CVE-2014-9338

Name of the Vulnerable Software and Affected Versions O2Tweet plugin versions 0.0.4 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the o2t username or o2t tags parameter to the "wp-admin/options-general.php" endpoint.

Recommendations For O2Tweet plugin versions 0.0.4 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Avoid using the o2t username and o2t tags parameters in the affected endpoint until the issue is resolved.