[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX_2di2BWO_UUDXSXVRBNnB1t2Wtl3iDAosBAdVbmRUI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":149,"fingerprints":220},"wp-twitter-feed","Peadig's Twitter Feed: Embedded Timeline WordPress Plugin","2.2","Alex Moss","https:\u002F\u002Fprofiles.wordpress.org\u002Falexmoss\u002F","\u003Cp>The WordPress Twitter Feed Plugin lets you simply output any user’s tweets into your WordPress page, template or sidebar! You can customise the username, number of tweets, and style of ouput.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fpeadig.com\u002Fwordpress-plugins\u002Fwp-twitter-feed\u002F\" rel=\"nofollow ugc\">Twitter Embedded Timeline\u003C\u002Fa> WordPress Plugin homepage.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fpeadig.com\u002Fwordpress-plugins\u002Fwp-twitter-feed-pro\u002F\" rel=\"nofollow ugc\">Twitter Feed PRO\u003C\u002Fa> – this plugin outputs tweet using flat HTML and supports Twitter’s API v1.1.\u003C\u002Fli>\n\u003Cli>More \u003Ca href=\"http:\u002F\u002Fpeadig.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple Twitter feed that outputs your latest tweets in HTML into any post, page, template or sidebar widget. Customisable and easy to install!",600,161765,62,7,"2018-04-04T22:46:00.000Z","3.7.41","2.7","",[20,21,22,23,24],"seo","tweets","twitter","twitter-feed","twitter-updates","http:\u002F\u002Fpeadig.com\u002Fwordpress-plugins\u002Fwp-twitter-feed\u002F?utm_source=WordPress&utm_medium=Admin&utm_campaign=Twitter%2BFeed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-twitter-feed.2.2.zip",63,1,"2010-12-07 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2010-4825","peadigs-twitter-feed-embedded-timeline-wordpress-plugin-reflected-cross-site-scripting","Peadig's Twitter Feed: Embedded Timeline WordPress Plugin \u003C= 2.2 - Reflected Cross-Site Scripting","Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 2.2 and below for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.",null,"\u003C=2.2","high",7.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2553a858-bbea-4ef2-8d45-e0a665123065?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"alexmoss",11,3650,83,249,67,"2026-04-04T02:14:43.177Z",[55,75,95,113,133],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":28,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":18,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"ultimate-twitter-feeds","Ultimate Twitter Feeds","0.1","Milap","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilap\u002F","\u003Cp>Ultimate Twitter Feeds is one of the best Lightweight plugin to display Twitter feeds (Tweets) on your website. It fetches feeds from Twitter Profile, Twitter User List and single Tweet. It provides additional configuration options like Height, Width, Language and Theme.\u003C\u002Fp>\n\u003Cp>An inside look:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F8gxE5CPLiJM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Why should you choose Ultimate Twitter Feeds among the many other plugins?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Light weight & easy to configure.\u003C\u002Fli>\n\u003Cli>Configuration options like show Tweets from Twitter User Profile, User List and Single Tweet.\u003C\u002Fli>\n\u003Cli>Supports Light and Dark theme.\u003C\u002Fli>\n\u003Cli>Additional options like Width, Height and Language.\u003C\u002Fli>\n\u003Cli>Shortcode support (In Next Release)\u003C\u002Fli>\n\u003Cli>Fast & helpful support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cp>The following plugins are recommended for users:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffacebook-pagelike-widget\u002F\" rel=\"ugc\">Facebook Page Feeds Widget\u003C\u002Fa> by Milap – With Facebook Page Feeds Widget, you can display your Facebook Page feeds on your website quickly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy Notices\u003C\u002Fh4>\n\u003Cp>With the default configuration, this plugin, in itself, does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>use cookies.\u003C\u002Fli>\n\u003Cli>track users by stealth.\u003C\u002Fli>\n\u003Cli>write any user personal data to the database.\u003C\u002Fli>\n\u003Cli>send any data to external servers.\u003C\u002Fli>\n\u003C\u002Ful>\n","Ultimate Twitter Feeds allows you to display customizable Twitter Tweets from any user timeline,  any user Twitter List and single Tweet on your websi …",400,5646,100,"2021-08-23T10:05:00.000Z","5.8.13","3.4",[70,21,22,23,71],"custom-twitter-feed","twitter-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-twitter-feeds.0.1.zip",85,0,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":65,"downloaded":83,"rating":65,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":93,"download_link":94,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"import-tweets-as-posts","Import Tweets as Posts","3.0","Chandan Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fchandanonline4u\u002F","\u003Cp>“Import Tweets as Posts” plugin allows to easily import tweets from user’s timeline or search query. It has also flexibility to import tweets as custom post type “tweet”. Other settings that user can specify are tweet import interval time, number of tweets to import, Category,  Text before tweet post title. There is also options to exclude retweets and replies from user’s twitter timeline.