2 matches found
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...
CVE-2016-10986
CVE-2016-10986 concerns the Tweet Wheel WordPress plugin prior to version 1.0.3.3, which is vulnerable to reflected Cross-Site Scripting (XSS) via the OAuth parameters consumer_key, consumer_secret, access_token, and access_token_secret. The issue is documented across multiple feeds (NVD, Red Hat...