CVE-2014-9397

Name of the Vulnerable Software and Affected Versions twimp-wp plugin for WordPress (affected versions not specified)

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the message format parameter in the "twimp-wp.php" page to "wp-admin/options-general.php".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.