\u003C\u002Fp>\n\u003Cp>Released under the terms of the GNU GPL, version 2.\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.fsf.org\u002Flicensing\u002Flicenses\u002Fgpl.html\u003C\u002Fp>\n\u003Cp>NO WARRANTY.\u003Cbr \u002F>\nCopyright (c) 2015 Chandan Kumar\u003C\u002Fp>\n","\"Import Tweets as Posts\" plugin allows to easily import tweets from user's timeline or search query. It has also flexibility to import  …",12269,8,"2015-11-25T09:14:00.000Z","4.3.34","2.8.6",[89,76,90,91,92],"import-tweets","posts","tweets-to-posts","twitter-feeds","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fimport-tweets-as-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-tweets-as-posts.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":65,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":86,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":111,"download_link":112,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"timeline-twitter-feed","Timeline Twitter Feed","1.3","ezraverheijen","https:\u002F\u002Fprofiles.wordpress.org\u002Fezraverheijen\u002F","\u003Cp>Timeline Twitter Feed let’s you output your timeline feed and multiple hashtags into your WordPress site as flat HTML.\u003Cbr \u002F>\nThe output is customizable on nearly every aspect. With or without profile pictures, tweet date, usernames before tweets, hashtags and usernames as links etc. etc.\u003Cbr \u002F>\nCSS styling can be added\u002Foverwrited via your theme’s stylesheet or in the Timeline Twitter Feed settings screen.\u003Cbr \u002F>\nThere is also a widget to easily add a Twitter feed to your header, sidebar or footer, if your theme supports it.\u003C\u002Fp>\n\u003Cp>If you have any issues using Timeline Twitter Feed, find a bug or have an idea to make the plugin even better then please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fezraverheijen\u002Ftimeline-twitter-feed\" rel=\"nofollow ugc\">help to improve Timeline Twitter Feed\u003C\u002Fa>.\u003Cbr \u002F>\nIf you don’t report it, I can’t fix it!\u003C\u002Fp>\n","Output timeline feeds and multiple hashtags into your WordPress site as flat HTML.",14010,70,2,"2015-09-04T14:00:00.000Z","3.5",[109,110,21,22,23],"feed","tweet","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftimeline-twitter-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftimeline-twitter-feed.1.3.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":107,"requires_php":18,"tags":127,"homepage":131,"download_link":132,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"multi-account-tweet-feeds-by-webline","Multi Account Tweet Feeds by Webline","1.0.7","WeblineIndia","https:\u002F\u002Fprofiles.wordpress.org\u002Fweblineindia\u002F","\u003Cp>Multi Account Tweet Feeds by Webline is a simple and easy to use plugin to show latest tweets from a multiple Twitter accounts in the same sidebar widget,post,page or text widget content including parsing of @usernames, #hashtags, media and URLs into links.\u003C\u002Fp>\n\u003Cp>The plugin is based on Twitter API version 1.1.\u003C\u002Fp>\n\u003Cp>In order to use it, you have to create a personal Twitter Application on the https:\u002F\u002Fapps.twitter.com\u002F website. Within your Application, Twitter provides you four values: the Consumer Key, the Consumer Secret, the Access Token and the Access Token Secret.\u003C\u002Fp>\n\u003Cp>Enter all these Authorization strings in the widget options box from \u003Cstrong>Appearance -> Widgets\u003C\u002Fstrong>, along with your other display settings, for display widget in sidebar.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>OR\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enter all these Authorization strings in settings page from \u003Cstrong>Settings -> Multi Account Tweet Feeds\u003C\u002Fstrong>, along with your other display settings, for use shortcode \u003Cstrong>[wli-multi-account-tweet-feeds]\u003C\u002Fstrong> in post,page or text widget.\u003C\u002Fp>\n\u003Cp>Your Multi Account Tweet Feeds by Webline plugin is now ready and active!\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display tweets in sidebar using widget\u003C\u002Fli>\n\u003Cli>Shortcode [wli-multi-account-tweet-feeds] support, for display tweets on post,page or text widget content\u003C\u002Fli>\n\u003Cli>Show tweets from multiple accounts\u003C\u002Fli>\n\u003Cli>Control for set tweets cache time(in minutes), which improve tweets loading time.\u003C\u002Fli>\n\u003Cli>Control for showing Avtar\u003C\u002Fli>\n\u003Cli>Control for showing Replies\u003C\u002Fli>\n\u003Cli>Control for showing Time (e.g. 4 days ago, 27 mins ago)\u003C\u002Fli>\n\u003Cli>Control for showing Short Time (e.g. Sep 24, Nov 29)\u003C\u002Fli>\n\u003Cli>Control for set widget height.\u003C\u002Fli>\n\u003Cli>Control for set widget title color.\u003C\u002Fli>\n\u003Cli>Control for set widget header background color.\u003C\u002Fli>\n\u003C\u002Ful>\n","A Simple plugin to show latest Tweets from a multiple Twitter accounts in the same sidebar widget,post,page or text widget content.",80,6014,66,3,"2023-02-02T07:48:00.000Z","6.1.10",[128,129,130,21,92],"multi-account-tweets","multi-account-twitter-feeds","multiple-account","http:\u002F\u002Fwww.weblineindia.