CVE-2014-125103

Name of the Vulnerable Software and Affected Versions BestWebSoft Twitter Plugin versions up to 1.3.2

Description A vulnerability was found in the BestWebSoft Twitter Plugin. It affects the function

twttr settings page

of the file

twitter.php

. The manipulation of the argument

twttr url twitter/bws license key/bws license plugin

leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue.

Recommendations For BestWebSoft Twitter Plugin versions up to 1.3.2, upgrade to version 1.3.7 to address the issue. As a temporary workaround, consider disabling the

twttr settings page

function until a patch is available. Restrict access to the

twitter.php

file to minimize the risk of exploitation. Avoid using the argument

twttr url twitter/bws license key/bws license plugin

in the affected component until the issue is resolved.