WordPress Twitget plugin is prone to multiple vulnerabilities, such as CSRF and XSS. It works when a logged-in administrator visits a specially crafted page. Then options can be updated without their consent and some of those options are output unescaped into the form (cross-site scripting).
Upgrade the plugin.