PT-2011-1761 · WordPress · Wp-Twitter-Feed
Publicado
2011-08-24
·
Atualizado
2017-08-29
·
CVE-2010-4825
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
wp-twitter-feed version 0.3.1
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
url parameter in the magpie debug.php file of the Twitter Feed plugin for WordPress.Recommendations
For version 0.3.1, consider disabling the
url parameter in the magpie debug.php file as a temporary workaround until a patch is available. Restrict access to the magpie debug.php file to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wp-Twitter-Feed