Description

WordPress Plugin Floating Tweets is prone to multiple vulnerabilities, including cross-site scripting and directory traversal vulnerabilities. Exploiting these issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks or to obtain sensitive information that could aid in further attacks. WordPress Plugin Floating Tweets version 1.0.1 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly sanitised and verified or disable the plugin until a fix is available

References

http://websecurity.com.ua/6023/

http://packetstormsecurity.com/files/119499/WordPress-Floating-Tweets-1.0.1-XSS-Directory-Traversal.html

Related Vulnerabilities

MyBB CVE-2015-2786 Vulnerability (CVE-2015-2786)

WordPress Plugin Shortcoder-Create Shortcodes for Anything Security Bypass (6.3)

MySQL CVE-2021-2215 Vulnerability (CVE-2021-2215)

MySQL CVE-2019-2535 Vulnerability (CVE-2019-2535)

Varnish Cache Integer Overflow or Wraparound Vulnerability (CVE-2017-12425)

Severity

High

Classification

CWE-22 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update