PT-2019-10108 · Design Chemical · Design Chemical Social Network Tabs

Published

2019-03-18

Updated

2019-04-16

CVE-2018-20555

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Design Chemical Social Network Tabs plugin version 1.7.1

Description: The issue allows remote attackers to discover sensitive Twitter account information, including access token, access token secret, consumer key, and consumer secret values, by reading the source code of the dcwp twitter.php file. This could lead to Twitter account takeover.

Recommendations: For Design Chemical Social Network Tabs plugin version 1.7.1, consider restricting access to the dcwp twitter.php file to prevent unauthorized users from reading its source code until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-20555

Affected Products

Design Chemical Social Network Tabs

PT-2019-10108 · Design Chemical · Design Chemical Social Network Tabs

CVE-2018-20555

Weakness Enumeration

Related Identifiers

Affected Products

References · 5