CVE-2014-9397

Cross-site request forgery CSRF vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the messageformat parameter in the twimp-wp.php page to...

WordPress twimp-wp Cross Site Request Forgery / Cross Site Scripting

Title: CSRF / Stored XSS Vulnerability in twimp-wp Plugin Author: Manideep K CVE-ID: CVE-2014-9397 Plugin Homepage: https://wordpress.org/plugins/twimp-wp/ Version Affected: probably lower versions Severity: High Description: Vulnerable Parameter: all text boxes , to name one - id &...