cleantalk
Vulnerabilities and Security Researches

Custom Twitter Feeds – A Tweets Widget or X Feed Widget, CVE-2025-1314

CVE, Research URL

CVE-2025-1314

Home page URL

Security reports for Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Application

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Published on
Mar 20, 2025
Research Description
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.3.0.
Status
vulnerable
Previous vulnerability researches
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-8983) , Oct 09, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-49685) , Oct 25, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2022-33974) , Jun 07, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2023-52136) , Jun 07, 2024
Custom Twitter Feeds – A Tweets Widget or X Feed Widget (CVE-2024-0379) , Jun 07, 2024
New vulnerability
WP-Members Membership Plugin (CVE-2025-7495) , Jul 23, 2025
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) (CVE-2025-7645) , Jul 23, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-8015) , Jul 22, 2025
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2025-54040) , Jul 22, 2025
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025