CVE-2025-11860

Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1

Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does not adequately sanitize user input and output related to the width and height parameters. Authenticated attackers with contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute when a user visits the compromised page.

Recommendations Update the Twitter Feed plugin to a version newer than 1.3.1.