{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1314", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-14T21:36:15.302Z", "datePublished": "2025-03-20T05:22:34.298Z", "dateUpdated": "2026-04-08T16:43:12.366Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:12.366Z"}, "affected": [{"vendor": "smub", "product": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28d47605-ecb8-42cc-901a-3cf07b946877?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L833"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L810"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L1014"}, {"url": "https://wordpress.org/plugins/custom-twitter-feeds/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3254840/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "K\u00e9vin Mosbahi"}], "timeline": [{"time": "2025-03-19T16:21:23.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:59:07.464324Z", "id": "CVE-2025-1314", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:59:19.592Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1314", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:59:07.464324Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:59:13.536Z"}}], "cna": {"title": "Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function", "credits": [{"lang": "en", "type": "finder", "value": "K\u00e9vin Mosbahi"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "smub", "product": "Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.2.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-19T16:21:23.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28d47605-ecb8-42cc-901a-3cf07b946877?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L833"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L810"}, {"url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L1014"}, {"url": "https://wordpress.org/plugins/custom-twitter-feeds/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3254840/"}], "descriptions": [{"lang": "en", "value": "The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-20T05:22:34.298Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1314", "state": "PUBLISHED", "dateUpdated": "2025-03-20T17:59:19.592Z", "dateReserved": "2025-02-14T21:36:15.302Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-20T05:22:34.298Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2.5 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n ctf_clear_cache_admin(). Esto permite que atacantes no autenticados restablezcan la cach\u00e9 del complemento mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-1314", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-20T06:15:22.437", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L1014"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L810"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php#L833"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3254840/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/custom-twitter-feeds/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28d47605-ecb8-42cc-901a-3cf07b946877?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:47:02.146100+00:00", "value": {"mitigation_remediation": ["Upgrade the Custom Twitter Feeds plugin to version 2.2.6 or later, which implements proper nonce validation for the cache reset action.", "If an upgrade is not immediately possible, modify the plugin\u2019s code to add a nonce check to the ctf_clear_cache_admin() function so that only legitimate, authenticated requests succeed.", "Configure the web application firewall or server rules to block any POST or GET requests to wp\u2011admin/admin\u2011ajax.php?action=ctf_clear_cache_admin that do not contain a valid nonce or do not originate from an authenticated administrator session."], "summary": {"action": "Patch ASAP", "impact": "Cache Reset via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugin, version 2.2.5 or earlier. No other products or versions are affected.", "description_and_impact": "The plugin contains a missing or incorrect nonce check in the ctf_clear_cache_admin() function, allowing an unauthenticated attacker to craft a forged request that resets the plugin\u2019s cache. This cross\u2011site request forgery can be triggered by convincing a site administrator to click a link, resulting in an unexpected cache purge that disrupts the display of tweets. The vulnerability stems from a classic CSRF weakness (CWE\u2011352).", "risk_and_exploitability": "The CVSS score of 4.3 classifies the issue as moderate, and the EPSS score of less than 1% indicates a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, meaning no public widespread exploitation is known. Attackers need only lure an administrator to visit a crafted link; no credentials or advanced privileges are required. The risk, while low in probability, is tangible as it forces an administrator to rebuild cache and possibly causes temporary content loss."}}}}, "created": "2026-04-22T18:00:05.474708+00:00", "updated": "2026-04-22T18:00:05.474736+00:00", "vendors": []}