Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds β A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds β A Tweets Widget or X Feed Widget: from n/a through 2.1.2.
8.8CVSS
8.6AI Score
0.001EPSS
The Custom Twitter Feeds β A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthentic...
4.3CVSS
5.2AI Score
0.0004EPSS