QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4557

Published: Apr 12, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20151231 CVE-2015-4557 - Wordpress "Nextend Twitter Connect" & "Nextend Google Connect" Cross Site Scripting

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_BID

http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.