53 matches found
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The CVE-2026-6177 entry concerns the WordPress plugin Custom Twitter Feeds (versions
WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...
WordPress plugin Custom Twitter Feeds 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2023-56810
Malicious code in bioql PyPI...
EUVD-2025-6745
Malicious code in bioql PyPI...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Custom Twitter Feeds Tweets Widget custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through = 2.2.3...
CVE-2023-52136
Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2...
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctfclearcacheadmin function. This makes it possible for...
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctfclearcacheadmin function. This makes it possible for...
CVE-2025-1314
CVE-2025-1314 (Custom Twitter Feeds – A Tweets Widget or X Feed Widget for WordPress) is a CSRF vulnerability present in all versions up to and including 2.2.5. The root cause is missing or incorrect nonce validation in the ctf_clear_cache_admin() function, enabling unauthenticated attackers to r...
WordPress plugin Custom Twitter Feeds 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Custom Twitter Feeds plugin <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function vulnerability
Cross-Site Request Forgery to Cache Reset via ctfclearcacheadmin Function vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.2.5...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Custom Twitter Feeds Tweets Widget custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through = 2.2.3...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds Tweets Widget allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through 2.2.3...
CVE-2024-49685 WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Custom Twitter Feeds Tweets Widget custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through = 2.2.3...