A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The name of the patch is a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 | Patch |
https://vuldb.com/?ctiid.230154 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.230154 | Third Party Advisory |
https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 | Patch |
https://vuldb.com/?ctiid.230154 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.230154 | Third Party Advisory |
Configurations
History
21 Nov 2024, 01:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 - Patch | |
References | () https://vuldb.com/?ctiid.230154 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.230154 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 4.3 |
06 Jun 2023, 20:57
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://vuldb.com/?ctiid.230154 - Permissions Required, Third Party Advisory | |
References | (MISC) https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 - Patch | |
References | (MISC) https://vuldb.com/?id.230154 - Third Party Advisory | |
CPE | cpe:2.3:a:bestwebsoft:twitter:*:*:*:*:*:wordpress:*:* |
31 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-31 00:15
Updated : 2024-11-21 01:36
NVD link : CVE-2012-10015
Mitre link : CVE-2012-10015
CVE.ORG link : CVE-2012-10015
JSON object : View
Products Affected
bestwebsoft
CWE
CWE-352
Cross-Site Request Forgery (CSRF)