Lucene search
SmashballoonCustom Twitter Feeds
2 matches found
CVE-2024-0379
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthentic...
4.3CVSS5.2AI score0.18015EPSS
CVE-2024-8983
Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.
4.8CVSS5.4AI score0.00018EPSS