Twitter Real Time Search Scrolling Vulnerable to XSS Attacks
CVE-2024-51716

7.1HIGH

Key Information:

Vendor: WordPress
Status: Twitter Real Time Search Scrolling
Vendor: CVE Published:; 9 November 2024

Summary

A vulnerability has been identified in the Twitter Real Time Search Scrolling plugin developed by Gopi.R. This issue arises from improper neutralization of user input during the generation of web pages, allowing for reflected Cross-Site Scripting (XSS). Attackers may exploit this vulnerability by crafting malicious links that execute arbitrary scripts in the context of the affected user's browser. The vulnerability affects all versions of the plugin from n/a through 7.0, posing potential risks to both users and data integrity.

Affected Version(s)

Twitter real time search scrolling <= 7.0

References

https://patchstack.com/database/vulnerability/twitter-rea...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

SOPROBRO (Patchstack Alliance)