Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-04-22

CVE-2026-4089 - Twittee Text Tweet Plugin

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttt_twittee_tweeter() function uses extract() to pull shortcode attributes into local variables and then directly concatenates them into HTML output without any escaping. Specifically, the $id parameter is inserted into an HTML id attribute context without esc_attr(), allowing an attacker to break out of the attribute and inject arbitrary HTML…

PLUGIN Twittee Text Tweet

CVE-2026-4089

MEDIUM CVSS 6.4 2026-04-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-0602 - Twittee Text Tweet Plugin

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.

PLUGIN Twittee Text Tweet

CVE-2023-0602

MEDIUM CVSS 6.1 2023-07-31
Open Full Technical Breakdown
Scroll to top