CVE-2014-9398

Name of the Vulnerable Software and Affected Versions Twitter LiveBlog plugin versions 1.1.2 and earlier for WordPress

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the mashtlb twitter username parameter in the "twitter-liveblog.php" page to "wp-admin/options-general.php".

Recommendations For Twitter LiveBlog plugin versions 1.1.2 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the twitter-liveblog.php page and the wp-admin/options-general.php endpoint to minimize the risk of CSRF and XSS attacks. Avoid using the mashtlb twitter username parameter in the affected API endpoint until the issue is resolved.