WordPress HL Twitter plugin <= 2014.1.18 - Multiple CSRF vulnerability

Multiple CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HL Twitter versions = 2014.1.18...

CVE-2024-3629

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress HL Twitter Plugin <= 2014.1.18 is vulnerable to Cross Site Scripting (XSS)

Software HL Twitter Type Plugin Vulnerable versions = 2014.1.18 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3630 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cf2fc38a392e Credits Bob Matyas Required privile...

WordPress plugin HL Twitter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26954 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...

PT-2024-26953 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For HL...

PT-2024-26955 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when unlinking Twitter accounts, potentially allowing attackers to make logged-in admins perform such actions via a CSRF attack...

WordPress HL Twitter Plugin <= 2014.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software HL Twitter Type Plugin Vulnerable versions = 2014.1.18 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3629 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 106b877d04b5 Credits Bob Matyas Required...