ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Twitget Plugin 3.3.1 - Multiple Vulnerabilities

Product
Twitget
Description
WordPress Twitget plugin is prone to multiple vulnerabilities, such as CSRF and XSS. It works when a logged-in administrator visits a specially crafted page. Then options can be updated without their consent and some of those options are output unescaped into the form (cross-site scripting).
Solution
Upgrade the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-2014-2559
Versions
Affected In <= 3.3.1
Fixed In 3.3.2
Disclosure date
2014-04-14
Credits
Tom Adams