53 matches found
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177
The CVE-2026-6177 entry concerns the WordPress plugin Custom Twitter Feeds (versions
WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...
WordPress plugin Custom Twitter Feeds 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2023-56810
Malicious code in bioql PyPI...
EUVD-2025-6745
Malicious code in bioql PyPI...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Custom Twitter Feeds Tweets Widget custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through = 2.2.3...
CVE-2023-52136
Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2...
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctfclearcacheadmin function. This makes it possible for...
CVE-2025-1314
CVE-2025-1314 (Custom Twitter Feeds – A Tweets Widget or X Feed Widget for WordPress) is a CSRF vulnerability present in all versions up to and including 2.2.5. The root cause is missing or incorrect nonce validation in the ctf_clear_cache_admin() function, enabling unauthenticated attackers to r...
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctfclearcacheadmin function. This makes it possible for...
WordPress plugin Custom Twitter Feeds 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Custom Twitter Feeds plugin <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function vulnerability
Cross-Site Request Forgery to Cache Reset via ctfclearcacheadmin Function vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.2.5...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds Tweets Widget allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through 2.2.3...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Custom Twitter Feeds Tweets Widget custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through = 2.2.3...
CVE-2024-49685
CVE-2024-49685 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin for WordPress, affecting versions up to 2.2.3. The issue enables CSRF without requiring authentication and is exploitable in affected environments, potential...