Lucene search
K

242 matches found

Nuclei
Nuclei
added 9 hours ago22 views

Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. id: CVE-2023-0602 info: name: Twittee Text Tweet =...

6.1CVSS6.7AI score0.00852EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4089

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.7AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-6177

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS5.7AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 2:15 p.m.9 views

EUVD-2018-21887

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.9 views

PT-2026-43216

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 12:29 p.m.43 views

CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS0.00493EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:29 p.m.10 views

CVE-2026-6177

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS6AI score0.00493EPSS
Exploits0References11
CVE
CVE
added 2026/05/13 12:29 p.m.14 views

CVE-2026-6177

The CVE-2026-6177 entry concerns the WordPress plugin Custom Twitter Feeds (versions

7.2CVSS6AI score0.00493EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40602

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTF Display Elements::get post text function when rendering cached tweet text. The plugin's ctf get more posts AJAX...

7.2CVSS6AI score0.00493EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24654

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/04/22 9:16 a.m.8 views

CVE-2026-4089

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS0.00288EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.6 views

CVE-2026-4089

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.32 views

CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS0.00288EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34283

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet versions prior to 1.0.9 Description Insufficient input sanitization and output escaping in the ttt twittee tweeter function allow authenticated attackers with Contributor-level access and above to inject arbitrary web script...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:2 p.m.4 views

WordPress Twitter Feeds plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'tweettitle' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Twitter Feeds versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/21 4:16 a.m.5 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.8 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.2 views

CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder