CVE-2014-9399

Name of the Vulnerable Software and Affected Versions TweetScribe plugin versions 1.1 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the tweetscribe username parameter in a save action in the "tweetscribe.php" page to "wp-admin/options-general.php".

Recommendations For TweetScribe plugin versions 1.1 and earlier, consider disabling the save action in the tweetscribe.php page until a patch is available. Restrict access to the wp-admin/options-general.php page to minimize the risk of exploitation. Avoid using the tweetscribe username parameter in the affected save action until the issue is resolved.