CVE-2014-9393

Name of the Vulnerable Software and Affected Versions Post to Twitter plugin versions 0.7 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the idptt twitter username or idptt tweet prefix parameter to "wp-admin/options-general.php".

Recommendations For Post to Twitter plugin versions 0.7 and earlier, consider disabling the plugin until a patch is available to prevent potential cross-site request forgery (CSRF) attacks. Restrict access to the "wp-admin/options-general.php" endpoint to minimize the risk of exploitation. Avoid using the idptt twitter username and idptt tweet prefix parameters in the affected endpoint until the issue is resolved.