Description

WordPress Plugin Floating Tweets is prone to multiple vulnerabilities, including cross-site scripting and directory traversal vulnerabilities. Exploiting these issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks or to obtain sensitive information that could aid in further attacks. WordPress Plugin Floating Tweets version 1.0.1 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly sanitised and verified or disable the plugin until a fix is available

References

http://websecurity.com.ua/6023/

http://packetstormsecurity.com/files/119499/WordPress-Floating-Tweets-1.0.1-XSS-Directory-Traversal.html

Related Vulnerabilities

Oracle JRE CVE-2019-2933 Vulnerability (CVE-2019-2933)

MySQL CVE-2021-2072 Vulnerability (CVE-2021-2072)

WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Scripting (1.7.0)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6311)

Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.3)

Severity

High

Classification

CWE-22 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update