WordPress – WP Social Ninja exposed API Key Joshua Martinelle Thu, 09/04/2025 – 08:43 WP Social Media is a WordPress plugin that allows to integrate social media feeds such as Instagram Feed, Facebook Feed, social reviews such as Google Reviews, WooCommerce Reviews (Pro), and chat widgets such as Messenger Chat and many others from other social media platforms. Since at least version 2.0.0 an exposed Twitter/X API key has existed allowing an attacker to obtain valid Bearer tokens, and access detailed metadata revealing 181 available endpoints, 17 of which allow data modification actions. This also allows for unauthorized consumption of API quotas, which can lead to potential service…Read More