CVE-2014-2995

Name of the Vulnerable Software and Affected Versions Twitget plugin versions prior to 3.3.3

Description The issue allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. This can be demonstrated by the twitget consumer key parameter to "wp-admin/options-general.php".

Recommendations For Twitget plugin versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php" page to minimize the risk of exploitation. Avoid using the twitget consumer key parameter in the affected endpoint until the issue is resolved.