WordPress · Thinktwit · CVE-2021-24582
**Name of the Vulnerable Software and Affected Versions**
ThinkTwit WordPress plugin versions prior to 1.7.1
**Description**
The issue is related to a Stored Cross-Site Scripting problem. It occurs because the `Consumer key` setting is not properly sanitised or escaped before being outputted on its settings page.
**Recommendations**
For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.