cleantalk
Vulnerabilities and Security Researches

Custom Twitter Feeds – A Tweets Widget or X Feed Widget, CVE-2022-33974

CVE, Research URL

CVE-2022-33974

Home page URL

Security reports for Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Application

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Published on
May 29, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
Affected versions
Min -, max 1.8.2.
Status
vulnerable
Previous vulnerability researches
Custom Twitter Feeds &#8211; A Tweets Widget or X Feed Widget (CVE-2024-8983) , Oct 09, 2024
Custom Twitter Feeds &#8211; A Tweets Widget or X Feed Widget (CVE-2024-49685) , Oct 25, 2024
Custom Twitter Feeds &#8211; A Tweets Widget or X Feed Widget (CVE-2022-33974) , Jun 07, 2024
Custom Twitter Feeds &#8211; A Tweets Widget or X Feed Widget (CVE-2023-52136) , Jun 07, 2024
Custom Twitter Feeds &#8211; A Tweets Widget or X Feed Widget (CVE-2024-0379) , Jun 07, 2024
New vulnerability
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-8015) , Jul 22, 2025
Appointment &amp; Event Booking Calendar Plugin &#8211; Webba Booking (CVE-2025-54040) , Jul 22, 2025
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025