CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

239 matches found

Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. id: CVE-2023-0602 info: name: Twittee Text Tweet =...

6.1CVSS6.8AI score0.07384EPSS

Exploits1References3

EUVD•added 2026/05/25 2:15 p.m.•5 views

EUVD-2018-21887

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS5.9AI score0.00021EPSS

Exploits0References3

Positive Technologies•added 2026/05/25 12:0 a.m.•4 views

PT-2026-43216

5.3CVSS5.9AI score0.00021EPSS

Exploits0References4

Cvelist•added 2026/05/13 12:29 p.m.•31 views

CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS0.00215EPSS

Exploits0References10

CVE•added 2026/05/13 12:29 p.m.•7 views

CVE-2026-6177

The CVE-2026-6177 entry concerns the WordPress plugin Custom Twitter Feeds (versions

7.2CVSS6AI score0.00215EPSS

Exploits0References10

ATTACKERKB•added 2026/05/13 12:29 p.m.•6 views

CVE-2026-6177

7.2CVSS6AI score0.00215EPSS

Exploits0References11

Positive Technologies•added 2026/05/13 12:0 a.m.•7 views

PT-2026-40602

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTF Display Elements::get post text function when rendering cached tweet text. The plugin's ctf get more posts AJAX...

7.2CVSS6AI score0.00215EPSS

Exploits0References10

EUVD•added 2026/04/22 9:31 a.m.•2 views

EUVD-2026-24654

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References6

NVD•added 2026/04/22 9:16 a.m.•2 views

CVE-2026-4089

6.4CVSS0.00014EPSS

Exploits0References5

ATTACKERKB•added 2026/04/22 7:45 a.m.•4 views

CVE-2026-4089

6.4CVSS5.9AI score0.00014EPSS

Exploits0References6

Cvelist•added 2026/04/22 7:45 a.m.•24 views

CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

6.4CVSS0.00014EPSS

Exploits0References5

Vulnrichment•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

6.4CVSS5.9AI score0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34283

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet versions prior to 1.0.9 Description Insufficient input sanitization and output escaping in the ttt twittee tweeter function allow authenticated attackers with Contributor-level access and above to inject arbitrary web script...

6.4CVSS5.9AI score0.00014EPSS

Exploits0References8

RedhatCVE•added 2026/03/26 3:10 p.m.•1 views

CVE-2026-1911

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweettitle' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00043EPSS

Exploits0References1

Patchstack•added 2026/03/23 6:2 p.m.•2 views

WordPress Twitter Feeds plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'tweettitle' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Twitter Feeds versions = 1.0.0...

6.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/21 4:16 a.m.•1 views

CVE-2026-1911

6.4CVSS0.00043EPSS

Exploits0References3

Vulnrichment•added 2026/03/21 3:27 a.m.•2 views

CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute

6.4CVSS6AI score0.00043EPSS

Exploits0References3

ATTACKERKB•added 2026/03/21 3:27 a.m.•6 views

CVE-2026-1911

6.4CVSS6AI score0.00043EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26825

The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet title' parameter in the 'TwitterFeeds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00043EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 11:12 a.m.•4 views

CVE-2016-10986

The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...

6.1CVSS6AI score0.00238EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by