Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.
History

Wed, 09 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Smashballoon
Smashballoon custom Twitter Feeds
CPEs cpe:2.3:a:smashballoon:custom_twitter_feeds:*:*:*:*:*:wordpress:*:*
Vendors & Products Smashballoon
Smashballoon custom Twitter Feeds
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 06:15:00 +0000

Type Values Removed Values Added
Description Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.
Title Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-10-08T06:00:03.744Z

Updated: 2024-10-09T15:17:17.144Z

Reserved: 2024-09-18T19:23:38.003Z

Link: CVE-2024-8983

cve-icon Vulnrichment

Updated: 2024-10-09T15:17:11.448Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-08T06:15:02.490

Modified: 2024-10-10T12:57:21.987

Link: CVE-2024-8983

cve-icon Redhat

No data.