CVE-2022-33974 MEDIUM

CVE-2022-33974: WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Vendor Smash Balloon
Product Custom Twitter Feeds (Tweets Widget)
Weakness CWE-352 · CSRF
Published May 29, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.

Key dates

02Disclosure timeline

May 29, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-41295 ECOA BAS controller - Cross-Site Request Forgery (CSRF) CVE-2025-10700 Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update CVE-2024-37452 WordPress Schema Lite theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function CVE-2020-36752 Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass