CVE-2024-3629

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

PT-2024-26955 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when unlinking Twitter accounts, potentially allowing attackers to make logged-in admins perform such actions via a CSRF attack...

PT-2024-26953 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For HL...

PT-2024-26954 · WordPress · Hl Twitter Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: HL Twitter WordPress plugin versions through 2014.1.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...