WordPress Plugin Latest Tweets Widget Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress plugin Latest Tweets Widget 1.1.4 and prior versions, which stems from a CSRF check...

CVE-2022-1624

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1624

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1624

Summary: CVE-2022-1624 affects the WordPress plugin Latest Tweets Widget (versions ≤ 1.1.4). The flaw is a missing CSRF check when updating settings, which could let a logged-in admin be manipulated via CSRF. Sources across NVD, Red Hat, CNVD, CVE List, WPVulnDB, CNNVD and PatchStack corroborate ...

WordPress plugin Latest Tweets Widget 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress plugin Latest Tweets Widget 1.1.4 and prior versions, which stems from a CSRF check...