WordPress HL Twitter plugin <= 2014.1.18 - Unlink Twitter Account via CSRF vulnerability

Unlink Twitter Account via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HL Twitter versions = 2014.1.18...

WordPress HL Twitter plugin <= 2014.1.18 - Admin+ Stored XSS via Widget vulnerability

Admin+ Stored XSS via Widget vulnerability discovered by Bob Matyas in WordPress Plugin HL Twitter versions = 2014.1.18...

WordPress HL Twitter plugin <= 2014.1.18 - Multiple CSRF vulnerability

Multiple CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HL Twitter versions = 2014.1.18...

CVE-2024-3631

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

CVE-2024-3629

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3630

The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3629

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3631

CVE-2024-3631 affects the HL Twitter WordPress plugin (versions up to 2014.1.18). The issue is a missing CSRF check when unlinking Twitter accounts, enabling an attacker to cause logged-in admins to perform unlink actions via CSRF. This is the root cause and the primary impact stated in connected...

CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-3630 HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget

The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin HL Twitter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress HL Twitter Plugin <= 2014.1.18 is vulnerable to Cross Site Scripting (XSS)

Software HL Twitter Type Plugin Vulnerable versions = 2014.1.18 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3630 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cf2fc38a392e Credits Bob Matyas Required privile...

WordPress plugin HL Twitter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26954 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...

PT-2024-26955 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when unlinking Twitter accounts, potentially allowing attackers to make logged-in admins perform such actions via a CSRF attack...

PT-2024-26953 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For HL...

WordPress HL Twitter Plugin <= 2014.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software HL Twitter Type Plugin Vulnerable versions = 2014.1.18 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3629 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 106b877d04b5 Credits Bob Matyas Required...

HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the widget area, add the widget...