107 matches found
CVE-2026-6177
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
CVE-2026-6177 Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting via Cached Tweet Text
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
EUVD-2026-29945
The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...
WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...
EUVD-2025-2846
Malicious code in bioql PyPI...
CVE-2023-52136
Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2...
CVE-2025-22570
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdjekic Inline Tweets inline-tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through = 2.0...
CVE-2024-56134
creationtimestamp| type| source ---|---|--- 2025-02-05 18:16:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhh6jpppqj2i 2025-02-05 18:48:37+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113952771160268762 2025-02-05 21:40:09+00:00| seen|...
CVE-2024-9498
creationtimestamp| type| source ---|---|--- 2025-01-24 14:58:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113883919202711232 2025-01-24 15:04:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2911 2025-01-24 15:49:04+00:00| seen|...
CVE-2025-22570
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdjekic Inline Tweets inline-tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through = 2.0...
CVE-2025-22570
CVE-2025-22570 refers to an unauthenticated stored XSS vulnerability in the WordPress plugin Inline Tweets (affected: Inline Tweets
CVE-2025-22570 WordPress Inline Tweets plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdjekic Inline Tweets inline-tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through = 2.0...
CVE-2025-22570 WordPress Inline Tweets plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Miloš Đekić Inline Tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through 2.0...
WordPress plugin Inline Tweets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Inline Tweets plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Inline Tweets versions = 2.0...
CVE-2024-49685
Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Custom Twitter Feeds Tweets Widget allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through 2.2.3...
CVE-2024-49685 WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Custom Twitter Feeds Tweets Widget custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds Tweets Widget: from n/a through = 2.2.3...
WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.2.3...
WordPress Custom Twitter Feeds plugin < 2.2.3 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Custom Twitter Feeds Tweets Widget versions 2.2.3...
Stop X’s Grok AI From Training on Your Tweets
Plus: More Pegasus spyware controversy, a major BIOS controversy, and more of the week’s top security news...