Vulnerabilities and security researches foreasy-twitter-feeds easy-twitter-feeds

Jun 07, 2024

CVE, Research URL: CVE-2021-24413
Home page URL: Security reports for Easy Twitter Feed
Application: Easy Twitter Feed
Date: Oct 18, 2021
Research Description: The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode
Affected versions: max 1.2.
Status: vulnerable

Nov 24, 2024

CVE, Research URL: CVE-2024-10666
Home page URL: Security reports for Easy Twitter Feed
Application: Easy Twitter Feed
Date: Nov 22, 2024
Research Description: The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions: max 1.2.6.
Status: vulnerable

Jun 13, 2026

CVE, Research URL: CVE-2026-53736
Home page URL: Security reports for Easy Twitter Feed
Application: Easy Twitter Feed
Date: Jun 11, 2026
Research Description: Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.
Affected versions: max 1.2.13.
Status: vulnerable