp_tweet_plus.php:784

actionadmin_enqueue_scriptswp_tweet_plus.php:785

Maintenance & Trust

WP Tweet Plus Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedJun 12, 2015

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Tweet Plus Alternatives

Customize Feeds for Twitter

twitter-tweets

100

Customize Feeds for Twitter plugin for WordPress. You can use this to display real time Twitter feeds on any where on your website by using shortcode …

4K No CVEs

Slim Jetpack

slimjetpack

Slim version of Jetpack unlinked from WordPress.com :) Supercharge your self-hosted wp site even you're NOT WP.COM users.

2K No CVEs

Display Tweets

display-tweets-php

Display Tweets is an easy to use, future proof Twitter feed plugin that uses PHP to make requests to the v1.1 Twitter REST API.

1K No CVEs

Peadig's Twitter Feed: Embedded Timeline WordPress Plugin

wp-twitter-feed

A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!

600 1 unpatched

Twiget Twitter Widget

twiget

A widget to display the latest Twitter status updates.

500 No CVEs

Developer Profile

WP Tweet Plus Developer Profile

CRUDLab

2 plugins · 710 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Tweet Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-tweet-plus/css/style.css/wp-content/plugins/wp-tweet-plus/js/custom.js

Script Paths

https://platform.twitter.com/widgets.js

Version Parameters

wp-tweet-plus/style.css?ver=wp-tweet-plus/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

wptb_captionwptb_circ

Data Attributes

data-langdata-hashtagsclass="twitter-share-button"data-sizedata-countdata-via+4 more

JS Globals

window.twitterWidgets

Shortcode Output

<span class="wptb_caption"></span>

FAQ