https://www.pluginvulnerabilities.com/2017/10/09/tweet-sending-vulnerability-in-twittercart/
In not the best sign of the security of WordPress plugins, we have repeatedly found other vulnerabilities while looking into possible vulnerabilities through proactive monitoring of changes made to plugins to try to catch serious vulnerabilities. That was the case with the plugin TwitterCart.
In the function simple_tweet() we noticed code that could possible allow for an arbitrary file upload vulnerability
Source: Security Feed