2 matches found
CVE-2014-2559
Summary (CVE-2014-2559): The Twitget WordPress plugin (before 3.3.3) is affected by multiple vulnerabilities, including CSRF (and related XSS in some disclosures) in twitget.php. A logged-in administrator can be tricked to perform unauthorized changes via requests to wp-admin/options-general.php,...
CVE-2014-2995
The CVE-2014-2995 issue affects the WordPress Twitget plugin prior to version 3.3.3, where twitget.php is vulnerable to cross-site scripting (XSS) via the twitget_consumer_key parameter used in wp-admin/options-general.php. Authorized WordPress administrators can inject arbitrary script/HTML due ...