Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
History

Wed, 27 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
Description Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts. Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Sat, 17 May 2025 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Wed, 09 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Smashballoon
Smashballoon custom Twitter Feeds
CPEs cpe:2.3:a:smashballoon:custom_twitter_feeds:*:*:*:*:*:wordpress:*:*
Vendors & Products Smashballoon
Smashballoon custom Twitter Feeds
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 06:15:00 +0000

Type Values Removed Values Added
Description Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.
Title Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-08-27T12:00:59.283Z

Reserved: 2024-09-18T19:23:38.003Z

Link: CVE-2024-8983

cve-icon Vulnrichment

Updated: 2024-10-09T15:17:11.448Z

cve-icon NVD

Status : Modified

Published: 2024-10-08T06:15:02.490

Modified: 2025-08-27T12:15:35.613

Link: CVE-2024-8983

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.