Does WP Telegram Widget and Join Link have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Telegram Widget and Join Link have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Telegram Widget and Join Link compatible with WordPress 6.9.4?

According to WordPress.org data, WP Telegram Widget and Join Link 2.2.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Telegram Widget and Join Link compatible with PHP 8.0+?

WP Telegram Widget and Join Link requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Telegram Widget and Join Link updated?

WP Telegram Widget and Join Link was last updated on Feb 14, 2026. Frequent updates are generally a positive security signal.

What is WP Telegram Widget and Join Link's security score?

WP Telegram Widget and Join Link has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Telegram Widget and Join Link Security & Risk Analysis

wordpress.org/plugins/wptelegram-widget

Display the Telegram Public Channel or Group Feed in a WordPress widget or anywhere you want using a simple shortcode.

4K active installs v2.2.15 PHP 8.0+ WP 6.6+ Updated Feb 14, 2026

channelfeedgrouptelegramwidget

A · Safe

CVEs total2

Unpatched0

Last CVEDec 22, 2025

Plugin page Download

Safety Verdict

Is WP Telegram Widget and Join Link Safe to Use in 2026?

Generally Safe

Score 98/100

WP Telegram Widget and Join Link has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 22, 2025Updated 1mo ago

Risk Assessment

The wptelegram-widget plugin, version 2.2.15, exhibits a mixed security posture. While it has a relatively small attack surface with no directly unprotected entry points and a high percentage of properly escaped output, there are significant concerns regarding its vulnerability history and internal coding practices. The presence of two medium-severity historical vulnerabilities, specifically related to missing authorization and Cross-Site Scripting, is a red flag, even though none are currently unpatched. This pattern suggests a past susceptibility to common web application vulnerabilities.

The static analysis reveals some concerning code signals. The plugin performs external HTTP requests, which can be a vector for various attacks if not handled with extreme care. Furthermore, the fact that 100% of its single SQL query is not using prepared statements is a substantial risk, as it opens the door to SQL injection vulnerabilities. While the taint analysis shows no critical or high severity flows, the single flow with unsanitized paths warrants attention, as it could be a precursor to vulnerabilities if data sources change or are exploited.

In conclusion, while wptelegram-widget has some positive security attributes like a limited attack surface and good output escaping, the historical vulnerability patterns, the unescaped SQL query, and the potential for external HTTP request manipulation present notable risks. The absence of nonce checks also contributes to a less secure implementation, especially if any future AJAX handlers are introduced or if existing ones are ever exposed.

Key Concerns

Raw SQL query without prepared statements
2 medium severity CVEs in vulnerability history
External HTTP requests
No nonce checks
Unsanitized path in taint analysis flow

Vulnerabilities

WP Telegram Widget and Join Link Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-68589medium · 5.3Missing Authorization

Telegram Widget and Join Link <= 2.2.12 - Missing Authorization

Dec 22, 2025 Patched in 2.2.13 (23d)

CVE-2024-43309medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Telegram Widget and Join Link <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 16, 2024 Patched in 2.1.28 (7d)

Code Analysis

Analyzed Mar 16, 2026

WP Telegram Widget and Join Link Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

138 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

88% escaped157 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<AjaxWidget> (shared\embed\AjaxWidget.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Telegram Widget and Join Link Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[wptelegram-ajax-widget] includes\Main.php:402

