6.8
CVE-2014-2559
- EPSS 3.29%
- Veröffentlicht 17.10.2014 22:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTwitget < 3.3.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.
Mögliche Gegenmaßnahme
Twitget: Update to version 3.3.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Twitget Project ≫ Twitget SwPlatformwordpress Version <= 3.3.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Twitget
Version
[*, 3.3.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.29% | 0.869 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://packetstormsecurity.com/files/126134
http://seclists.org/fulldisclosure/2014/Apr/172
http://secunia.com/advisories/57892
http://wordpress.org/plugins/twitget/changelog
https://exchange.xforce.ibmcloud.com/vulnerabilities/92391
https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d252639-8cbe-4c62-9218-ebdcbaf98393