cleantalk
Vulnerabilities and Security Researches

Custom Twitter Feeds – A Tweets Widget or X Feed Widget, CVE-2024-49685

CVE, Research URL

CVE-2024-49685

Home page URL

Security reports for Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Application

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Published on
Oct 31, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3.
Affected versions
Min -, max 2.2.4.
Status
vulnerable
Previous vulnerability researches
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-8983) , Oct 09, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-49685) , Oct 25, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2022-33974) , Jun 07, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2023-52136) , Jun 07, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-0379) , Jun 07, 2024
New vulnerability
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-8015) , Jul 22, 2025
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2025-54040) , Jul 22, 2025
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025