CVE-2014-2995 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.

Reference

http://packetstormsecurity.com/files/126134 http://seclists.org/fulldisclosure/2014/Apr/172 http://wordpress.org/plugins/twitget/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/92392 https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1

Share on: