Multiple CSRF Vulnerabilities in Twitget Plugin for WordPress
CVE-2014-2559

Currently unrated

Key Information:

Vendor: Wordpress
Status: Twitget
Vendor: CVE Published:; 17 October 2014

Summary

The Twitget plugin for WordPress, prior to version 3.3.3, is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities can be exploited by remote attackers to hijack the authentication of administrators. By crafting specific requests, an attacker can manipulate plugin options without the administrator's consent, leading to potential unauthorized changes within the website. It is critical for administrators using Twitget to upgrade to the latest version to mitigate this risk.

References

http://wordpress.org/plugins/twitget/changelog

x_refsource_CONFIRM

http://secunia.com/advisories/57892

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/92391

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 17, 2014
Vulnerability Reserved
Mar 19, 2014