Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have SCRF check when updating its settings, as well as does not sanitise and escape them when outputting them back. This could allow attackers to make a logged in admin update them to arbitrary values, including XSS payloads, via a CSRF attack ' /...

WordPress Tracked Tweets plugin <= 0.2.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Rahul Selvakumar in WordPress Tracked Tweets plugin versions = 0.2.9. Solution Deactivate and delete. This plugin has been closed as of April 21, 2022 and is not available for download. This closure is temporary, pending a full review...

Tracked Tweets <= 0.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC All parameters from the settings page are affected...

WordPress Tracked Tweets plugin <= 0.2.9 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress Tracked Tweets plugin versions = 0.2.9. Solution Deactivate and delete. This plugin has been closed as of April 21, 2022 and is not available for download. This closure is...

Tracked Tweets <= 0.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue All parameters from the settings page are affected ' /...

Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have SCRF check when updating its settings, as well as does not sanitise and escape them when outputting them back. This could allow attackers to make a logged in admin update them to arbitrary values, including XSS payloads, via a CSRF attack PoC...