WP-Safety

Xhanch – My Twitter Security & Risk Analysis

wordpress.org/plugins/xhanch-my-twitter

The best plugin to display your latest tweets, replies, direct messages, retweets, auto and manual tweet and lots more. Support multiple accounts

200 active installs v2.7.9 PHP + WP 2.3+ Updated Sep 4, 2016
postsidebarstatustweettwitter
84
B · Generally Safe
CVEs total1
Unpatched0
Last CVEAug 1, 2014
Plugin page Download
Safety Verdict

Is Xhanch – My Twitter Safe to Use in 2026?

Mostly Safe

Score 84/100

Xhanch – My Twitter is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Aug 1, 2014Updated 9yr ago
Risk Assessment

The "xhanch-my-twitter" plugin v2.7.9 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling, utilizing prepared statements exclusively, and includes some nonce and capability checks, several concerning areas require attention. The presence of dangerous functions like `unserialize` and `create_function` is a significant red flag, especially when combined with taint analysis revealing two flows with unsanitized paths, classified as high severity. These could potentially lead to remote code execution or other serious vulnerabilities if exploited.

The plugin's vulnerability history shows one previously disclosed high-severity vulnerability, historically of the Cross-Site Request Forgery (CSRF) type. Although currently unpatched CVEs are zero, the past occurrence of a high-severity issue, coupled with the static analysis findings, suggests a pattern of potential weaknesses. The limited attack surface (one shortcode) and lack of unprotected entry points are positive aspects, but the identified code signals and taint issues outweigh these strengths.

In conclusion, while the plugin shows some security awareness, the presence of dangerous functions, high-severity unsanitized taint flows, and a history of high-severity vulnerabilities necessitate caution. Further investigation and code review are recommended to mitigate these risks, particularly around the usage of `unserialize` and `create_function` and the identified unsanitized paths.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Use of dangerous function: unserialize
  • Use of dangerous function: create_function
  • 16% of outputs properly escaped (low escaping)
  • Previous High severity CVE
Vulnerabilities
1

Xhanch – My Twitter Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2013-3253high · 8.8Cross-Site Request Forgery (CSRF)

Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery

Aug 1, 2014 Patched in 2.7.7 (3462d)
Code Analysis
Analyzed Mar 16, 2026

Xhanch – My Twitter Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
46 prepared
Unescaped Output
295
58 escaped
Nonce Checks
3
Capability Checks
1
File Operations
11
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$xmt_dat = unserialize(base64_decode(file_get_contents($xmt_fle_nme)));admin\setting.php:287
unserialize'cfg' => unserialize($row['cfg']),xhanch-my-twitter.php:137
create_functionadd_action('widgets_init', create_function('', 'return register_widget("xmt_wgt");'));xhanch-my-twitter.php:421

SQL Query Safety

100% prepared46 total queries

Output Escaping

16% escaped353 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
xmt_setting (admin\setting.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Xhanch – My Twitter Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[xmt] xhanch-my-twitter.php:215
WordPress Hooks 10
actionwp_enqueue_scriptstheme\scrolling\conf.php:10
actionwp_enqueue_scriptstheme\slide\conf.php:10
actionadmin_noticesxhanch-my-twitter.php:119
actionwp_print_stylesxhanch-my-twitter.php:184
actionnew_to_publishxhanch-my-twitter.php:306
actiondraft_to_publishxhanch-my-twitter.php:307
actionpending_to_publishxhanch-my-twitter.php:308
actionpublish_to_publishxhanch-my-twitter.php:337
actionadmin_menuxhanch-my-twitter.php:361
actionwidgets_initxhanch-my-twitter.php:421
Maintenance & Trust

Xhanch – My Twitter Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedSep 4, 2016
PHP min version
Downloads1.7M

Community Trust

Rating100/100
Number of ratings4
Active installs200
Alternatives

Xhanch – My Twitter Alternatives

Tools for Twitter

Tools for Twitter

twitter-tools

A
85

Tools for Twitter is a plugin that creates a complete integration between your WordPress blog and your Twitter account.

1K No CVEs
Twiget Twitter Widget

Twiget Twitter Widget

twiget

A
85

A widget to display the latest Twitter status updates.

500 No CVEs
Import Tweets as Posts

Import Tweets as Posts

import-tweets-as-posts

A
85

"Import Tweets as Posts" plugin allows to easily import tweets from user's timeline or search query. It has also flexibility to import &hellip;

100 No CVEs
Twitter Digest

Twitter Digest

twitter-digest

A
100

Creates a daily or weekly post containing tweets from a twitter account.

100 No CVEs
Easy Retweet

Easy Retweet

easy-retweet

A
85

Adds a Tweet button to your WordPress posts

60 No CVEs
Developer Profile

Xhanch – My Twitter Developer Profile

xhanch_studio

3 plugins · 220 total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
3462 days
View full developer profile
Detection Fingerprints

How We Detect Xhanch – My Twitter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/xhanch-my-twitter/css/css.php

HTML / DOM Fingerprints

CSS Classes
xmttweet_avatartweet_list
HTML Comments
<![CDATA[]]>Starting to generate outputFinished
Data Attributes
data-iddata-tweet-iddata-accountdata-tweet-url
JS Globals
window.xmt_base_url
Shortcode Output
[xmt
FAQ

Frequently Asked Questions about Xhanch – My Twitter