Manideep K

**Name of the Vulnerable Software and Affected Versions** Bird Feeder plugin version 1.2.3 **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the `user` or `password` parameter in the "bird-feeder" page to "wp-admin/options-general.php" API endpoint. **Recommendations** For Bird Feeder plugin version 1.2.3, consider disabling access to the "bird-feeder" page until a patch is available to prevent exploitation via the `user` or `password` parameters. Restrict access to the wp-admin/options-general.php endpoint to minimize the risk of cross-site scripting (XSS) attacks.

**Name of the Vulnerable Software and Affected Versions** iTwitter plugin versions 0.04 and earlier **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the `itex t twitter username` or `itex t twitter userpass` parameter in the "iTwitter.php" page to "wp-admin/options-general.php". **Recommendations** For iTwitter plugin versions 0.04 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the iTwitter.php page and the wp-admin/options-general.php endpoint to minimize the risk of cross-site request forgery (CSRF) attacks. Avoid using the `itex t twitter username` and `itex t twitter userpass` parameters in the affected endpoint until the issue is resolved.