CVE-2022-33974: WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF)
First published: Mon May 29 2023(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Smashballoon Custom Twitter Feeds | <=1.8.4 |
Remedy
Update to 2.0 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2022-33974.
What is the title of this vulnerability?
The title of this vulnerability is Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget).
What is the severity of CVE-2022-33974?
The severity of CVE-2022-33974 is high with a severity value of 8.8.
What software versions are affected by this vulnerability?
The Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions are affected by this vulnerability.
How do I fix CVE-2022-33974?
To fix CVE-2022-33974, update the Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin to version 1.8.5 or higher.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/description
- agent/title
- agent/weakness
- agent/tags
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- vendor/smashballoon
- canonical/smashballoon custom twitter feeds
- version/smashballoon custom twitter feeds/1.8.4