CVE-2023-0602

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet WordPress plugin versions 1.0.0 through 1.0.8

Description The issue arises from the plugin's failure to properly escape POST values, which are then printed back to the user inside one of the plugin's administrative pages. This allows for reflected XSS attacks targeting administrators. The vulnerability can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For versions 1.0.0 through 1.0.8, consider disabling the administrative page that prints the unescaped POST values until a patch is available. Restrict access to this page to minimize the risk of exploitation. Avoid using the plugin's administrative functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.