| CVE-2026-1911 | Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute | viaviwebtech | Twitter Feeds | Medium | 6.4 | 2026-03-21 03:27:03 | Deep Dive |
| CVE-2026-25311 | WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability | 10up | Autoshare for Twitter | - | - | 2026-02-19 08:26:54 | Deep Dive |
| CVE-2026-1786 | Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update | badbreze | Twitter posts to Blog | Medium | 6.5 | 2026-02-11 08:26:27 | Deep Dive |
| CVE-2025-12079 | WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage | f1logic | WP Twitter Auto Publish | Medium | 6.1 | 2025-11-18 09:27:37 | Deep Dive |
| CVE-2025-11860 | Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | caselock | Twitter Feed | Medium | 6.4 | 2025-11-11 03:30:49 | Deep Dive |
| CVE-2025-48324 | WordPress tli.tl auto Twitter poster plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability | khashabawy | tli.tl auto Twitter poster | Medium | 5.9 | 2025-08-28 12:36:59 | Deep Dive |
| CVE-2025-48321 | WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability | dyiosah | Ultimate twitter profile widget | High | 7.1 | 2025-08-28 12:36:57 | Deep Dive |
| CVE-2025-7725 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-08-01 04:24:29 | Deep Dive |
| CVE-2025-6716 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-07-11 06:43:33 | Deep Dive |
| CVE-2023-7197 | Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF | Unknown | Marketing Twitter Bot | - | - | 2025-05-15 20:09:25 | Deep Dive |
| CVE-2024-12722 | Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode | Unknown | Twitter Bootstrap Collapse aka Accordian Shortcode | - | - | 2025-05-15 20:06:54 | Deep Dive |
| CVE-2025-47578 | WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability | Edward Caissie | BNS Twitter Follow Button | Medium | 6.5 | 2025-05-12 16:04:16 | Deep Dive |
| CVE-2025-3862 | Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-05-08 11:13:45 | Deep Dive |
| CVE-2025-46496 | WordPress Mini twitter feed plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability | oniswap | Mini twitter feed | Medium | 6.5 | 2025-04-24 16:09:12 | Deep Dive |
| CVE-2025-46516 | WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | silencecm | Twitter Card Generator | High | 7.1 | 2025-04-24 16:08:57 | Deep Dive |
| CVE-2025-39420 | WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability | ruudkok | WP Twitter Button | High | 7.1 | 2025-04-17 15:17:09 | Deep Dive |
| CVE-2025-31897 | WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability | Arrow Plugins | Arrow Custom Feed for Twitter | Medium | 6.5 | 2025-04-01 14:52:23 | Deep Dive |
| CVE-2025-1314 | Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function | smub | Custom Twitter Feeds – A Tweets Widget or X Feed Widget | Medium | 4.3 | 2025-03-20 05:22:34 | Deep Dive |
| CVE-2024-11087 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass | cyberlord92 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) | High | 8.1 | 2025-03-08 07:04:55 | Deep Dive |
| CVE-2025-23762 | WordPress DsgnWrks Twitter Importer plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability | Justin Sternberg | DsgnWrks Twitter Importer | High | 7.1 | 2025-03-03 13:30:19 | Deep Dive |