The tweet_info function in class/__functions.php does not use an HTTPS session for downloading serialized data. In that way an attacker can execute arbitrary PHP code by modifying the client-server data stream.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
securemoz security audit | le | 1.0.5 |