Lucene search
K

3134 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin Custom Twitter Feeds 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00493EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/05/09 1:45 p.m.28 views

Liberapay: another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link

Hello again i discovered that there is another Liberapay profile of Liberapay team member at liberapay.com/mdvhimself contains a link to an expired Twitter account, creating a Broken Link Hijacking BLH vulnerability. An attacker could register the expired handle and control what appears to be an...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2026/05/08 6:18 p.m.22 views

Liberapay: Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link

The profile of a Liberapay team member contained a link to an expired Twitter account, creating a broken link hijacking vulnerability. The expired Twitter account link was displayed on the member's Liberapay profile and donation page, falsely confirming to donors that the account was legitimate a...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-31876

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.7 views

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:2 p.m.4 views

WordPress Twitter Feeds plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'tweettitle' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Twitter Feeds versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.7 views

EUVD-2026-14166

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 4:16 a.m.5 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 3:27 a.m.12 views

CVE-2026-1911

The CVE-2026-1911 entry concerns the Twitter Feeds plugin for WordPress (affecting all versions up to 1.0.0). The underlying issue is stored cross-site scripting via the tweet_title parameter in the TwitterFeeds shortcode, caused by insufficient input sanitization and output escaping. Impact per ...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.8 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.2 views

CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 3:27 a.m.25 views

CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.9 views

PT-2026-26825

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet title' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

WordPress plugin Twitter Feeds 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 1:18 a.m.15 views

CVE-2026-22203

wpDiscuz before 7.6.47 has an information disclosure vulnerability: exporting plugin options as JSON can leak plaintext OAuth secrets (e.g., fbAppSecret, googleClientSecret, twitterAppSecret, and other social-login credentials) via support tickets, backups, or version control repositories. The CV...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/11 7:16 p.m.5 views

CVE-2026-31876

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...

5.4CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:17 p.m.4 views

EUVD-2026-11286

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 6:17 p.m.26 views

CVE-2026-31876 Notesnook has Stored XSS via unsanitized Twitter/X embed URL in editor (`tweetToEmbed`)

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...

5.4CVSS0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:17 p.m.3 views

CVE-2026-31876

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting XSS vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed function in component.tsx interpolated the user-supplied URL...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder