CVE-2023-52136

🗓️ 05 Jan 2024 08:33:28Reported by PatchstackType

CVE-2023-52136 CSRF vulnerability in Smash Balloon Custom Twitter Feed

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-52136	5 Jan 202410:27	–	circl
CNNVD	WordPress Plugin Custom Twitter Feeds Cross-Site Request Forgery Vulnerability	5 Jan 202400:00	–	cnnvd
Cvelist	CVE-2023-52136 WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)	5 Jan 202408:33	–	cvelist
EUVD	EUVD-2023-56810	3 Oct 202520:07	–	euvd
NVD	CVE-2023-52136	5 Jan 202409:15	–	nvd
OpenVAS	WordPress Custom Twitter Feeds (Tweets Widget) Plugin < 2.2 CSRF Vulnerability	15 Jan 202400:00	–	openvas
OSV	CVE-2023-52136	5 Jan 202409:15	–	osv
Patchstack	WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)	28 Dec 202300:00	–	patchstack
Prion	Cross site request forgery (csrf)	5 Jan 202409:15	–	prion
Positive Technologies	PT-2024-14428 · Smash Balloon · Smash Balloon Custom Twitter Feeds	5 Jan 202400:00	–	ptsecurity

NVD

Vulners

Node

smashballoon custom_twitter_feedsRange≤2.1.2wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "custom-twitter-feeds",
    "product": "Custom Twitter Feeds – A Tweets Widget or X Feed Widget",
    "vendor": "Smash Balloon",
    "versions": [
      {
        "changes": [
          {
            "at": "2.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/custom-twitter-feeds/wordpress-custom-twitter-feeds-tweets-widget-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability

28 Apr 2026 19:22Current

8.5High risk

Vulners AI Score8.5

CVSS 3.14.3 - 8.8

EPSS0.0007

SSVC

CWE-352