cleantalk
Vulnerabilities and Security Researches

Custom Twitter Feeds – A Tweets Widget or X Feed Widget, CVE-2024-0379

CVE, Research URL

CVE-2024-0379

Home page URL

Security reports for Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Application

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Published on
Feb 29, 2024
Research Description
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.2.2.
Status
vulnerable
Previous vulnerability researches
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-8983) , Oct 09, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-49685) , Oct 25, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2022-33974) , Jun 07, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2023-52136) , Jun 07, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-0379) , Jun 07, 2024
New vulnerability
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025