[wptelegram-join-channel] includes\Main.php:403

[wptelegram-widget] includes\Main.php:404

WordPress Hooks 33

actionplugins_loadedincludes\Main.php:175

actionplugins_loadedincludes\Main.php:178

actionadmin_menuincludes\Main.php:203

actionadmin_menuincludes\Main.php:204

actioninitincludes\Main.php:321

actionrest_api_initincludes\Main.php:335

actionwidgets_initincludes\Main.php:337

actionadmin_post_nopriv_wptelegram_widget_pull_updatesincludes\Main.php:340

actionadmin_post_wptelegram_widget_pull_updatesincludes\Main.php:341

actionwptelegram_widget_pull_the_updatesincludes\Main.php:343

actionadmin_post_nopriv_wptelegram_widget_viewincludes\Main.php:346

actionadmin_post_wptelegram_widget_viewincludes\Main.php:347

actionwptelegram_p2tg_api_responseincludes\Main.php:349

filterblock_categories_allincludes\Main.php:351

filterrest_request_before_callbacksincludes\Main.php:353

actioninitincludes\Main.php:367

filterinitincludes\Main.php:369

filtertemplate_includeincludes\Main.php:371

filtertemplate_includeincludes\Main.php:373

actioninitincludes\Main.php:375

actioninitincludes\Main.php:377

actionwptelegram_widget_cron_pull_updatesincludes\Main.php:379

filtercron_schedulesincludes\Main.php:383

filterthe_contentincludes\Main.php:387

actioninitincludes\Main.php:392

actionwp_enqueue_scriptsincludes\Main.php:394

actionadmin_enqueue_scriptsincludes\Main.php:395

actionenqueue_block_assetsincludes\Main.php:396

actionadmin_enqueue_scriptsincludes\Main.php:398

actionenqueue_block_assetsincludes\Main.php:400

actionwptelegram_widget_ajax_widget_embedincludes\Main.php:407

actionwptelegram_widget_single_message_embedincludes\Main.php:409

actionadmin_menuincludes\Utils.php:287

Scheduled Events 3

wptelegram_widget_cron_pull_updates

wptelegram_widget_pull_updates

wptelegram_widget_cron_pull_updates

Maintenance & Trust

WP Telegram Widget and Join Link Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 14, 2026

PHP min version8.0

Downloads178K

Community Trust

Rating98/100

Number of ratings31

Active installs4K

Alternatives

WP Telegram Widget and Join Link Alternatives

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

The Feeds for YouTube plugin allows you to display customizable YouTube feeds from any YouTube channel.

100K 4 CVEs

WP Telegram (Auto Post and Notifications)

wptelegram

100

Integrate your WordPress site perfectly with Telegram with full control.

30K No CVEs

Telegram Bot & Channel

telegram-bot

Supercharge your WordPress site with Telegram! Broadcast posts, automate notifications, and build interactive bots for your users, groups, and channel …

600 3 CVEs

Channel Widget for telegram

tgchannel

Display your telegram channel in wordpress.

100 No CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Developer Profile

WP Telegram Widget and Join Link Developer Profile

WP Socio

4 plugins · 35K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect WP Telegram Widget and Join Link

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wptelegram-widget/assets/static/css/admin-menu.css/wp-content/plugins/wptelegram-widget/assets/build/js/blocks.js/wp-content/plugins/wptelegram-widget/assets/build/js/blocks.css/wp-content/plugins/wptelegram-widget/assets/build/js/settings/index.js/wp-content/plugins/wptelegram-widget/assets/build/js/settings/index.css/wp-content/plugins/wptelegram-widget/assets/build/js/public/index.js/wp-content/plugins/wptelegram-widget/assets/build/js/public/index.css

Script Paths

/wp-content/plugins/wptelegram-widget/assets/build/js/blocks.js/wp-content/plugins/wptelegram-widget/assets/build/js/settings/index.js/wp-content/plugins/wptelegram-widget/assets/build/js/public/index.js

Version Parameters

wptelegram-widget/assets/static/css/admin-menu.css?ver=wptelegram-widget/assets/build/js/blocks.js?ver=wptelegram-widget/assets/build/js/settings/index.js?ver=wptelegram-widget/assets/build/js/public/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

wptelegram-widget-public

Data Attributes

data-wptelegram-widget

JS Globals

wptelegram

REST Endpoints

/wp-json/wptelegram-widget/v2/settings/wp-json/wptelegram-widget/v2/channels

Shortcode Output

[wptelegram-channel[wptelegram-group

FAQ