It's not really as bad as it seems. It's a vulnerability in an obsolete feature already widely disabled as a best practice.
twitter.com/DanielMicay/st
It's one of the things checked by internet.nl and other free, publicly available security scanning tools.
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
