CVE-2023-23706

Cross-Site Request Forgery CSRF vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

X (Formerly Twitter): Account Takeover in Periscope TV

Summary: When you login periscope.tv using twitter, and change the host header from www.periscope.tv to attacker.com/www.periscope.tv, the oauth redirect destination will be attacker.com/www.periscope.tv, thus allowing attacker to send the oauth authorize link to victim, and takeover their accoun...