Lucene search
K

3134 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.7 views

CVE-2019-16263

The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...

7.4CVSS6.6AI score0.01025EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.9 views

CVE-2024-2492

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 8:27 p.m.7 views

CVE-2025-23719

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zckevin ZhinaTwitterWidget zhina-twitter-widget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through = 1.0...

7.1CVSS7.2AI score0.00149EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Stored XSS via Shortcode vulnerability

Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...

5.4CVSS5.9AI score0.00258EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/11/24 4:31 p.m.3 views

EUVD-2025-198929

Malicious code in @posthog/twitter-followers-plugin npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.6 views

Malicious code in @posthog/twitter-followers-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f5de01d0a45127f79e5f6db0ebea050e55f26d8ebbb38b72a4e422e6d3ecc6 The package @posthog/twitter-followers-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/11/24 4:31 p.m.4 views

MAL-2025-190896 Malicious code in @posthog/twitter-followers-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f5de01d0a45127f79e5f6db0ebea050e55f26d8ebbb38b72a4e422e6d3ecc6 The package @posthog/twitter-followers-plugin was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.3 views

CVE-2025-12079

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 12:30 p.m.4 views

EUVD-2025-197966

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.2AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 10:15 a.m.6 views

CVE-2025-12079

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 9:27 a.m.7 views

CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.1 views

CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 9:27 a.m.18 views

CVE-2025-12079

CVE-2025-12079 (WP Twitter Auto Publish) is a reflected Cross-Site Scripting via PostMessage vulnerability in WordPress WP Twitter Auto Publish plugin. Affected versions are all up to and including 1.7.3, with exploitation possible by unauthenticated attackers who trick a user into performing an ...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

WordPress plugin WP Twitter Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...

6.1CVSS6AI score0.00217EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/17 11:37 p.m.4 views

WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...

6.1CVSS5.4AI score0.00217EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/11 4:15 a.m.6 views

CVE-2025-11860

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

6.4CVSS0.00161EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.19 views

CVE-2025-11860

CVE-2025-11860 affects the Twitter Feed WordPress plugin (versions

6.4CVSS4.8AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

6.4CVSS4.8AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.8 views

CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...

6.4CVSS0.00161EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/11 12:36 a.m.6 views

WordPress Twitter Feed plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twitter Feed versions = 1.3.1...

6.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder