3139 matches found
BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
The twitter-plugin plugin before 2.55 for WordPress has XSS. id: CVE-2017-18505 info: name: BestWebSoft's Twitter 2.55 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The twitter-plugin plugin before 2.55 for WordPress has XSS. impact: | Authenticated attackers can...
twitter-server Cross-Site Scripting
twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala. id: CVE-2020-35774 info: name: twitter-server Cross-Site...
CVE-2026-14987
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-14987 GiveWP <= 4.16.3 - Authenticated (Give Worker+) Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-14987
CVE-2026-14987 affects GiveWP (WordPress) up to version 4.16.3. The issue is a stored XSS via the twitter_message field in the Sequoia Template Settings, caused by insufficient input sanitization and output escaping. An authenticated attacker with give worker-level access (or higher) can inject a...
EUVD-2026-44859
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-56285
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...
EUVD-2026-40154
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...
CVE-2026-56285
Nitter is affected by a Server-Side Request Forgery in the /video media proxy endpoint. The vulnerability arises because the endpoint does not validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, enabling unauthenticated attackers to compute valid HMACs for arbitr...
CVE-2026-56285 Nitter - Server-Side Request Forgery in /video Media Proxy Endpoint
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...
CVE-2026-53736
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...
CVE-2026-53736 Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...
CVE-2026-53736
CVE-2026-53736 affects the Easy Twitter Feeds WordPress plugin prior to 1.2.13. The issue is a cross-site request forgery in the duplicate_post action handler that lacks nonce verification. An attacker could entice an authenticated user to visit a crafted link that duplicates posts regardless of ...
CVE-2026-10875
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
EUVD-2026-34543
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-10875
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-10875 projectworlds Online Art Gallery Shop Project adminHome.ph sql injection
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-10875
The CVE-2026-10875 entry affects projectworlds Online Art Gallery Shop Project 1.0. The vulnerability is in an unknown function of the file /admin/adminHome.ph; manipulating the social_twitter argument causes SQL injection. A remote attack is possible, and the exploit has been released publicly. ...
Projectworlds Online Art Gallery Shop Project SQL注入漏洞
Projectworlds Online Art Gallery Shop Project is a online art gallery store project developed by the Projectworlds team. Version 1.0 of Projectworlds Online Art Gallery Shop Project has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file admin/adminHome.p...