CVE-2014-125103

Name of the Vulnerable Software and Affected Versions BestWebSoft Twitter Plugin versions up to 1.3.2

Description A vulnerability was found in the BestWebSoft Twitter Plugin. It affects the function twttr settings page of the file twitter.php. The manipulation of the argument twttr url twitter/bws license key/bws license plugin leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue.

Recommendations For BestWebSoft Twitter Plugin versions up to 1.3.2, upgrade to version 1.3.7 to address the issue. As a temporary workaround, consider disabling the twttr settings page function until a patch is available. Restrict access to the twitter.php file to minimize the risk of exploitation. Avoid using the argument twttr url twitter/bws license key/bws license plugin in the affected component until the issue is resolved.