Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titodevera Awesome Twitter Feeds awesome-twitter-feeds allows Reflected XSS.This issue affects Awesome Twitter Feeds: from n/a through <= 1.0.
Published: 2025-03-03
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of input during web page generation has been discovered in the titodevera Awesome Twitter Feeds plugin, allowing reflected XSS. The flaw causes attacker‑supplied data to be echoed back unescaped in the browser, enabling arbitrary script execution. This aligns with CWE‑79.

Affected Systems

WordPress installations that use the titodevera Awesome Twitter Feeds plugin, versions up to and including 1.0.

Risk and Exploitability

The CVSS score of 7.1 places this issue in the high severity range, while the EPSS value of <1% indicates a low current probability of exploitation. It is not listed in the CISA KEV catalog, suggesting no known active exploits. Based on the description, it is inferred that an attacker would need to craft a malicious payload that is reflected by the plugin and entice a user to visit a crafted URL or provide input, implying user interaction is required for exploitation. No special privileges or administrative access are required to exploit this vulnerability.

Generated by OpenCVE AI on May 2, 2026 at 09:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Awesome Twitter Feeds plugin to the latest version that addresses the XSS flaw.
  • If a newer version is not yet available, disable the plugin or replace it with a reputable alternative until a patch is released.
  • Deploy a web application firewall or enforce a Content Security Policy that blocks inline script execution to mitigate reflected XSS attacks.

Generated by OpenCVE AI on May 2, 2026 at 09:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-5754 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Awesome Twitter Feeds allows Reflected XSS. This issue affects Awesome Twitter Feeds: from n/a through 1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Awesome Twitter Feeds allows Reflected XSS. This issue affects Awesome Twitter Feeds: from n/a through 1.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titodevera Awesome Twitter Feeds awesome-twitter-feeds allows Reflected XSS.This issue affects Awesome Twitter Feeds: from n/a through <= 1.0.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Awesome Twitter Feeds allows Reflected XSS. This issue affects Awesome Twitter Feeds: from n/a through 1.0.
Title WordPress Awesome Twitter Feeds plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T23:54:30.005Z

Reserved: 2025-01-16T11:24:48.263Z

Link: CVE-2025-23451

cve-icon Vulnrichment

Updated: 2025-03-03T15:56:55.257Z

cve-icon NVD

Status : Deferred

Published: 2025-03-03T14:15:35.920

Modified: 2026-06-17T08:54:28.490

Link: CVE-2025-23451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T09:15:26Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')