Twitter posts to Blog

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Description

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu.

Basic Information

ID CVE-2026-1786

Source Wordfence

Published Feb 11, 2026 at 08:26

Affected Product

Vendor badbreze

Product Twitter posts to Blog

Version *

Affected Versions badbreze Twitter posts to Blog *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu.",
    "published": "2026-02-11T08:26:27.178Z",
    "modified": "2026-02-11T08:26:27.178Z",
    "type": "cve",
    "title": "Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abcbb84c-6c2d-40c1-8c64-7d4866fa9503?source=cve\nhttps://plugins.trac.wordpress.org/browser/twitter-posts-to-blog/trunk/functions.php#L426",
    "id": "CVE-2026-1786",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "badbreze Twitter posts to Blog *",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Twitter posts to Blog",
    "version": "*",
    "vendor": "badbreze",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update_CVE-2026-1786