16 matches found
CVE-2026-9183 24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script Localization
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...
CVE-2026-9183
The CVE concerns the WordPress plugin 24liveblog (versions up to and including 2.2). The root cause is lb24_block_enqueue_scripts() hooked to enqueue_block_editor_assets, which for non-administrator users loads site-wide integration secrets (lb24_token, lb24_refresh_token, lb24_uid, lb24_uname) f...
CVE-2026-9184
The CVE covers the WordPress plugin 24liveblog (versions up to 2.2). A missing capability check on the AJAX handler update_lb24_token() allows authenticated attackers with author-level access and above to overwrite lb24_token, lb24_uid, lb24_refresh_token, lb24_uname, and related site options, ef...
WordPress 24liveblog – live blog tool plugin <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification vulnerability
Missing Authorization to Authenticated Author+ Settings Modification vulnerability discovered by g0wthr in WordPress Plugin 24liveblog – live blog tool versions = 2.2...
EUVD-2014-9219
Malware in sbrugna...
WordPress plugin Easy Liveblogs 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Workshop on the Economics of Information Security
Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks...
Details from the 2017 Workshop on Economics and Information Security
The 16th Workshop on Economics and Information Security was this week. Ross Anderson liveblogged the talks...
WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Twitter LiveBlog plugin is a plugin for dynamic posting of articles or tweets. The WordPress plugin Twitter LiveBlog cross-site request...
CVE-2014-9398
Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...
CVE-2014-9398
Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...
CVE-2014-9398
The CVE-2014-9398 entry concerns the WordPress Twitter LiveBlog plugin (versions 1.1.2 and earlier). The vulnerability is a CSRF flaw that allows an attacker to hijack an administrator’s authenticated session to perform actions that may enable XSS via the mashtlb_twitter_username parameter in twi...
Twitter Liveblog <= 1.1.2 - Multiple CSRF
Plugin is still affected and has been closed...
WordPress Twitter LiveBlog 1.1.2 CSRF / XSS
Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9398 Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/ Version Affected: 1.1.2 probably lower versions Severity: High Description: Vulnerable Parameter:...
WordPress Twitter LiveBlog Plugin <= 1.1.2 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...