CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

EUVD-2026-14166

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2026-1911

The CVE-2026-1911 entry concerns the Twitter Feeds plugin for WordPress (affecting all versions up to 1.0.0). The underlying issue is stored cross-site scripting via the tweet_title parameter in the TwitterFeeds shortcode, caused by insufficient input sanitization and output escaping. Impact per ...

CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2026-26825

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet title' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-14030

The AI Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aifepostmeta' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2025-14030

CVE-2025-14030 affects the WordPress AI Feeds plugin. Wordfence catalogs a Stored XSS via the aife_post_meta shortcode in versions up to 1.0.22, exploitable by authenticated users with Contributor-level access or higher. The CVSS from the report is 6.4 (Medium) with network attack vector and low ...

WordPress plugin AI Feeds 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2025-199660

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13597

CVE-2025-13597 affects the WordPress AI Feeds plugin up to version 1.0.11. The flaw is an unauthenticated arbitrary file upload due to a missing capability check in the actualizador_git.php module, enabling attackers to download GitHub repositories and overwrite plugin files on the server, with r...

CVE-2025-13597 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

Exploit for CVE-2025-13597

AI Feeds extractTo$extractDir; $rootInsideZip = $extractD...

PT-2025-48094

Name of the Vulnerable Software and Affected Versions AI Feeds plugin for WordPress versions through 1.0.11 Description The AI Feeds plugin for WordPress is susceptible to arbitrary file uploads because of a missing capability check in the actualizador git.php file. This allows unauthenticated...

EUVD-2024-47379

Malicious code in bioql PyPI...

EUVD-2025-28784

Malicious code in bioql PyPI...

CVE-2025-58977 WordPress WP eBay Product Feeds Plugin <= 3.4.8 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Server Side Request Forgery.This issue affects WP eBay Product Feeds: from n/a through = 3.4.8...

WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Statistics for Feeds versions = 20250322...

CVE-2025-57892 WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jeff Starr Simple Statistics for Feeds simple-feed-stats allows Cross Site Request Forgery.This issue affects Simple Statistics for Feeds: from n/a through = 20250322...

CVE-2025-57892 WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. This issue affects Simple Statistics for Feeds: from n/a through 20250322...

CVE-2022-33974

Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds Tweets Widget plugin = 1.8.4 versions...