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmulti-account-tweet-feeds-by-webline.1.0.7.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":65,"num_ratings":28,"last_updated":18,"tested_up_to":143,"requires_at_least":78,"requires_php":18,"tags":144,"homepage":146,"download_link":147,"security_score":65,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":148},"find-tweets","Find Tweets","0.11","lhadley91","https:\u002F\u002Fprofiles.wordpress.org\u002Flhadley91\u002F","\u003Cp>The Find Tweets Plugin scans through your blog posts and displays all the sentences that are less than 140 characters. The plugin will add your post’s shortlink to the tweet to drive traffic to your website. Great tool for content creators looking for a fast and easy way to generate popular tweets.\u003C\u002Fp>\n","Automatically converts blog post snippets into less than 140 character tweets. Adds in shortlinks to drive traffic to your website.",10,1383,"4.5.33",[134,20,145,21,22],"social-media","http:\u002F\u002Flancehadleydesign.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffind-tweets.0.11.zip","2026-03-15T10:48:56.248Z",{"attackSurface":150,"codeSignals":182,"taintFlows":207,"riskAssessment":208,"analyzedAt":219},{"hooks":151,"ajaxHandlers":175,"restRoutes":176,"shortcodes":177,"cronEvents":181,"entryPointCount":28,"unprotectedCount":74},[152,157,161,165,170],{"type":153,"name":154,"callback":155,"file":156,"line":48},"action","admin_init","wptf_init","class-admin.php",{"type":153,"name":158,"callback":159,"file":156,"line":160},"admin_menu","show_wptf_options",27,{"type":153,"name":162,"callback":163,"file":156,"line":164},"admin_notices","wptf_admin_notice",50,{"type":153,"name":166,"callback":167,"file":168,"line":169},"wp_head","wptf_js","class-frontend.php",12,{"type":171,"name":172,"callback":173,"file":168,"line":174},"filter","widget_text","do_shortcode",64,[],[],[178],{"tag":23,"callback":179,"file":168,"line":180},"wptfshortcode",65,[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":74,"externalRequests":74,"nonceChecks":74,"capabilityChecks":28,"bundledLibraries":206},[],{"prepared":74,"raw":74,"locations":185},[],{"escaped":105,"rawEcho":187,"locations":188},9,[189,192,194,196,198,199,201,203,204],{"file":156,"line":190,"context":191},45,"raw output",{"file":156,"line":193,"context":191},58,{"file":156,"line":195,"context":191},182,{"file":156,"line":197,"context":191},209,{"file":156,"line":197,"context":191},{"file":156,"line":200,"context":191},254,{"file":156,"line":202,"context":191},265,{"file":156,"line":202,"context":191},{"file":156,"line":205,"context":191},279,[],[],{"summary":209,"deductions":210},"The \"wp-twitter-feed\" v2.2 plugin exhibits a mixed security posture. On the positive side, the code analysis reveals no dangerous functions, all SQL queries use prepared statements, and there are no file operations or external HTTP requests. The limited attack surface, consisting of a single shortcode, is a good sign.  However, significant concerns arise from the low percentage of properly escaped output (18%) and the complete absence of nonce checks across its entry points.  The vulnerability history is a major red flag, with one high-severity Cross-Site Scripting (XSS) vulnerability from 2010 that remains unpatched. This indicates a past tendency for vulnerabilities of this type and a failure to address a known high-severity issue, suggesting a lack of proactive security maintenance.\n\nWhile the current static analysis doesn't reveal critical taint flows or immediate exploitable entry points without authentication, the high percentage of unescaped output combined with the history of XSS makes the shortcode a potential vector for Cross-Site Scripting attacks if user-supplied data is not handled with extreme care. The lack of nonce checks on the shortcode, if it processes user input, further exacerbates this risk. The absence of any taint analysis results might be due to the limited complexity of the analyzed code or the absence of certain code patterns that the tool is designed to detect, rather than a true absence of risk, especially given the output escaping and nonce check deficiencies.",[211,214,217],{"reason":212,"points":213},"Unpatched High-Severity CVE",18,{"reason":215,"points":216},"Low output escaping percentage",6,{"reason":218,"points":84},"Missing nonce checks","2026-03-16T19:28:16.438Z",{"wat":221,"direct":228},{"assetPaths":222,"generatorPatterns":224,"scriptPaths":225,"versionParams":226},[223],"\u002Fwp-content\u002Fplugins\u002Fwp-twitter-feed\u002Fcss\u002Fstyle.css",[],[],[227],"wp-twitter-feed\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":229,"htmlComments":230,"htmlAttributes":232,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":241},[23],[231],"Twitter Feed for WordPress: http:\u002F\u002Fpeadig.com\u002Fwordpress-plugins\u002Fwp-twitter-feed\u002F",[233,234,235,236],"data-widget-id","data-size","data-lang","data-show-count",[],[239,240],"twitterWidgets","_ga",[242,243,244],"\u003Cdiv class=\"twitter-feed\">\u003Ca class=\"twitter-timeline\"","\u003Cp>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002F","\u003Cp>Powered by \u003Ca href=\"http:\u002F\u002Fpeadig.com\u002Fwordpress-plugins\u002Fwp-twitter-feed\u002F\">Twitter Feed\u003C\u002Fa>\u003C\u002Fp>"]