QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2995

Published: Oct 17, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://wordpress.org/plugins/twitget/changelog

x_refsource_CONFIRM

twitget-wordpress-xss(92392)

vdb-entry

x_refsource_XF

http://packetstormsecurity.com/files/126134

x_refsource_MISC

20140411 CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin)

mailing-list

x_refsource_FULLDISC

https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.