CVE-2014-9336

🗓️ 19 Dec 2014 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 33 Views🌐 WEB

Multiple CSRF vulnerabilities in iTwitter plugin 0.04 & earlier for WordPress allow remote attackers to hijack admin authentication via XSS attacks

Reporter	Title	Published	Views	Family All 11
Cvelist	CVE-2014-9336	19 Dec 201415:00	–	cvelist
EUVD	EUVD-2014-9161	7 Oct 202500:30	–	euvd
NVD	CVE-2014-9336	19 Dec 201415:59	–	nvd
Packet Storm	WordPress iTwitter WP 0.04 CSRF / XSS	14 Dec 201400:00	–	packetstorm
Packet Storm	WordPress iTwitter 0.04 Cross Site Request Forgery / Cross Site Scripting	18 Dec 201400:00	–	packetstorm
Patchstack	WordPress iTwitter Plugin <= 0.04 - Multiple CSRF and XSS	7 Dec 201400:00	–	patchstack
Prion	Cross site request forgery (csrf)	19 Dec 201415:59	–	prion
securityvulns	iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability	22 Dec 201400:00	–	securityvulns
Vulnerability Lab	iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability	15 Dec 201400:00	–	vulnerlab
Vulnerability Lab	iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability	15 Dec 201400:00	–	vulnerlab

NVD

Node

itwitter_project itwitterRange≤0.04wordpress

Source	Link
seclists	www.seclists.org/fulldisclosure/2014/Dec/72
packetstormsecurity	www.packetstormsecurity.com/files/129576/WordPress-iTwitter-WP-0.04-CSRF-XSS.html

Parameter	Position	Path	Description	CWE
itex_t_twitter_username	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
itex_t_twitter_userpass	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
username	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
userpass	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
info_update	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
global_debugenable	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
global_debugenable_forall	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
global_widget	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
global_collapse	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352
itex_t_cache_enable	request body	wordpress/wp-admin/options-general.php	CSRF/XSS vulnerability in iTwitter WP Plugin: POST parameters vulnerable via admin options page (CSRF allows crafted requests to inject XSS via username/userpass fields)	CWE-352

06 May 2026 22:30Current

6.6Medium risk

Vulners AI Score6.6

CVSS 26.8

EPSS0.00095

CWE-352