EUVD-2021-11494

Malware in sbrugna...

CVE-2021-24582

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24582

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24582

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

Cross site scripting

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24582 ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24582

The CVE-2021-24582 entry applies to the ThinkTwit WordPress plugin, where versions before 1.7.1 do not sanitise/escape the plugin’s "Consumer key" setting before outputting it on the settings page, causing an authenticated Stored XSS vulnerability. Affected product: ThinkTwit WordPress plugin (ve...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin ThinkTwit prior to version 1.7.1, which stems from a cross-site scripting issue stored in a plugin that fails to clean up or escape its "Consumer Keys" setting...

ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. PoC Put the following payload in the "Consumer key" setting of the plugin /wp-admin/options-general.php?page=thinktwit: - v - v 1.7.1 : "...

WordPress ThinkTwit plugin <= 1.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinit Yashwantrao in WordPress ThinkTwit plugin versions = 1.7.0. Solution Update the WordPress ThinkTwit plugin to the latest available version at least 1.7.1...

ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Put the following payload in the "Consumer key" setting of the plugin /wp-admin/options-general.php?page=thinktwit: - v alert/XSS/ - v 1.7.1 : "...