CVE-2014-9341

Name of the Vulnerable Software and Affected Versions yURL ReTwitt plugin versions 1.4 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the yurl login or yurl anchor parameter in the yurl page to "wp-admin/options-general.php".

Recommendations For yURL ReTwitt plugin versions 1.4 and earlier, consider disabling access to the yurl page until a patch is available. Avoid using the yurl login and yurl anchor parameters in the affected page to minimize the risk of exploitation.