CVE-2026-1786 Twitter — Exploit & Vulnerability Details MEDIUM

CVE-2026-1786

MEDIUM CVSS 3.1: 6.5 EPSS 0.04%

Parameter	Value
CVSS	6.5 (MEDIUM)
Type	CWE-862 (Missing Authorization)
Vendor	Twitter
Public PoC	No

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-862 Missing Authorization

References 2

https://plugins.trac.wordpress.org/browser/twitter-posts-to-blog/trunk/function…

security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/abcbb84c-6c2d-40c1-8c…

security@wordfence.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1911

Twitter

6.4

CVE-2026-31876

Streetwriters

5.4

CVE-2026-25311

Twitter

5.4

CVE-2025-23762

Twitter

7.1

CVE-2025-23464

Twitter

7.1

Menu

CVE-2026-1786

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-1911

CVE-2026-31876

CVE-2026-25311

CVE-2025-23762

CVE-2025-23464

CVE Details

Editor's Choice

Menu

CVE-2026-1786

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-1911

CVE-2026-31876

CVE-2026-25311

CVE-2025-23762

CVE-2025-23464

CVE Details

Editor's Choice

Stay informed on cybersecurity