Cross-Site Scripting Vulnerabilities in Twitget Plugin for WordPress
CVE-2014-2995

Currently unrated

Key Information:

Vendor: Wordpress
Status: Twitget
Vendor: CVE Published:; 17 October 2014

Summary

The Twitget plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that can be exploited by remote authenticated administrators. These vulnerabilities arise primarily from improper handling of user input, allowing attackers to inject arbitrary web scripts or HTML through various unspecified vectors. A specific example includes the manipulation of the 'twitget_consumer_key' parameter in the admin options. This situation poses a significant risk to WordPress sites using the affected plugin, as it could lead to unauthorized script execution and potential compromise of sensitive information.

References

http://wordpress.org/plugins/twitget/changelog

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/92392

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/126134

x_refsource_MISC

Timeline

Vulnerability published
Oct 17, 2014
Vulnerability Reserved
Apr 24, 2014