3134 matches found
CVE-2019-16263
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
CVE-2024-2492
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-23719
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zckevin ZhinaTwitterWidget zhina-twitter-widget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through = 1.0...
WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Stored XSS via Shortcode vulnerability
Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...
EUVD-2025-198929
Malicious code in @posthog/twitter-followers-plugin npm...
Malicious code in @posthog/twitter-followers-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f5de01d0a45127f79e5f6db0ebea050e55f26d8ebbb38b72a4e422e6d3ecc6 The package @posthog/twitter-followers-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190896 Malicious code in @posthog/twitter-followers-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f5de01d0a45127f79e5f6db0ebea050e55f26d8ebbb38b72a4e422e6d3ecc6 The package @posthog/twitter-followers-plugin was found to contain malicious code. Source: google-open-source-security...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-197966
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079
CVE-2025-12079 (WP Twitter Auto Publish) is a reflected Cross-Site Scripting via PostMessage vulnerability in WordPress WP Twitter Auto Publish plugin. Affected versions are all up to and including 1.7.3, with exploitation possible by unauthenticated attackers who trick a user into performing an ...
WordPress plugin WP Twitter Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...
WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...
CVE-2025-11860
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...
CVE-2025-11860
CVE-2025-11860 affects the Twitter Feed WordPress plugin (versions
CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...
CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...
WordPress Twitter Feed plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twitter Feed versions = 1.3.1...