| CVE-2025-23464 | WordPress Twitter News Feed plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | Keir Whitaker | Twitter News Feed | High | 7.1 | 2025-03-03 13:30:04 | Deep Dive |
| CVE-2025-23451 | WordPress Awesome Twitter Feeds plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | titodevera | Awesome Twitter Feeds | High | 7.1 | 2025-03-03 13:30:04 | Deep Dive |
| CVE-2025-1513 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-02-28 05:23:15 | Deep Dive |
| CVE-2025-23710 | WordPress Flying Twitter Birds plugin <= 1.8 - CSRF to Stored XSS vulnerability | Mayur Sojitra | Flying Twitter Birds | High | 7.1 | 2025-01-16 20:06:45 | Deep Dive |
| CVE-2025-23691 | WordPress Send to Twitter plugin <= 1.7.2 - CSRF to Stored XSS vulnerability | Braulio Aquino | Send to Twitter | High | 7.1 | 2025-01-16 20:06:37 | Deep Dive |
| CVE-2025-23654 | WordPress Twitter Post plugin <= 0.1 - CSRF to Stored XSS vulnerability | krolow | Twitter Post | High | 7.1 | 2025-01-16 20:06:34 | Deep Dive |
| CVE-2025-23618 | WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability | starise | Twitter Shortcode | High | 7.1 | 2025-01-16 20:06:24 | Deep Dive |
| CVE-2025-22743 | WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | Mohsin Rasool | Twitter Bootstrap Collapse aka Accordian Shortcode | Medium | 6.5 | 2025-01-15 15:23:33 | Deep Dive |
| CVE-2024-11103 | Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Critical | 9.8 | 2024-11-28 09:47:09 | Deep Dive |
| CVE-2024-10116 | Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter | alexmoss | FireCask’s Twitter Follow Button | Medium | 6.4 | 2024-11-23 03:25:52 | Deep Dive |
| CVE-2024-10666 | Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure | bplugins | Feeds for Twitter – Embed Social Media Posts with Live Updates | Medium | 4.3 | 2024-11-22 05:33:43 | Deep Dive |
| CVE-2024-51659 | WordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerability | GeekRMX | Twitter @Anywhere Plus | High | 7.1 | 2024-11-14 21:35:41 | Deep Dive |
| CVE-2024-51716 | WordPress Twitter real time search scrolling plugin <= 7.0 - Reflected Cross Site Scripting (XSS) vulnerability | gopiplus | Twitter real time search scrolling | High | 7.1 | 2024-11-09 11:57:01 | Deep Dive |
| CVE-2024-10687 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Critical | 9.8 | 2024-11-05 09:30:59 | Deep Dive |
| CVE-2024-49685 | WordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerability | Syed Balkhi | Custom Twitter Feeds (Tweets Widget) | Medium | 5.4 | 2024-10-31 09:59:49 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8983 | Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS | Unknown | Custom Twitter Feeds | - | - | 2024-10-08 06:00:04 | Deep Dive |
| CVE-2024-5141 | Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | mpntod | Rotating Tweets (Twitter widget and shortcode) | Medium | 6.4 | 2024-06-06 03:53:09 | Deep Dive |
| CVE-2023-47683 | WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability | miniOrange | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) | High | 8.0 | 2024-05-17 08:36:38 | Deep Dive |
| CVE-2024-3629 | HL Twitter <= 2014.1.18 - Settings Update via CSRF | Unknown | HL Twitter | - | - | 2024-05-15 06:00:04 | Deep Dive |