Itwitter Project » Itwitter : Security Vulnerabilities, CVEs, Published In 2014 (XSS)
Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php.
Max CVSS
6.8
EPSS Score
0.23%
Published
2014-12-19
Updated
2014-12-22
1 vulnerabilities found