CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

CVE-2025-11860

CVE-2025-11860 affects the Twitter Feed WordPress plugin (versions

WordPress Twitter Feed plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twitter Feed versions = 1.3.1...

WordPress plugin Twitter Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-46257

Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1 Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does no...

EUVD-2010-4790

Malware in sbrugna...

EUVD-2021-11325

Malware in sbrugna...

CVE-2023-32577

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin = 4.0.0 versions...

PT-2024-16442 · WordPress · The Easy Twitter Feed – Twitter Feeds Plugin For Wp

Name of the Vulnerable Software and Affected Versions: The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress version 1.2.6 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private,...

CVE-2023-25042

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy Storm Consultancy oAuth Twitter Feed for Developers plugin = 2.3.0 versions...

CVE-2010-4825

Cross-site scripting XSS vulnerability in magpiedebug.php in the Twitter Feed plugin wp-twitter-feed 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in magpiedebug.php in the Twitter Feed plugin wp-twitter-feed 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2010-4825

Cross-site scripting XSS vulnerability in magpiedebug.php in the Twitter Feed plugin wp-twitter-feed 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

WordPress Twitter Feed Plugin <= 0.3.1 - XSS

Because of this vulnerability in magpiedebug.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...