5 matches found
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...
EUVD-2016-1977
Malware in sbrugna...
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumerkey, consumersecret, accesstoken, and accesstokensecret...
CVE-2016-10986
CVE-2016-10986 concerns the Tweet Wheel WordPress plugin prior to version 1.0.3.3, which is vulnerable to reflected Cross-Site Scripting (XSS) via the OAuth parameters consumer_key, consumer_secret, access_token, and access_token_secret. The issue is documented across multiple feeds (NVD, Red Hat...
WordPress Tweet Wheel Plugin <= 1.0.3.2 - Reflected Cross Site Scripting
This plugin is prone to a reflected cross site scripting vulnerability, because "consumerkey", "consumersecret,accesstoken", "accesstokensecret" parameters are not sanitized. Solution Update the plugin...