9 matches found
EUVD-2014-9220
Malware in sbrugna...
WordPress Plugin TweetScribe Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.TweetScribe plugin is a plugin that allows you to subscribe to WordPress blogs using your Twitter account through the tweetscribe.me...
CVE-2014-9399
Cross-site request forgery CSRF vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the tweetscribeusername parameter in a save action in the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the tweetscribeusername parameter in a save action in the...
CVE-2014-9399
Cross-site request forgery CSRF vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the tweetscribeusername parameter in a save action in the...
CVE-2014-9399
CVE-2014-9399 is a CSRF/XSS vulnerability in WordPress TweetScribe plugin (
Tweetscribe <= 1.1 - Multiple CSRF
Plugin is still affected and has been closed...
WordPress TweetScribe 1.1 CSRF / XSS
Title: CSRF / Stored XSS Vulnerability in TweetScribe Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9399 Plugin Homepage: https://wordpress.org/plugins/tweetscribe/ Version Affected: 1.1 probably lower versions Severity: High Description: Vulnerable Parameter: tweetscribeusername...
WordPress TweetScribe Plugin <= 1.1 - CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...