Smashballoon: >> Custom Twitter Feeds >> 2.2.2 Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-31
Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-10-08