EUVD-2014-9218

Malware in sbrugna...

CVE-2014-9397

Cross-site request forgery CSRF vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the messageformat parameter in the twimp-wp.php page to...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the messageformat parameter in the twimp-wp.php page to...

CVE-2014-9397

CVE-2014-9397 describes a CSRF (with potential XSS) vulnerability in the WordPress plugin twimp-wp . The flaw allows remote attackers to hijack an administrator’s session and perform actions by exploiting the parameter message_format in the file twimp-wp.php when accessing wp-admin/options-genera...

Twimp WP <= 0.1 - Multiple CSRF

Plugin is still affected and has been closed...

WordPress twimp-wp Cross Site Request Forgery / Cross Site Scripting

Title: CSRF / Stored XSS Vulnerability in twimp-wp Plugin Author: Manideep K CVE-ID: CVE-2014-9397 Plugin Homepage: https://wordpress.org/plugins/twimp-wp/ Version Affected: probably lower versions Severity: High Description: Vulnerable Parameter: all text boxes , to name one - id &...